%% You should probably cite rfc7250 instead of this I-D. @techreport{ietf-tls-oob-pubkey-06, number = {draft-ietf-tls-oob-pubkey-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-tls-oob-pubkey/06/}, author = {Paul Wouters and Hannes Tschofenig and John IETF Gilmore and Samuel Weiler and Tero Kivinen}, title = {{Out-of-Band Public Key Validation for Transport Layer Security (TLS)}}, pagetotal = 14, year = 2012, month = oct, day = 22, abstract = {This document specifies a new certificate type for exchanging raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) for use with out-of-band public key validation. Currently, TLS authentication can only occur via X.509-based Public Key Infrastructure (PKI) or OpenPGP certificates. By specifying a minimum resource for raw public key exchange, implementations can use alternative public key validation methods. One such alternative public key valiation method is offered by the DNS-Based Authentication of Named Entities (DANE) together with DNS Security. Another alternative is to utilize pre-configured keys, as is the case with sensors and other embedded devices. The usage of raw public keys, instead of X.509-based certificates, leads to a smaller code footprint. This document introduces the support for raw public keys in TLS.}, }