(last updated 2009-06-16)

Subject: Registration of TLS server end-point channel bindings

Channel binding unique prefix: tls-server-end-point

Channel binding type: end-point

Channel type: TLS

Published specification: none

Channel binding is secret: no

Description: The hash of the TLS server's end entity certificate as it
appears, octet for octet, in the server's Certificate message
(note that the Certificate message contains a certificate_list,
the first element of which is the server's end entity
certificate.) The hash function to be selected is as follows: if the
certificate's signature hash algorithm is either MD5 or SHA-1,
then use SHA-256, otherwise use the certificate's signature hash
algorithm.
The reason for using a hash of the certificate is that some
implementations need to track the channel binding of a TLS
session in kernel-mode memory, which is often at a premium.

Intended usage: COMMON

Person and email address to contact for further information:
Larry Zhu (lzhu&microsoft.com)

Owner/Change controller name and email address:
IESG (iesg&ietf.org)

Expert reviewer name and contact information: Nicolas Williams
(Nicolas.Williams&sun.com)

Note: This registration was initially authored by Nicolas Williams
(Nicolas.Williams&sun.com).

(file created 2008-06-26)