TLS Authentication Using Intelligent Transport System (ITS) Certificates
RFC 8902

Document Type RFC - Experimental (September 2020; No errata)
Was draft-msahli-ise-ieee1609 (individual)
Authors Mounira Msahli  , Nancy Cam-Winget  , William Whyte  , Ahmed Serhrouchni  , Houda Labiod 
Last updated 2020-09-30
Replaces draft-msahli-ipwave-extension-ieee1609
Stream Independent Submission
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
IETF conflict review conflict-review-msahli-ise-ieee1609
Stream ISE state Published RFC
Consensus Boilerplate Unknown
Document shepherd Adrian Farrel
Shepherd write-up Show (last changed 2020-03-24)
IESG IESG state RFC 8902 (Experimental)
Telechat date
Responsible AD (None)
Send notices to Adrian Farrel <>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
IANA expert review state Expert Reviews OK

Independent Submission                                    M. Msahli, Ed.
Request for Comments: 8902                                 Telecom Paris
Category: Experimental                                N. Cam-Winget, Ed.
ISSN: 2070-1721                                                    Cisco
                                                           W. Whyte, Ed.
                                                          A. Serhrouchni
                                                               H. Labiod
                                                           Telecom Paris
                                                          September 2020

TLS Authentication Using Intelligent Transport System (ITS) Certificates


   The IEEE and ETSI have specified a type of end-entity certificate.
   This document defines an experimental change to TLS to support IEEE/
   ETSI certificate types to authenticate TLS entities.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for examination, experimental implementation, and

   This document defines an Experimental Protocol for the Internet
   community.  This is a contribution to the RFC Series, independently
   of any other RFC stream.  The RFC Editor has chosen to publish this
   document at its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not candidates for any level of Internet Standard;
   see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction
     1.1.  Experiment Overview
   2.  Requirements Terminology
   3.  Extension Overview
   4.  TLS Client and Server Handshake
     4.1.  Client Hello
     4.2.  Server Hello
   5.  Certificate Verification
   6.  Examples
     6.1.  TLS Server and TLS Client Use the ITS Certificate
     6.2.  TLS Client Uses the ITS Certificate and TLS Server Uses the
           X.509 Certificate
   7.  Security Considerations
     7.1.  Securely Obtaining Certificates from an Online Repository
     7.2.  Expiry of Certificates
     7.3.  Algorithms and Cryptographic Strength
     7.4.  Interpreting ITS Certificate Permissions
     7.5.  Psid and Pdufunctionaltype in CertificateVerify
   8.  Privacy Considerations
   9.  IANA Considerations
   10. Normative References
   Authors' Addresses

1.  Introduction

   The TLS protocol [RFC8446] allows the use of X.509 certificates and
   raw public keys to authenticate servers and clients.  This document
   describes an experimental extension following the procedures laid out
   by [RFC7250] to support use of the certificate format specified by
   the IEEE in [IEEE1609.2] and profiled by the European
   Telecommunications Standards Institute (ETSI) in [TS103097].  These
   standards specify secure communications in vehicular environments.
   These certificates are referred to in this document as Intelligent
   Transport Systems (ITS) Certificates.

   The certificate types are optimized for bandwidth and processing time
   to support delay-sensitive applications and also to provide both
   authentication and authorization information to enable fast access
   control decisions in ad hoc networks found in Intelligent Transport
   Systems (ITS).  The standards specify different types of certificates
   to support a full Public Key Infrastructure (PKI) specification; the
   certificates to be used in this context are end-entity certificates,
   i.e., certificates that have the IEEE 1609.2 appPermissions field

   Use of ITS certificates is becoming widespread in the ITS setting.
   ITS communications, in practice, make heavy use of 10 MHz channels
   with a typical throughput of 6 Mbps.  (The 802.11OCB modulation that
   gives this throughput is not the one that gives the highest
   throughput, but it provides for a robust signal over a range up to
   300-500 m, which is the "sweet spot" communications range for ITS
   operations like collision avoidance).  The compact nature of ITS
   certificates as opposed to X.509 certificates makes them appropriate
   for this setting.

   The ITS certificates are also suited to the machine-to-machine (M2M)
   ad hoc network setting because their direct encoding of permissions
Show full document text