Hannes Tschofenig

Hannes Tschofenig is employed by Arm; prior employers include the European Data Protection Supervisor, Nokia Siemens Networks, and Siemens. His work life focused on developing global standards to make the Internet more secure. He has been active in the IETF for the past 15 years and contributed to more than 80 RFCs on security, privacy and various Internet protocols. Hannes co-chaired several IETF working groups, including OAuth, ACE, KEYPROV, DIME, and ECRIT. From 2010 to 2014 Hannes was a member of the Internet Architecture Board (IAB), a committee of the IETF. Currently, he is a board member and chair of the Device Management and Service Enablement working group of OMA SpecWorks.
Roles
Chair of Web Authorization Protocol (oauth) | Hannes.Tschofenig@gmx.net |
Liaison Contact of Web Authorization Protocol (oauth) | Hannes.Tschofenig@gmx.net |
Member of IAB/IESG Nominating Committee 2019/2020 (nomcom2019) | hannes.tschofenig@arm.com |
Reviewer in Internet of Things Directorate (iotdir) | hannes.tschofenig@arm.com |
RFCs (86)
rfc4081 | Jun 2005 | Security Threats for Next Steps in Signaling (NSIS) Cited by 11 RFCs |
rfc4230 | Dec 2005 | RSVP Security Properties Cited by 7 RFCs |
rfc4279 | Dec 2005 | Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) Cited by 33 RFCs |
rfc4442 | Mar 2006 | Bootstrapping Timed Efficient Stream Loss-Tolerant Authentication (TESLA) Cited by 3 RFCs |
rfc4484 | Aug 2006 | Trait-Based Authorization Requirements for the Session Initiation Protocol (SIP) Cited by 1 RFC |
rfc4487 | May 2006 | Mobile IPv6 and Firewalls: Problem Statement Cited by 1 RFC |
rfc4507 | May 2006 | Transport Layer Security (TLS) Session Resumption without Server-Side State Cited by 3 RFCs |
rfc4589 | Jul 2006 | Location Types Registry Cited by 7 RFCs |
rfc4621 | Aug 2006 | Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol Cited by 2 RFCs |
rfc4745 | Feb 2007 | Common Policy: A Document Format for Expressing Privacy Preferences Cited by 12 RFCs |
rfc4764 | Jan 2007 | The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method Cited by 1 RFC |
rfc4806 | Feb 2007 | Online Certificate Status Protocol (OCSP) Extensions to IKEv2 Cited by 4 RFCs |
rfc4891 | May 2007 | Using IPsec to Secure IPv6-in-IPv4 Tunnels Cited by 7 RFCs |
rfc5069 | Jan 2008 | Security Threats and Requirements for Emergency Call Marking and Mapping Cited by 14 RFCs |
rfc5077 | Jan 2008 | Transport Layer Security (TLS) Session Resumption without Server-Side State Cited by 30 RFCs |
rfc5106 | Feb 2008 | The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method Cited by 4 RFCs |
rfc5191 | May 2008 | Protocol for Carrying Authentication for Network Access (PANA) Cited by 18 RFCs |
rfc5222 | Aug 2008 | LoST: A Location-to-Service Translation Protocol Cited by 19 RFCs |
rfc5223 | Aug 2008 | Discovering Location-to-Service Translation (LoST) Servers Using the Dynamic Host Configuration Protocol (DHCP) Cited by 7 RFCs |
rfc5433 | Feb 2009 | Extensible Authentication Protocol - Generalized Pre-Shared Key (EAP-GPSK) Method Cited by 6 RFCs |
rfc5447 | Feb 2009 | Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction Cited by 9 RFCs |
rfc5479 | Apr 2009 | Requirements and Analysis of Media Security Management Protocols Cited by 8 RFCs |
rfc5491 | Mar 2009 | GEOPRIV Presence Information Data Format Location Object (PIDF-LO) Usage Clarification, Considerations, and Recommendations Cited by 21 RFCs |
rfc5580 | Aug 2009 | Carrying Location Objects in RADIUS and Diameter Cited by 7 RFCs |
rfc5624 | Aug 2009 | Quality of Service Parameters for Usage with Diameter Cited by 3 RFCs |
rfc5687 | Mar 2010 | GEOPRIV Layer 7 Location Configuration Protocol: Problem Statement and Requirements Cited by 11 RFCs |
