…in name, the server's identity SHOULD be checked using the rules specified in [ RFC6125 ]. Support for the DNS-ID identifier type is RECOMMENDED in client and server software implementations. Certification authorities that issue certificates for use by Secure Shell servers SHOULD…
…tiality is provided. Additional advice on certificate pinning is presented in [ RFC6125 ]. 5.5 . Client Certificate Authentication MUAs MAY implement client certificate authentication on the Implicit TLS port. An MUA MUST NOT provide a client certificate during the TLS handshake …
…]; the identity of the server MUST be validated, as per Section 6 of RFC 6125 [ RFC6125 ]. Use of this member is OPTIONAL. While there is no requirement that optional JWK members providing key usage, algorithm, or other information be present when the "x5u" member is used, doing …
…ons Both the core XMPP specification [ RFC6120 ] and the CertID specification [ RFC6125 ] provide recommendations and requirements for certificate validation in the context of authenticated connections. This document does not supersede those specifications (e.g., it does not modi…
…client MUST validate the authorization server's TLS certificate as defined by [ RFC6125 ] and in accordance with its requirements for server identity authentication. 10.10 . Credentials-Guessing Attacks The authorization server MUST prevent attackers from guessing access tokens, …
…te, the client MUST interpret the public name as a DNS-based reference identity RFC6125 . Clients that incorporate DNS names and IP addresses into the same syntax (e.g. Section 7.4 of [ RFC3986 and WHATWG-IPV4 MUST reject names that would be interpreted as IPv4 addresses. Clients…
…ctions Both the core XMPP specification [RFC6120] and the CertID specification [RFC6125] provide recommendations and requirements for certificate validation in the context of authenticated connections. This document does not supersede those specifications (e.g., it does not modif…
…6 ]; the identity of the server MUST be validated, as per Section 6 of RFC 6125 RFC6125 ]. Use of this member is OPTIONAL. While there is no requirement that optional JWK members providing key usage, algorithm, or other information be present when the "x5u" member is used, doing …
…g TLS, the client MUST perform a TLS/SSL server certificate check, per RFC 6125 RFC6125 ]. Implementation security considerations can be found in Recommendations for Secure Use of TLS and DTLS [ BCP195 ]. Richer, et al. Standards Track [Page 28] RFC 7591 OAuth 2.0 Dynamic Registr…
…6 ]; the identity of the server MUST be validated, as per Section 6 of RFC 6125 RFC6125 ]. Use of this member is OPTIONAL. While there is no requirement that optional JWK members providing key usage, algorithm, or other information be present when the "x5u" member is used, doing …
… Status Protocol (OCSP) [RFC2560], as well as via TLS server identity checking [RFC6125]. 8.5. HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elements [W3C.REC-html401-19991224] in received content. Hodges…
…atus Protocol (OCSP) [ RFC2560 ], as well as via TLS server identity checking [ RFC6125 ]. 8.5 . HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elements [ W3C.REC-html401-19991224 ] in received content. Ho…
…atus Protocol (OCSP) [ RFC2560 ], as well as via TLS server identity checking [ RFC6125 ]. 8.5 . HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elements [ W3C.REC-html401-19991224 ] in received content. Ho…
…ons Both the core XMPP specification [ RFC6120 ] and the CertID specification [ RFC6125 ] provide recommendations and requirements for certificate validation in the context of authenticated connections. This document does not supersede those specifications (e.g., it does not modi…
…client MUST validate the authorization server's TLS certificate as defined by [ RFC6125 ] and in accordance with its requirements for server identity authentication. 10.10 . Credentials-Guessing Attacks The authorization server MUST prevent attackers from guessing access tokens, …