Flexible Key Agreement for Transport Layer Security (FKA-TLS)

Document Type Expired Internet-Draft (individual)
Last updated 2007-07-25
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines extensions to RFC 4279, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", to enable dynamic key sharing in distributed environments using a Generic Security Service Application Program Interface (GSS-API) mechanism, and then import that shared key as the "Pre-Shared Key" to complete the TLS handshake. This is a modular approach to perform authentication and key exchange based on off-shelf libraries. And it obviates the need of pair-wise key sharing by enabling the use of the widely-deployed Kerberos alike trust infrastructures that are highly scalable and robust. Furthermore, conforming implementations can provide server authentication without the use of certificates.


Larry Zhu (lzhu@microsoft.com)
Girish Chander (gchander@microsoft.com)
Jeffrey Altman (jaltman@secure-endpoints.com)
Stefan Santesson (stefans@microsoft.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)