…t are compliant with CT Policy. This Expect-CT specification is compatible with RFC6962 and RFC9162 , but not necessarily with future versions of Certificate Transparency. UAs will ignore Expect-CT header fields from web hosts that use future versions of Certificate Transparency,…
…t are compliant with CT Policy. This Expect-CT specification is compatible with RFC6962 and RFC9162 , but not necessarily with future versions of Certificate Transparency. UAs will ignore Expect-CT header fields from web hosts that use future versions of Certificate Transparency,…
…4.2 . Interaction with Certificate Transparency Certificate Transparency (CT) [ RFC6962 ] defines an experimental approach that could be used to mitigate the risk of rogue or compromised public CAs issuing unauthorized certificates. This section clarifies the interaction of the e…
…tocol_negotiation [ RFC7301 ] | CH, EE | | | | | signed_certificate_timestamp [ RFC6962 ] | CH, CR, CT | | | | | client_certificate_type [ RFC7250 ] | CH, EE | | | | | server_certificate_type [ RFC7250 ] | CH, EE | | | | | padding [ RFC7685 ] | CH | | | | | key_share ( RFC 8446 )…
US
rfc8446
https://www.rfc-editor.org/rfc/inline-errata/rfc8446.html
…protocol_negotiation [RFC7301] | CH, EE | | | | | signed_certificate_timestamp [RFC6962] | CH, CR, CT | | | | | client_certificate_type [RFC7250] | CH, EE | | | | | server_certificate_type [RFC7250] | CH, EE | | | | | padding [RFC7685] | CH | | | | | key_share (RFC 8446) | CH, SH…
…tocol_negotiation [ RFC7301 ] | CH, EE | | | | | signed_certificate_timestamp [ RFC6962 ] | CH, CR, CT | | | | | client_certificate_type [ RFC7250 ] | CH, EE | | | | | server_certificate_type [ RFC7250 ] | CH, EE | | | | | padding [ RFC7685 ] | CH | | | | | key_share ( RFC 8446 )…
…ed for the Merkle trees in the Certificate Transparency protocol I-D.ietf-trans-rfc6962-bis .) The direct path of a root is the empty list, and of any other node is the concatenation of that node's parent along with the parent's direct path. The copath of a node is the node's sib…
…protocol_negotiation [RFC7301] | CH, EE | | | | | signed_certificate_timestamp [RFC6962] | CH, CR, CT | | | | | client_certificate_type [RFC7250] | CH, EE | | | | | server_certificate_type [RFC7250] | CH, EE | | | | | padding [RFC7685] | CH | | | | | key_share (RFC 8446) | CH, SH…
… even be part of the mitigation for PM, for example, certificate transparency [ RFC6962 ] involves monitoring Public Key Infrastructure in ways that could detect some PM attack techniques. However, there is clear potential for monitoring mechanisms to be abused for PM, so this te…
…etect such misissuance through other means, such as certificate transparency ([ RFC6962 ]). . Privacy Considerations Hosts can use HSTS or HPKP as a "super-cookie", by setting distinct policies for a number of subdomains. For example, assume example.com wishes to track distinct U…
…etect such misissuance through other means, such as certificate transparency ([ RFC6962 ]). . Privacy Considerations Hosts can use HSTS or HPKP as a "super-cookie", by setting distinct policies for a number of subdomains. For example, assume example.com wishes to track distinct U…
… below. An append-only, audited log similar to that of Certificate Transparency RFC6962 . The log is operated and audited in such a way that the contents of the log are consistent for all clients. