…ion MUAs MUST validate TLS server certificates according to [RFC7817] and PKIX [RFC5280]. MUAs MAY also support DNS-Based Authentication of Named Entities (DANE) [RFC6698] as a means of validating server certificates in order to meet minimum confidentiality requirements. MUAs MAY…
…subject alternative name" extension of the signer certificate, as specified in [RFC5280], Section 4.1.2.6 .) Note that the signer is not necessarily the person sending an e-mail message, since an e-mail message can be forwarded. 2. Correlate the signer to either an "ATTENDEE" pro…
…cation clients need to verify the entire certification path in accordance with [RFC5280] (see also [RFC6125]). Sheffer, et al. Best Current Practice [Page 17] RFC 7525 TLS Recommendations May 2015 6.2. AES-GCM Section 4.2 above recommends the use of the AES-GCM authenticated encr…
… MUAs MUST validate TLS server certificates according to [ RFC7817 ] and PKIX [ RFC5280 ]. MUAs MAY also support DNS-Based Authentication of Named Entities (DANE) [ RFC6698 ] as a means of validating server certificates in order to meet minimum confidentiality requirements. MUAs …
…idated by a standard X.509v3 client) and signing the resulting TBSCertificate [ RFC5280 ] with either Laurie, et al. Experimental [Page 9] RFC 6962 Certificate Transparency June 2013 o a special-purpose (CA:true, Extended Key Usage: Certificate Transparency, OID 1.3.6.1.4.1.11129…
…A with a SHA2 hash algorithm. These fields are more fully described in RFC 5280 RFC5280 ]. This document also identifies all four SHA2 hash algorithms for use in the Internet X.509 PKI. This document profiles material presented in the "Secure Hash Standard" [ FIPS180-3 ], "Public…
…vers supporting some electronic commerce sites and in some X.509 certificates [ RFC5280 ]. These documents do not address those uses, but it is reasonable to expect that some difficulties will be encountered when internationalized addresses are first used in those contexts, many …
…of [ JWS ], except that the X.509 public key certificate or certificate chain [ RFC5280 contains the public key to which the JWE was encrypted; this can be used to determine the private key needed to decrypt the JWE. 4.1.8 . "x5c" (X.509 Certificate Chain) Header Parameter This p…
…t is assumed that UAs apply X.509 certificate chain validation in accord with [ RFC5280 ].) The UA will not be able to detect and thwart a MITM attacking the UA's first connection to the host. (However, the requirement that the MITM provide an X.509 certificate chain that can pas…
…t is assumed that UAs apply X.509 certificate chain validation in accord with [ RFC5280 ].) The UA will not be able to detect and thwart a MITM attacking the UA's first connection to the host. (However, the requirement that the MITM provide an X.509 certificate chain that can pas…
…d Reference Mapping to X.509 Certificate Extension keyUsage RFC9115, Appendix A RFC5280, Section 4.2.1.3 extendedKeyUsage RFC9115, Appendix A RFC5280, Section 4.2.1.12 subjectAltName RFC9115, Appendix A RFC5280, Section 4.2.1.6 (note that only specific name formats are allowed: U…
…A with a SHA2 hash algorithm. These fields are more fully described in RFC 5280 RFC5280 ]. This document also identifies all four SHA2 hash algorithms for use in the Internet X.509 PKI. This document profiles material presented in the "Secure Hash Standard" [ FIPS180-3 ], "Public…
…A with a SHA2 hash algorithm. These fields are more fully described in RFC 5280 RFC5280 ]. This document also identifies all four SHA2 hash algorithms for use in the Internet X.509 PKI. This document profiles material presented in the "Secure Hash Standard" [ FIPS180-3 ], "Public…
…dentials. Some of these mechanisms include Certificate Revocation Lists (CRL) [ RFC5280 ], the Online Certificate Status Protocol (OCSP) [ RFC2560 ], Bloom Filters [ RFC8932 ], and cryptographic accumulators [ ALLOSAUR ]. This specification optimizes for a variety of requirements…
…cted by TLS, and the client MUST successfully validate the server certificate [ RFC5280 ][RFC6125]. 2 . Applicability for Application Protocols other than HTTP OpenID was originally envisioned for HTTP- [ RFC2616 ] and HTML-based [ W3C.REC-html401-19991224 ] communications, and w…