…rver MUST present an X.509 certificate that is valid for the "mta-sts" DNS-ID [ RFC6125 ] (e.g., "mta-sts.example.com") as described below, chain to a root CA that is trusted by the Sending MTA, and be non- expired. It is expected that Sending MTAs use a set of trusted CAs simila…

…ia Opportunistic DANE TLS October 2015 Reference identifier: (Special case of [ RFC6125 ] definition.) One of the domain names associated by the SMTP client with the destination SMTP server for performing name checks on the server certificate. When name checks are applicable, at …

…se requirements are defined by Section 3 of [RFC2818]. Readers are referred to [RFC6125] for further details regarding generic host name validation in the TLS context. In addition, that RFC contains a long list of example protocols, some of which implement a policy very different…

…and the identity of the server MUST be validated, as per Section 6 of RFC 6125 [RFC6125]. Also, see Section 8 on TLS requirements. Use of this Header Parameter is OPTIONAL. 4.1.3. "jwk" (JSON Web Key) Header Parameter The "jwk" (JSON Web Key) Header Parameter is the public key th…

…66 ]. Certificate verification MUST use the procedure outlined in Section 6 of [RFC6125] in regard to verification with an SRV RR as the starting point. Once a suitable connection has been made, and any required protection set up, the MUA will typically need to authenticate with …

… and the identity of the server MUST be validated, as per Section 6 of RFC 6125 RFC6125 ]. Also, see Section 8 on TLS requirements. Use of this Header Parameter is OPTIONAL. 4.1.3 . "jwk" (JSON Web Key) Header Parameter The "jwk" (JSON Web Key) Header Parameter is the public key …

… and the identity of the server MUST be validated, as per Section 6 of RFC 6125 RFC6125 ]. Also, see Section 8 on TLS requirements. Use of this Header Parameter is OPTIONAL. 4.1.3 . "jwk" (JSON Web Key) Header Parameter The "jwk" (JSON Web Key) Header Parameter is the public key …

… host name validation using subjectAltName dNSName identities as described in [ RFC6125 ]. The rules and guidelines defined in [ RFC6125 ] apply here, with the following considerations: o Relying Parties and Repository Servers SHOULD support the DNS-ID identifier type. The DNS-ID…

…ms related to TLS-protected application services and DNS names are taken from [ RFC6125 ]. Hoffman & Schlyter Standards Track [Page 6] RFC 6698 DNS-Based Authentication for TLS August 2012 2 . The TLSA Resource Record The TLSA DNS resource record (RR) is used to associate a TLS s…

… need to have names that match one of the client's reference identifiers (see [ RFC6125 ]). When hosting multiple unrelated Customer Domains (that can't all appear in a single certificate), such a server SHOULD employ SNI to select the appropriate certificate to present to the cl…

…y the service identity using the verification process defined in Section 6 of [ RFC6125 . The client MUST construct a reference identity from the service's host: if the host is a literal IP address Section 4.3.5 ), the reference identity is an IP-ID, otherwise the host is a name …

…fy the service identity using the verification process defined in Section 6 of [RFC6125] . The client MUST construct a reference identity from the service's host: if the host is a literal IP address ( Section 4.3.5 ), the reference identity is an IP-ID, otherwise the host is a na…

…y the service identity using the verification process defined in Section 6 of [ RFC6125 . The client MUST construct a reference identity from the service's host: if the host is a literal IP address Section 4.3.5 ), the reference identity is an IP-ID, otherwise the host is a name …

…y the service identity using the verification process defined in Section 6 of [ RFC6125 . The client MUST construct a reference identity from the service's host: if the host is a literal IP address Section 4.3.5 ), the reference identity is an IP-ID, otherwise the host is a name …

…fy the service identity using the verification process defined in Section 6 of [RFC6125] . The client MUST construct a reference identity from the service's host: if the host is a literal IP address ( Section 4.3.5 ), the reference identity is an IP-ID, otherwise the host is a na…