rfc5713 | Jan 2010 | Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) Cited by 6 RFCs |
rfc5719 | Jan 2010 | Updated IANA Considerations for Diameter Command Code Allocations Cited by 1 RFC |
rfc5723 | Jan 2010 | Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption Cited by 11 RFCs |
rfc5763 | May 2010 | Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS) Cited by 21 RFCs |
rfc5770 | Apr 2010 | Basic Host Identity Protocol (HIP) Extensions for Traversal of Network Address Translators Cited by 6 RFCs |
rfc5777 | Feb 2010 | Traffic Classification and Quality of Service (QoS) Attributes for Diameter Cited by 10 RFCs |
rfc5778 | Feb 2010 | Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction Cited by 4 RFCs |
rfc5866 | May 2010 | Diameter Quality-of-Service Application Cited by 6 RFCs |
rfc5962 | Sep 2010 | Dynamic Extensions to the Presence Information Data Format Location Object (PIDF-LO) Cited by 3 RFCs |
rfc5972 | Oct 2010 | General Internet Signaling Transport (GIST) State Machine |
rfc5973 | Oct 2010 | NAT/Firewall NSIS Signaling Layer Protocol (NSLP) Cited by 5 RFCs |
rfc5980 | Mar 2011 | NSIS Protocol Operation in Mobile Environments |
rfc5981 | Feb 2011 | Authorization for NSIS Signaling Layer Protocols |
rfc5998 | Sep 2010 | An Extension for EAP-Only Authentication in IKEv2 Cited by 3 RFCs |
rfc6023 | Oct 2010 | A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA) Cited by 2 RFCs |
rfc6124 | Feb 2011 | An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol Cited by 1 RFC |
rfc6155 | Mar 2011 | Use of Device Identity in HTTP-Enabled Location Delivery (HELD) Cited by 5 RFCs |
rfc6280 | Jul 2011 | An Architecture for Location and Location Privacy in Internet Applications Cited by 33 RFCs |
rfc6444 | Jan 2012 | Location Hiding: Problem Statement and Requirements Cited by 2 RFCs |
rfc6447 | Jan 2012 | Filtering Location Notifications in the Session Initiation Protocol (SIP) Cited by 1 RFC |
rfc6574 | Apr 2012 | Report from the Smart Object Workshop Cited by 6 RFCs |
rfc6616 | May 2012 | A Simple Authentication and Security Layer (SASL) and Generic Security Service Application Program Interface (GSS-API) Mechanism for OpenID |
rfc6618 | May 2012 | Mobile IPv6 Security Framework Using Transport Layer Security for Communication between the Mobile Node and Home Agent |
rfc6739 | Oct 2012 | Synchronizing Service Boundaries and <mapping> Elements Based on the Location-to-Service Translation (LoST) Protocol |
rfc6753 | Oct 2012 | A Location Dereference Protocol Using HTTP-Enabled Location Delivery (HELD) Cited by 2 RFCs |
rfc6755 | Oct 2012 | An IETF URN Sub-Namespace for OAuth Cited by 7 RFCs |
rfc6772 | Jan 2013 | Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information Cited by 5 RFCs |
rfc6950 | Oct 2013 | Architectural Considerations on Application Features in the DNS Cited by 4 RFCs |
rfc6973 | Jul 2013 | Privacy Considerations for Internet Protocols Cited by 45 RFCs |
rfc7090 | Apr 2014 | Public Safety Answering Point (PSAP) Callback Cited by 2 RFCs |
rfc7199 | Apr 2014 | Location Configuration Extensions for Policy Management |
rfc7250 | Jun 2014 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Cited by 14 RFCs |
rfc7258 | May 2014 | Pervasive Monitoring Is an Attack Cited by 86 RFCs |
rfc7295 | Jul 2014 | Report from the IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communication Cited by 1 RFC |
rfc7340 | Sep 2014 | Secure Telephone Identity Problem Statement and Requirements Cited by 6 RFCs |
rfc7378 | Dec 2014 | Trustworthy Location Cited by 3 RFCs |
rfc7397 | Dec 2014 | Report from the Smart Object Security Workshop Cited by 3 RFCs |
rfc7406 | Dec 2014 | Extensions to the Emergency Services Architecture for Dealing With Unauthenticated and Unauthorized Devices Cited by 1 RFC |
rfc7423 | Nov 2014 | Diameter Applications Design Guidelines Cited by 2 RFCs |
