DEV Community

SSL Support
SSL Support

Posted on • Originally published at ssl.support

How does delegated credential works?

IETF community has proposed Delegated Credentials for TLS to mitigate the above-mentioned issue. As it is a new cryptographic protocol that balances the trade-off between lifetime and reliability.

Delegated Credentials for TLS allows companies to take partial control over the process of signing new certificates for themselves. This certificate uses a private key with a shorter time period than the actual certificate.

alt

The private key with a shorter period – Delegated credential used generated by the server and not by the Certificate Authority.

The delegated credential consist of the following things:

  • Public key
  • The new private key (the expiry date of the delegated credentials), and
  • The signature of delegated credentials signed by the CA issued leaf

The delegated credentials secure the connection between a web browser and the server, as it has its own public key.

The website owners can now actively participate in generating a Certificate that has a distinct public and private keys.

Delegated Credential uses a different private key with a shorter period on each server. As it uses a different private key on each server, there is less window of opportunity for a hacker to perform a cyber attack.

Read More about Delegated Credentials

Top comments (0)