…Certificate Status Protocol (OCSP) messages are carried and therefore updates [ RFC6066 ] and obsoletes [ RFC6961 ] as described in Section 4.4.2.1 . 1.1 . Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "REC…

… Certificate Status Protocol (OCSP) messages are carried and therefore updates [RFC6066] and obsoletes [RFC6961] as described in Section 4.4.2.1. 1.1. Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMEN…

…Certificate Status Protocol (OCSP) messages are carried and therefore updates [ RFC6066 ] and obsoletes [ RFC6961 ] as described in Section 4.4.2.1 1.1 . Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOM…

… Certificate Status Protocol (OCSP) messages are carried and therefore updates [RFC6066] and obsoletes [RFC6961] as described in Section 4.4.2.1. 1.1. Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMEN…

…Certificate Status Protocol (OCSP) messages are carried and therefore updates [ RFC6066 ] and obsoletes [ RFC6961 ] as described in Section 4.4.2.1 1.1 . Conventions and Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOM…

…ion Name TLS 1.3 DTLS-Only Recommended Reference Comment server_name CH, EE, CR RFC6066 ][ RFC9261 max_fragment_length CH, EE RFC6066 ][ RFC8449 client_certificate_url RFC6066 trusted_ca_keys RFC6066 truncated_hmac RFC6066 ][ IESG Action 2018-08-16 ][ RFC9847 ][ Tag Size Does Mat…

…UST support the Server Name Indication (SNI) extension defined in Section 3 of [RFC6066] for those higher-level protocols that would benefit from it, including HTTPS. However, the actual use of SNI in particular circumstances is a matter of local policy. Rationale: SNI supports d…

…rted_extension RFC-ietf-tls-rfc8446bis-13 111 certificate_unobtainable_RESERVED RFC6066 ][ RFC-ietf-tls-rfc8446bis-13 Used in TLS versions prior to 1.3. 112 unrecognized_name RFC6066 113 bad_certificate_status_response RFC6066 114 bad_certificate_hash_value_RESERVED RFC6066 ][ RF…

… client to request a connection to a particular service name of a TLS server ( [RFC6066], Section 3 ). Without this TLS extension, a TLS server has no choice but to offer a certificate with a default list of server names, making it difficult to host multiple Customer Domains at t…

…n 1.3 [ I-D.ietf-tls-tls13 ] transmits the Server Name Indication extension (( [RFC6066], section 3 ) unencrypted. This memo defines the TLS-Bootstrap DNS Resource Record and two TLS extensions: the Encrypted SNI Extension, the Semi-Static Key Share Extension, that when being use…

…]. When using TLS in this way, MUAs SHOULD use the TLS Server Name Indication [ RFC6066 ]. Certificate verification MUST use the procedure outlined in Section 6 of [RFC6125] in regard to verification with an SRV RR as the starting point. Once a suitable connection has been made, …

…P client MUST have support for the TLS Server Name Indication (SNI) extension [ RFC6066 ]. When connecting to an HTTP server to retrieve the MTA-STS Policy, the SNI extension MUST contain the name of the Policy Host (e.g., "mta-sts.example.com"). When connecting to an SMTP server…

…ications (IDNA): Definitions and Document Framework", RFC 5890 , August 2010. [ RFC6066 ] Eastlake 3rd, D., "Transport Layer Security (TLS) Extensions: Extension Definitions", RFC 6066 , January 2011. Hoffman & Schlyter Standards Track [Page 23] RFC 6698 DNS-Based Authentication …

…loyment of the Server Name Indication (SNI) extension to TLS (see Section 3 of [RFC6066] ) is no panacea, since SNI key management is operationally challenging except when the email service provider is also the domain's registrar and its certificate issuer; this is rarely the cas…

…rver and all clients support the Server Name Indication (SNI) extension to TLS [RFC6066]. Mail servers supporting the SNI need to support the post-SRV hostname to interoperate with MUAs that have not implemented [RFC6186]. For more discussion of this problem, see Section 5.1 of […