…e TLSA query. Some specifications for applications that run over TLS, such as [ RFC2818 ] for HTTP, require that the server's certificate have a domain name that matches the host name expected by the client. Some specifications, such as [ RFC6125 ], detail how to match the identi…
…all from a page fetched over HTTP. Even if calls are only possible from HTTPS [ RFC2818 ] sites, if those sites include active content (e.g., JavaScript) from an untrusted site, that JavaScript is executed in the security context of the page [ finer-grained ]. This could lead to …
…, it follows the identification procedures defined in Section 3.1 of RFC 2818 [ RFC2818 ]. Those procedures assume the client is dereferencing a URI. For purposes of usage with this specification, the client treats the domain name or IP address used in Section 8.1 as the host por…
…ted over a secure channel (typically HTTP over Transport Layer Security (TLS) [ RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…different protocols. For HTTPS, these requirements are defined by Section 3 of [RFC2818]. Readers are referred to [RFC6125] for further details regarding generic host name validation in the TLS context. In addition, that RFC contains a long list of example protocols, some of whic…
US
rfc6265
https://www.rfc-editor.org/rfc/inline-errata/rfc6265.html
…tted over a secure channel (typically HTTP over Transport Layer Security (TLS) [RFC2818]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Sec…
… be exercised when using it. Use of Transport Layer Security (TLS) with HTTP ([ RFC2818 ] and [ RFC2817 ]) is currently the only end-to-end way to provide such protection. Nottingham Standards Track [Page 17] RFC 5988 Web Linking October 2010 Applications that take advantage of t…
…, it follows the identification procedures defined in Section 3.1 of RFC 2818 [ RFC2818 ]. Those procedures assume the client is dereferencing a URI. For purposes of usage with this specification, the client treats the domain name or IP address used in Section 8.1 as the host por…
…grity protection; an HTTP GET request to retrieve the certificate MUST use TLS [RFC2818, RFC5246 ]; the identity of the server MUST be validated, as per Section 6 of RFC 6125 [ RFC6125 ]. Use of this member is OPTIONAL. While there is no requirement that optional JWK members prov…
…d be exercised when using it. Use of Transport Layer Security (TLS) with HTTP ([RFC2818] and [RFC2817]) is currently the only end-to-end way to provide such protection. Nottingham Standards Track [Page 17] RFC 5988 Web Linking October 2010 Applications that take advantage of type…
…itted over a secure channel (typically HTTP over Transport Layer Security (TLS) RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…itted over a secure channel (typically HTTP over Transport Layer Security (TLS) RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…mission of passwords, it SHOULD NOT be used (without enhancements such as HTTPS RFC2818 ]) to protect sensitive or valuable information. A common use of Basic authentication is for identification purposes -- requiring the user to provide a user-id and password as a means of ident…
…y the identity of that resource server, as per Section 3.1 of "HTTP Over TLS" [ RFC2818 ]. Note that the client MUST validate the TLS certificate chain when making these requests to protected resources. Presenting the token to an unauthenticated and unauthorized resource server o…
…cess for authoritative access to an "https" identified resource is defined in [ RFC2818 ]. 2.7.3 . http and https URI Normalization and Comparison Since the "http" and "https" schemes conform to the URI generic syntax, such URIs are normalized and compared according to the algori…