DEV Community

SSL Support
SSL Support

Posted on • Originally published at ssl.support

1 4

How does delegated credential works?

IETF community has proposed Delegated Credentials for TLS to mitigate the above-mentioned issue. As it is a new cryptographic protocol that balances the trade-off between lifetime and reliability.

Delegated Credentials for TLS allows companies to take partial control over the process of signing new certificates for themselves. This certificate uses a private key with a shorter time period than the actual certificate.

alt

The private key with a shorter period – Delegated credential used generated by the server and not by the Certificate Authority.

The delegated credential consist of the following things:

  • Public key
  • The new private key (the expiry date of the delegated credentials), and
  • The signature of delegated credentials signed by the CA issued leaf

The delegated credentials secure the connection between a web browser and the server, as it has its own public key.

The website owners can now actively participate in generating a Certificate that has a distinct public and private keys.

Delegated Credential uses a different private key with a shorter period on each server. As it uses a different private key on each server, there is less window of opportunity for a hacker to perform a cyber attack.

Read More about Delegated Credentials

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Google’s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more