Related Certificates for Use in Multiple Authentications within a Protocol
RFC 9763, “Related Certificates for Use in Multiple Authentications within a Protocol”, is a Proposed Standard document published in June 2025 by A. Becker, R. Guthrie, M. Jenkins. The canonical text is published by the RFC Editor.
Abstract
This document defines a new Certificate Signing Request (CSR) attribute, relatedCertRequest, and a new X.509 certificate extension, RelatedCertificate. The use of the relatedCertRequest attribute in a CSR and the inclusion of the RelatedCertificate extension in the resulting certificate together provide additional assurance that two certificates each belong to the same end entity. This mechanism is particularly useful in the context of non-composite hybrid authentication, which enables users to employ the same certificates in hybrid authentication as in authentication done with only traditional or post-quantum algorithms.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9763 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9762 Using Router Advertisements to Signal the Availability of DHCPv6 Prefix Delegation to Clients
- RFC 9764 Bidirectional Forwarding Detection Encapsulated in Large Packets
- RFC 9761 Manufacturer Usage Description for TLS and DTLS Profiles for Internet of Things Devices
- RFC 9765 RADIUS/1.1: Leveraging Application-Layer Protocol Negotiation to Remove MD5
- RFC 9760 Enterprise Profile for the Precision Time Protocol with Mixed Multicast and Unicast Messages
- RFC 9766 Extensions for Weak Cache Consistency in NFSv4.2's Flexible File Layout
- RFC 9759 Unified Time Scaling for Temporal Coordination Frameworks
- RFC 9767 Grant Negotiation and Authorization Protocol Resource Server Connections