… parameter, Content Identifier (CID) [ RFC2392 ], HTTP [ RFC2616 ], and HTTPS [ RFC2818 ] are the URI schemes most commonly used by current implementations. Example: DESCRIPTION;ALTREP="CID:part3.msg.970415T083000@example.com": Project XYZ Review Meeting will include the followin…
… WebSocket or HTTPS is verified according to the rules defined for secure HTTP [RFC2818], then the browser will report the successful establishment of a secure connection to the application. (However, as noted, the application is still not able to independently inspect and verify…
…ommon mechanism for applying TLS to the Web is the use of the https URI scheme [RFC2818] ; the alternative upgrade mechanism [RFC2817] is used rarely, if at all. For the purposes of this specification, the most relevant property of [RFC2818] is that the URI used to identify a res…
… parameter, Content Identifier (CID) [ RFC2392 ], HTTP [ RFC2616 ], and HTTPS [ RFC2818 ] are the URI schemes most commonly used by current implementations. Example: DESCRIPTION;ALTREP="CID:part3.msg.970415T083000@example.com": Project XYZ Review Meeting will include the followin…
US
rfc6455
https://www.rfc-editor.org/rfc/inline-errata/rfc6455.html
…ort 443 for WebSocket connections tunneled over Transport Layer Security (TLS) [RFC2818]. 1.8. Establishing a Connection _This section is non-normative._ When a connection is to be made to a port that is shared by an HTTP server (a situation that is quite likely to occur with tra…
…ommon mechanism for applying TLS to the Web is the use of the https URI scheme [RFC2818] ; the alternative upgrade mechanism [RFC2817] is used rarely, if at all. For the purposes of this specification, the most relevant property of [RFC2818] is that the URI used to identify a res…
…rt 443 for WebSocket connections tunneled over Transport Layer Security (TLS) [ RFC2818 ]. 1.8 . Establishing a Connection _This section is non-normative._ When a connection is to be made to a port that is shared by an HTTP server (a situation that is quite likely to occur with t…
…ssion of passwords, it SHOULD NOT be used (without enhancements such as HTTPS [ RFC2818 ]) to protect sensitive or valuable information. A common use of Basic authentication is for identification purposes -- requiring the user to provide a user-id and password as a means of ident…
…up language, its common use case these days is with HTTP [ RFC2616 ] or HTTPS [ RFC2818 ] and HTML [ W3C-REC-HTML401 ]. What follows is a typical flow: 1. The browser requests a resource of an RP (via an HTTP request). 2. The RP redirects the browser via an HTTP redirect (as desc…
…ng Policy bodies are, as described above, retrieved by Sending MTAs via HTTPS [ RFC2818 ]. During the TLS handshake initiated to fetch a new or updated policy from the Policy Host, the Policy Host HTTPS server MUST present an X.509 certificate that is valid for the "mta-sts" DNS-…
…e TLSA query. Some specifications for applications that run over TLS, such as [ RFC2818 ] for HTTP, require that the server's certificate have a domain name that matches the host name expected by the client. Some specifications, such as [ RFC6125 ], detail how to match the identi…
…all from a page fetched over HTTP. Even if calls are only possible from HTTPS [ RFC2818 ] sites, if those sites include active content (e.g., JavaScript) from an untrusted site, that JavaScript is executed in the security context of the page [ finer-grained ]. This could lead to …
…, it follows the identification procedures defined in Section 3.1 of RFC 2818 [ RFC2818 ]. Those procedures assume the client is dereferencing a URI. For purposes of usage with this specification, the client treats the domain name or IP address used in Section 8.1 as the host por…
…ted over a secure channel (typically HTTP over Transport Layer Security (TLS) [ RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…different protocols. For HTTPS, these requirements are defined by Section 3 of [RFC2818]. Readers are referred to [RFC6125] for further details regarding generic host name validation in the TLS context. In addition, that RFC contains a long list of example protocols, some of whic…