rfc7452 | Mar 2015 | Architectural Considerations in Smart Object Networking Cited by 6 RFCs |
rfc7628 | Aug 2015 | A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth Cited by 1 RFC |
rfc7670 | Jan 2016 | Generic Raw Public-Key Support for IKEv2 Cited by 1 RFC |
rfc7687 | Dec 2015 | Report from the Strengthening the Internet (STRINT) Workshop Cited by 1 RFC |
rfc7800 | Apr 2016 | Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) Cited by 2 RFCs |
rfc7831 | May 2016 | Application Bridging for Federated Access Beyond Web (ABFAB) Architecture Cited by 4 RFCs |
rfc7840 | May 2016 | A Routing Request Extension for the HTTP-Enabled Location Delivery (HELD) Protocol |
rfc7852 | Jul 2016 | Additional Data Related to an Emergency Call Cited by 4 RFCs |
rfc7924 | Jul 2016 | Transport Layer Security (TLS) Cached Information Extension Cited by 8 RFCs |
rfc7925 | Jul 2016 | Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things Cited by 4 RFCs |
rfc7966 | Sep 2016 | Security at the Attribute-Value Pair (AVP) Level for Non-neighboring Diameter Nodes: Scenarios and Requirements |
rfc8147 | May 2017 | Next-Generation Pan-European eCall Cited by 1 RFC |
rfc8148 | May 2017 | Next-Generation Vehicle-Initiated Emergency Calls Cited by 1 RFC |
rfc8240 | Sep 2017 | Report from the Internet of Things Software Update (IoTSU) Workshop 2016 Cited by 2 RFCs |
rfc8323 | Feb 2018 | CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets Cited by 5 RFCs |
rfc8392 | May 2018 | CBOR Web Token (CWT) Cited by 1 RFC |
rfc8477 | Oct 2018 | Report from the Internet of Things (IoT) Semantic Interoperability (IOTSI) Workshop 2016 |
rfc8628 | Aug 2019 | OAuth 2.0 Device Authorization Grant |
rfc8707 | Feb 2020 | Resource Indicators for OAuth 2.0 Cited by 1 RFC |
rfc8747 | Mar 2020 | Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) |
rfc8876 | Sep 2020 | Non-interactive Emergency Calls |
Active Drafts (12)
- draft-tschofenig-rats-psa-token
- draft-ietf-suit-architecture
- draft-ietf-tls-dtls13
- draft-ietf-tls-dtls-connection-id
- draft-ietf-suit-manifest
- draft-ietf-suit-information-model
- draft-ietf-tls-ctls
- draft-ietf-ace-oauth-authz
- draft-moran-suit-mud
- draft-ietf-teep-protocol
- draft-ietf-teep-architecture
- draft-lior-radius-prepaid-extensions
Expired Drafts excluding replaced drafts
- draft-tschofenig-tls-cwt
- draft-shaw-rats-rear
- draft-ietf-uta-tls13-iot-profile
- draft-tschofenig-tls-dtls-rrc
- draft-birkholz-rats-architecture
- draft-friel-tls-atls
- draft-tschofenig-core-senml-lbn
- draft-ietf-teep-opentrustprotocol
- draft-ietf-oauth-pop-key-distribution
- draft-tschofenig-ace-group-communication-security
- draft-moore-iot-security-bcp
- draft-mavrogiannopoulos-tls-cid
- draft-ietf-oauth-signed-http-request
- draft-fossati-tls-iot-optimizations
- draft-ietf-oauth-pop-architecture
- draft-fossati-core-server-name-id
- draft-korhonen-dime-e2e-security
- draft-ietf-oauth-closing-redirectors
- draft-ietf-atoca-cap
- draft-maler-ace-oauth-uma
- draft-oauth-sanso-open-redirector
- draft-fossati-dtls-over-gsm-sms
- draft-winterbottom-ecrit-priv-loc
- draft-ietf-lwig-tls-minimal
- draft-tschofenig-ace-overview
- draft-tschofenig-oauth-hotk
- draft-ietf-oauth-v2-http-mac
- draft-tschofenig-iab-webpki-evolution
- draft-tschofenig-perpass-surveillance
- draft-ietf-ipsecme-oob-pubkey
- draft-tschofenig-dime-overload-arch
- draft-tschofenig-dime-dlba
- draft-tschofenig-dime-overload-piggybacking
- draft-rosen-ecrit-ecall
- draft-ietf-mmusic-media-path-middleboxes
- draft-korhonen-dime-ovl
- draft-tschofenig-dime-keying-database
- draft-tschofenig-oauth-audience
- draft-campbell-dime-overload-data-analysis
- draft-tschofenig-oauth-security
- draft-cooper-iab-secure-origin
- draft-tschofenig-secure-the-web
