{"draft":"draft-sheffer-tls-pinning-ticket-12","doc_id":"RFC8672","title":"TLS Server Identity Pinning with Tickets","authors":["Y. Sheffer","D. Migault"],"format":["HTML","TEXT","PDF","XML"],"page_count":"22","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"INDEPENDENT","abstract":"Misissued public-key certificates can prevent TLS clients from\r\nappropriately authenticating the TLS server. Several alternatives\r\nhave been proposed to detect this situation and prevent a client from\r\nestablishing a TLS session with a TLS end point authenticated with an\r\nillegitimate public-key certificate. These mechanisms are either not\r\nwidely deployed or limited to public web browsing.\r\n\r\nThis document proposes experimental extensions to TLS with opaque\r\npinning tickets as a way to pin the server's identity. During an\r\ninitial TLS session, the server provides an original encrypted\r\npinning ticket. In subsequent TLS session establishment, upon receipt\r\nof the pinning ticket, the server proves its ability to decrypt the\r\npinning ticket and thus the ownership of the pinning protection key.\r\nThe client can now safely conclude that the TLS session is\r\nestablished with the same TLS server as the original TLS session. One\r\nof the important properties of this proposal is that no manual\r\nmanagement actions are required.","pub_date":"October 2019","keywords":["transport layer security"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC8672","errata_url":null}