TLS
securityFull Name: Transport Layer Security
Definition
TLS (Transport Layer Security) is a cryptographic protocol that provides confidentiality, integrity, and authentication for network communications between two parties. As the successor to SSL (Secure Sockets Layer), TLS is the technology behind HTTPS and secures the vast majority of internet communications. TLS 1.3, standardized in RFC 8446, represents the latest version with significant security and performance improvements over previous versions. In the EUDI Wallet ecosystem, TLS is the foundational transport security layer that protects all network communications: credential issuance flows between wallets and issuers (OpenID4VCI), credential presentation exchanges between wallets and verifiers (OpenID4VP in online mode), trust registry and trusted list queries, revocation status checks, and wallet provider communications. The EUDI Wallet Architecture Reference Framework mandates TLS 1.3 with strong cipher suites for all infrastructure endpoints, ensuring that identity data in transit is protected against eavesdropping, tampering, and impersonation attacks across the European digital identity network.
TLS 1.3 Improvements Critical for EUDI Wallets
TLS 1.3 introduces several improvements particularly important for the EUDI Wallet ecosystem. Mandatory forward secrecy ensures that every TLS session uses ephemeral Diffie-Hellman keys for key exchange, meaning that even if a server's long-term private key is later compromised, past session data cannot be decrypted. This is critical for EUDI Wallet communications where credential data transmitted months or years ago must remain confidential even against future key compromises.
The elimination of legacy cipher suites in TLS 1.3 removes known-vulnerable algorithms that could be exploited through downgrade attacks. Previous TLS versions supported older ciphers (like RC4 and CBC-mode block ciphers) that have known weaknesses. TLS 1.3 supports only AEAD (Authenticated Encryption with Associated Data) cipher suites: AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305, all of which provide both confidentiality and integrity in a single construction, eliminating entire classes of attacks.
The reduced handshake latency of TLS 1.3 (one round-trip instead of two) improves the user experience for EUDI Wallet operations. When a user presents a credential online, the TLS handshake with the verifier's server completes faster, reducing the perceived delay. The 0-RTT (zero round-trip time) resumption feature allows previously connected clients to send application data immediately upon reconnection, further improving performance for repeated connections to the same credential issuer or verifier.
TLS in the EUDI Wallet Communication Architecture
The EUDI Wallet uses TLS across all its network communication channels. During credential issuance via OpenID4VCI, TLS protects the authorization request, the token exchange, and the credential delivery. The wallet verifies the issuer's TLS certificate to confirm it is communicating with the legitimate credential issuer, not an impersonator. During online credential presentation via OpenID4VP, TLS protects the presentation request from the verifier and the wallet's response containing the verifiable presentation.
Trust registry queries, where the wallet downloads the EU Trusted Lists to verify which issuers and verifiers are authorized, are also protected by TLS. The integrity of these lists is further protected by digital signatures, but TLS ensures that the download process itself cannot be intercepted or manipulated. Revocation status checks (querying whether a credential has been revoked) use TLS to prevent an attacker from intercepting and modifying revocation responses, which could cause the wallet to accept a revoked credential or reject a valid one.
For proximity-based credential presentations (face-to-face verification over BLE or NFC), TLS is not used directly because these are local connections without internet involvement. Instead, the ISO 18013-5 standard defines its own session encryption protocol with similar security properties: ephemeral key agreement, authenticated encryption, and session binding. The EUDI Wallet thus uses TLS for all internet-based communications and protocol-specific encryption for local communications, ensuring complete transport security across all interaction modes.
Certificate Management and Trust Chain Validation
TLS certificate validation in the EUDI Wallet context goes beyond standard browser-level certificate checking. While standard TLS validation verifies that the server certificate is signed by a trusted Certificate Authority and has not expired, EUDI Wallet implementations may add additional checks. These include verifying the server certificate against the EU Trusted Lists (ensuring the server belongs to an authorized entity in the EUDI ecosystem), checking for certificate transparency logs (detecting fraudulently issued certificates), and implementing certificate pinning for critical infrastructure connections.
Certificate pinning, where the wallet hardcodes or configures the expected certificates for specific servers, provides additional protection against man-in-the-middle attacks using fraudulently issued certificates. For example, the wallet might pin the certificate of its wallet provider's backend, the EU Trusted List distribution server, and other critical infrastructure. If a government or attacker obtains a fraudulent certificate from a compromised Certificate Authority, the pinning check would detect the mismatch and refuse the connection.
The EUDI Wallet ecosystem's reliance on the EU Trusted Lists creates a parallel trust chain alongside the traditional web PKI. While TLS certificates are validated against the web PKI (Certificate Authorities like DigiCert, Let's Encrypt, etc.), the entity's authorization to participate in the EUDI ecosystem is validated against the EU Trusted Lists. Both validations must pass for the wallet to trust the connection, providing a dual-trust model that is more resilient than either system alone.