Limited Use of Remote Keys

Communication protocols like IPsec, SSH or TLS provide means to authenticate the remote peer. Authentication is based the proof of ownership of a private key. Currently most trust models assume the private key is associated and owned by the peer. In addition, the remote peer is both responsible of the hosted content and for the network delivery. Although these assumptions were largely true in the past, today, the deployment of service on the current Internet largely relies on multiple distributed instances of the service. Similarly, the delivery of popular content often splits the roles of providing the content and delivering the content. In such architectures, the application, - like a web browser - expects to authenticate a content provider while authenticating the node delivering the content. In this case, the confusion mostly results from using a secure transport layer to authenticate application layer content. There may be a BoF at IETF95 to discuss this topic.

To contact the list owners, use the following email address:


IETF Mailarchive

Subscription / Unsubscription

To subscribe or unsubscribe from this list, please sign in first. If you have not previously signed in, you may need to set up an account with the appropriate email address.

Sign In

You can also subscribe without creating an account. If you wish to do so, please use the form below.