-[TLS](https://www.rfc-editor.org/rfc/rfc8446) uses [X.509 certificates](https://www.rfc-editor.org/rfc/rfc5280) to associate a TLS endpoint's DNS names, or other application identifiers, with its TLS key. These associations are signed by certificate authorities (CAs) and are presented to the peer, known as the *relying party*. Each relying party curates a set of CAs, called *trust anchors*, whose associations the relying party accepts. If the relying party's trust anchors can be trusted to only issue correct associations, the relying party can use TLS to securely connect to the authenticating party, known as the *authenticating party*. The common case in TLS is server certificate authentication, where the authenticating party is the server, and the relying party is the client. The roles are reversed with client certificates. For clarity, this document will primarily discuss the server certificate case, but most of the motivations and solutions apply analogously to client certificates.
0 commit comments