Dear TLS Working Group, We would like to share a new individual draft, "Certificate Update in TLS 1.3" (draft-rosomakho-tls-cert-update). This document specifies a lightweight extension and two post-handshake messages that allow TLS peers to provide renewed certificates on an active TLS 1.3, DTLS 1.3 or QUIC connection without requiring session termination and re-estabilshment. We see this proposal as highly complementary to the Extended Key Update draft
There is a growing set of use cases that rely on long-lived TLS or QUIC sessions, including IoT communications, VPN tunnels such as MASQUE CONNECT-IP, and carrier signaling. In these settings, tearing down a connection to share an updated certificate can be costly and disruptive. At the same time, there is a strong trend towards shorter certificate lifetimes, which creates a tension between security and operational continuity. This mechanism enables both peers to provide updated certificates mid-session using Exported Authenticators. The specification defines tight constraints on updated certificates to ensure that such updates do not alter the logical identity of the peer or result in unintended authentication or authorization changes at the application layer. We believe this solution addresses limitation of alternative approaches: - Relying solely on initial authentication becomes increasingly problematic as sessions grow longer. - Using application logic to detect certificate expiration and terminate sessions is fragile and cumbersome. - Updating higher-layer protocols to handle signaling certificate updates uniformly is infeasible and potentially disruptive. We do not expect this mechanism to be useful for short-lived session such as typical web browsing when TLS sessions are significantly shorter than typical certificate lifetime. It would be great to hear feedback on the proposal in general as well as design specifics. Best Regards, Yaroslav and Tiru ---------- Forwarded message --------- A new version of Internet-Draft draft-rosomakho-tls-cert-update-00.txt has been successfully submitted by Yaroslav Rosomakho and posted to the IETF repository. Name: draft-rosomakho-tls-cert-update Revision: 00 Title: Certificate Update in TLS 1.3 Date: 2025-06-20 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/archive/id/draft-rosomakho-tls-cert-update-00.txt Status: https://datatracker.ietf.org/doc/draft-rosomakho-tls-cert-update/ HTML: https://www.ietf.org/archive/id/draft-rosomakho-tls-cert-update-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-rosomakho-tls-cert-update Abstract: This document defines a mechanism that enables TLS 1.3 endpoints to update their certificates during the lifetime of a connection using Exported Authenticators. A new extension is introduced to negotiate support for certificate update at handshake time. When negotiated, either endpoint can provide a post-handshake authenticator containing an updated certificate, delivered via a new handshake message. This mechanism allows long-lived TLS connections to remain valid across certificate rotations without requiring session termination. The IETF Secretariat -- This communication (including any attachments) is intended for the sole use of the intended recipient and may contain confidential, non-public, and/or privileged material. Use, distribution, or reproduction of this communication by unintended recipients is not authorized. If you received this communication in error, please immediately notify the sender and then delete all copies of this communication from your system.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
