RFC 9345

Delegated Credentials for TLS and DTLS, July 2023

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
R. Barnes
S. Iyengar
N. Sullivan
E. Rescorla
tls (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9345

Discuss this RFC: Send questions or comments to the mailing list tls@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9345


The organizational separation between operators of TLS and DTLS endpoints and the certification authority can create limitations. For example, the lifetime of certificates, how they may be used, and the algorithms they support are ultimately determined by the Certification Authority (CA). This document describes a mechanism to overcome some of these limitations by enabling operators to delegate their own credentials for use in TLS and DTLS without breaking compatibility with peers that do not support this specification.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search