- draft-lumbreras-ees-urn
- draft-tschofenig-hourglass
- draft-tschofenig-post-standardization
- draft-jones-diameter-abfab
- draft-ietf-atoca-requirements
- draft-tschofenig-ecrit-xmpp-es
- draft-nir-tls-eap
- draft-mrw-abfab-multihop-fed
- draft-patil-mext-mip6issueswithipsec
- draft-barnes-atoca-cap-mime
- draft-cooper-web-tracking-opt-outs
- draft-rosen-atoca-cap
- draft-haddad-alien-threat-model
- draft-barnes-geopriv-policy-uri
- draft-ietf-sip-saml
- draft-tschofenig-oauth-signature-thoughts
- draft-morris-policy-cons
- draft-barnes-ecrit-policy
- draft-stiemerling-alto-dns-discovery
- draft-tschofenig-moonshot-ps
- draft-huang-dime-pcn-collection
- draft-lear-ietf-sasl-openid
- draft-rosen-atoca-server-discovery
- draft-tschofenig-conex-ps
- draft-winterbottom-ecrit-direct
- draft-norreys-ecrit-authority2individuals-requirements
- draft-tschofenig-rai-reducing-delays
- draft-winterbottom-dime-param-query
- draft-garcia-geopriv-indirect-publish
- draft-winterbottom-geopriv-held-context
- draft-tschofenig-ecrit-rfc5222bis
- draft-fajardo-dime-dcc-test-suite
- draft-fajardo-dime-misc-app-test-suite
- draft-fajardo-dime-base-test-suite
- draft-rosen-sipping-cap
- draft-rosen-ecrit-lost-early-warning
- draft-bajko-arcband-shape
- draft-nir-ike-nochild
- draft-romascanu-diameter-cmd-iana
- draft-tschofenig-geopriv-dhcp-circle
- draft-linsner-geopriv-adminspecific
- draft-garcia-simple-indirect-presence-publish
- draft-ietf-mip6-radius
- draft-wing-sipping-srtp-key
- draft-yegin-eap-boot-rfc3118
- draft-tschofenig-sipping-framework-spit-reduction
- draft-tschofenig-sipping-spit-policy
- draft-sheffer-ipsec-failover
- draft-froment-sipping-spit-requirements
- draft-winterbottom-sip-location-package
- draft-ietf-mmusic-sdp-dtls
- draft-tschofenig-hiprg-host-identities
- draft-tschofenig-mip6-ice
- draft-tschofenig-sipping-captcha
- draft-schwartz-sip-e164-ownership
- draft-wing-sipping-spam-score
- draft-darilion-sip-e164-enum
- draft-niccolini-sipping-spam-feedback
- draft-werner-nsis-natfw-nslp-statemachine
- draft-wing-behave-nat-control-stun-usage
- draft-fu-nsis-qos-nslp-statemachine
- draft-tschofenig-hiprg-hip-natfw-traversal
- draft-pashalidis-nsis-gimps-nattraversal
- draft-pashalidis-nsis-gist-legacynats
- draft-eggert-middlebox-control-survey
- draft-tschofenig-ecrit-architecture-overview
- draft-tschofenig-geopriv-http-using-protocol
- draft-tschofenig-hip-ice
- draft-tschofenig-radext-qos
- draft-otto-emu-eap-tls-psk
- draft-tschofenig-hiprg-hip-srtp
- draft-tschofenig-dhc-lost-discovery
- draft-tschofenig-nsis-gist-security
- draft-guenther-geopriv-policy-caps
- draft-schilcher-mobike-trigger-api
- draft-tschofenig-avt-rtp-dtls
- draft-fries-sipping-identity-enterprise-scenario
- draft-tschofenig-enroll-bootstrapping-saml
- draft-tschofenig-mip6-aaa-ha-diameter
- draft-tschofenig-ecrit-security-threats
- draft-tschofenig-omipv6-multihoming
- draft-tschofenig-enroll-next-steps
- draft-boehmer-simple-service-identification
- draft-tschofenig-mip6-bootstrapping-pana
- draft-nagarajan-multi6-comparison
- draft-aoun-nsis-nslp-natfw-migration
- draft-guenther-radext-ppebc
- draft-groeting-eap-netselection-results
- draft-tschofenig-nsis-natfw-security-problems
- draft-tschofenig-geopriv-radius-lo
- draft-tschofenig-nsis-qos-ext-authz
- draft-tschofenig-pana-bootstrap-kerberos
- draft-jones-radius-geopriv
- draft-tschofenig-pana-bootstrap-rfc3118
- draft-tschofenig-rsvp-doi
- draft-tschofenig-geopriv-authz
- draft-tschofenig-nsis-qos-authz-issues
- draft-tschofenig-nsis-sid
- draft-tschofenig-geopriv-authz-policies
- draft-tschofenig-nsis-casp-midcom
- draft-tschofenig-nsis-aaa-issues
- draft-tschofenig-pana-framework
- draft-fu-rsvp-multicast-analysis
- draft-tschofenig-nsis-threats
- draft-tschofenig-rsvp-sec-properties