IETF community has proposed Delegated Credentials for TLS to mitigate the above-mentioned issue. As it is a new cryptographic protocol that balances the trade-off between lifetime and reliability.
Delegated Credentials for TLS allows companies to take partial control over the process of signing new certificates for themselves. This certificate uses a private key with a shorter time period than the actual certificate.
The private key with a shorter period – Delegated credential used generated by the server and not by the Certificate Authority.
The delegated credential consist of the following things:
- Public key
- The new private key (the expiry date of the delegated credentials), and
- The signature of delegated credentials signed by the CA issued leaf
The delegated credentials secure the connection between a web browser and the server, as it has its own public key.
The website owners can now actively participate in generating a Certificate that has a distinct public and private keys.
Delegated Credential uses a different private key with a shorter period on each server. As it uses a different private key on each server, there is less window of opportunity for a hacker to perform a cyber attack.
Read More about Delegated Credentials
Top comments (0)