| rfc9932v3.txt | rfc9932.txt | |||
|---|---|---|---|---|
| Independent Submission S. Halén | Independent Submission S. Halén | |||
| Request for Comments: 9932 The Swedish Internet Foundation | Request for Comments: 9932 The Swedish Internet Foundation | |||
| Category: Informational J. Schlyter | Category: Informational J. Schlyter | |||
| ISSN: 2070-1721 Kirei AB | ISSN: 2070-1721 Kirei AB | |||
| February 2026 | March 2026 | |||
| Mutually Authenticating TLS in the Context of Federations | Mutually Authenticating TLS in the Context of Federations | |||
| Abstract | Abstract | |||
| This Informational Independent Submission to the RFC Series describes | This Informational Independent Submission to the RFC Series describes | |||
| a means to use TLS 1.3 to perform machine-to-machine mutual | a means to use TLS 1.3 to perform machine-to-machine mutual | |||
| authentication within federations. This memo is not a standard. It | authentication within federations. This memo is not a standard. It | |||
| does not modify the TLS protocol in any way, nor does it require | does not modify the TLS protocol in any way, nor does it require | |||
| changes to common TLS libraries. TLS is specified and standardized | changes to common TLS libraries. TLS is specified and standardized | |||
| skipping to change at line 196 ¶ | skipping to change at line 196 ¶ | |||
| 2. Diverse Design Patterns | 2. Diverse Design Patterns | |||
| MATF is designed to be flexible and adaptable to the varying needs of | MATF is designed to be flexible and adaptable to the varying needs of | |||
| different federations. Federations can differ significantly in terms | different federations. Federations can differ significantly in terms | |||
| of size, scope, and security requirements, which makes it challenging | of size, scope, and security requirements, which makes it challenging | |||
| to prescribe a one-size-fits-all trust framework and security | to prescribe a one-size-fits-all trust framework and security | |||
| measures. | measures. | |||
| For instance, in the European Union, Regulation (EU) No 910/2014 (the | For instance, in the European Union, Regulation (EU) No 910/2014 (the | |||
| electronic identification, authentication, and trust services (eIDAS) | electronic identification, authentication, and trust services (eIDAS) | |||
| Regulation [eIDAS]) establishes a regulatory framework for electronic | Regulation) [eIDAS] establishes a regulatory framework for electronic | |||
| identification and trust services for electronic transactions in the | identification and trust services for electronic transactions in the | |||
| internal market. The eIDAS Regulation provides a basis for cross- | internal market. The eIDAS Regulation provides a basis for cross- | |||
| border recognition of notified electronic identification schemes and | border recognition of notified electronic identification schemes and | |||
| for regulated trust services. | for regulated trust services. | |||
| Similarly, national federations, such as those found in education or | Similarly, national federations, such as those found in education or | |||
| healthcare sectors, often have their own specific trust frameworks | healthcare sectors, often have their own specific trust frameworks | |||
| and security measures tailored to their unique needs. These | and security measures tailored to their unique needs. These | |||
| federations may leverage existing national identification systems or | federations may leverage existing national identification systems or | |||
| other trusted credentials to establish member identities and ensure | other trusted credentials to establish member identities and ensure | |||
| skipping to change at line 235 ¶ | skipping to change at line 235 ¶ | |||
| design and functionality. This section outlines the key components | design and functionality. This section outlines the key components | |||
| of this trust model and its implications for federation members and | of this trust model and its implications for federation members and | |||
| the federation operator. | the federation operator. | |||
| 3.1. Role of the Federation Operator | 3.1. Role of the Federation Operator | |||
| The federation operator plays a critical role in the MATF framework. | The federation operator plays a critical role in the MATF framework. | |||
| This entity is responsible for: | This entity is responsible for: | |||
| * Managing the central trust anchor, which is used to establish | * Managing the central trust anchor, which is used to establish | |||
| trust across different domains within the federation | trust across different domains within the federation. | |||
| * Vetting federation members to ensure they meet the required | * Vetting federation members to ensure they meet the required | |||
| standards and policies. | standards and policies. | |||
| * Maintaining and securing the federation metadata, which includes | * Maintaining and securing the federation metadata, which includes | |||
| public key pins [RFC7469], issuer certificates, and other | public key pins [RFC7469], issuer certificates, and other | |||
| essential information. | essential information. | |||
| Additionally, the federation operator SHOULD develop their own threat | Additionally, the federation operator SHOULD develop their own threat | |||
| models to proactively identify potential risks and threats. This | models to proactively identify potential risks and threats. This | |||
| End of changes. 3 change blocks. | ||||
| 3 lines changed or deleted | 3 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||