rfc5280 — Search

https://datatracker.ietf.org/doc/rfc7515

…refers to a resource for the X.509 public key certificate or certificate chain [RFC5280] corresponding to the key used to digitally sign the JWS. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 [RFC5280] in P…

2026-04-24 14:05 View archive →

US RFC 7517: JSON Web Key (JWK)

https://www.rfc-editor.org/rfc/rfc7517

…t refers to a resource for an X.509 public key certificate or certificate chain RFC5280 ]. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 ] in PEM-encoded form, with each certificate delimited as spe…

2026-04-24 14:02 View archive →

US RFC 7515: JSON Web Signature (JWS)

https://rfc-editor.org/rfc/rfc7515

…efers to a resource for the X.509 public key certificate or certificate chain [ RFC5280 ] corresponding to the key used to digitally sign the JWS. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 in PE…

2026-04-24 13:40 View archive →

US RFC 7515 - JSON Web Signature (JWS)

https://tools.ietf.org/html/rfc7515

…efers to a resource for the X.509 public key certificate or certificate chain [ RFC5280 ] corresponding to the key used to digitally sign the JWS. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 in PE…

2026-04-24 13:02 View archive →

US RFC 7517 - JSON Web Key (JWK)

https://tools.ietf.org/html/rfc7517

…t refers to a resource for an X.509 public key certificate or certificate chain RFC5280 ]. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 ] in PEM-encoded form, with each certificate delimited as spe…

2026-04-24 11:23 View archive →

US RFC 9399: Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates

https://www.rfc-editor.org/rfc/rfc9399.html

…d BSD License. Table of Contents 1. Introduction This specification supplements RFC5280 , which profiles public key certificates and certificate revocation lists (CRLs) for use in the Internet, and it supplements RFC5755 , which profiles attribute certificates for use in the Inte…

2026-04-24 20:17 View archive →

US RFC 9399 - Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates

https://datatracker.ietf.org/doc/rfc9399

…nowledgments Authors' Addresses 1. Introduction This specification supplements [RFC5280], which profiles public key certificates and certificate revocation lists (CRLs) for use in the Internet, and it supplements [RFC5755], which profiles attribute certificates for use in the Int…

2026-04-24 15:09 View archive →

US draft-ietf-sidrops-rpki-ta-tiebreaker-02

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-ta-tiebreaker

…ly reissue TA certificates to update the validity period ( Section 4.1.2.5 of [ RFC5280 ), the Subject Information Access (SIA) extension ( Section 4.2.2.2 of [ RFC5280 , Certificate Policies extension ( Section 4.2.1.4 of [ RFC5280 ), and the Internet Number Resources (INR) ( RF…

2026-04-24 14:36 View archive →

US RFC 6066 - Transport Layer Security (TLS) Extensions: Extension Definitions

https://datatracker.ietf.org/doc/html/rfc6066

…-encoded ASN.1 types as defined in [ RFC2560 ]. "Extensions" is imported from [ RFC5280 ]. A zero-length "request_extensions" value means that there are no extensions (as opposed to a zero-length ASN.1 SEQUENCE, which is not valid for the "Extensions" type). In the case of the "i…

2026-04-24 10:21 View archive →

US RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3

https://www.rfc-editor.org/rfc/rfc8446.html

…lic key is carried in an X.509 certificate, it MUST use the rsaEncryption OID [ RFC5280 ]. EdDSA algorithms: Indicates a signature algorithm using EdDSA as defined in [ RFC8032 ] or its successors. Note that these correspond to the "PureEdDSA" algorithms and not the "prehash" var…

2026-04-26 04:13 View archive →

US RFC 6961 - The Transport Layer Security (TLS) Multiple Certificate Status Request Extension

https://datatracker.ietf.org/doc/rfc6961

… only specify the publication point for their CRLs in a CRL Distribution Point [RFC5280] but also specify a URL for their OCSP [RFC6960] server in Authority Information Access [RFC5280]. Given that client-cached CRLs are frequently out of date, clients would benefit from using OC…

2026-04-26 01:12 View archive →

US RFC 9829: Handling of Resource Public Key Infrastructure (RPKI) Certificate Revocation List (CRL) Number Extensions

https://www.rfc-editor.org/rfc/rfc9829.html

… without warranty as described in the Revised BSD License. ¶ Section 5.2.3 of [ RFC5280 ] describes the value of the Certificate Revocation List (CRL) Number extension as a monotonically increasing sequence number, which "allows users to easily determine when a particular CRL sup…

2026-04-26 00:12 View archive →

US RFC 6480 - An Infrastructure to Support Secure Internet Routing

https://datatracker.ietf.org/doc/rfc6480

…ertificate profile defined by the Public Key Infrastructure using X.509 (PKIX) [RFC5280] working group and the extensions for IP addresses and AS numbers representation defined in RFC 3779 [RFC3779]. Also, Cryptographic Message Syntax (CMS) [RFC5652] is used as the syntax Lepinsk…

2026-04-25 23:26 View archive →

US RFC 6698 - The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA

https://tools.ietf.org/html/rfc6698

…escribed in more detail in Appendix A.4 ). This document only applies to PKIX [ RFC5280 ] certificates, not certificates of other formats. Hoffman & Schlyter Standards Track [Page 5] RFC 6698 DNS-Based Authentication for TLS August 2012 This document defines a secure method to as…

2026-04-25 20:03 View archive →

US RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3

https://www.rfc-editor.org/rfc/rfc8446

…lic key is carried in an X.509 certificate, it MUST use the rsaEncryption OID [ RFC5280 ]. EdDSA algorithms: Indicates a signature algorithm using EdDSA as defined in [ RFC8032 ] or its successors. Note that these correspond to the "PureEdDSA" algorithms and not the "prehash" var…

2026-04-25 18:56 View archive →