Trusted CA Indication extension
E893549
The Trusted CA Indication extension is a Transport Layer Security (TLS) mechanism that lets a client signal which certificate authorities it trusts so the server can select an appropriate certificate chain.
Statements (32)
| Predicate | Object |
|---|---|
| instanceOf |
TLS extension
ⓘ
Transport Layer Security mechanism ⓘ |
| abbreviation | TCI ⓘ |
| assumes | server has certificates issued by multiple CAs or chains ⓘ |
| benefit |
can reduce handshake size in multi-CA environments
ⓘ
enables better certificate selection for clients with constrained trust stores ⓘ reduces need for servers to send multiple certificate chains ⓘ |
| category | TLS certificate selection optimization ⓘ |
| direction | client hello extension ⓘ |
| granularity | CA-level trust indication ⓘ |
| influences |
server choice of end-entity certificate
ⓘ
server choice of intermediate CA certificates ⓘ |
| inputFrom | client trust store ⓘ |
| layer | application layer security protocol ⓘ |
| operatesOn | list of trusted certificate authorities ⓘ |
| outputTo | server certificate selection logic ⓘ |
| protocol | Transport Layer Security NERFINISHED ⓘ |
| purpose |
to help a TLS server select an appropriate certificate chain
ⓘ
to let a TLS client indicate which certificate authorities it trusts ⓘ |
| relatedTo |
Server Name Indication extension
NERFINISHED
ⓘ
TLS certificate chain ⓘ X.509 public key infrastructure NERFINISHED ⓘ certificate authorities ⓘ |
| role | client-to-server signaling mechanism ⓘ |
| scope | TLS handshake phase ⓘ |
| securityProperty | does not itself provide confidentiality or integrity but influences certificate choice ⓘ |
| status | proposed TLS extension ⓘ |
| useCase |
IoT or embedded clients with restricted trust anchors
ⓘ
enterprise environments with private and public CAs ⓘ hosting providers serving certificates from different CAs ⓘ |
| usedBy |
TLS clients
ⓘ
TLS servers ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.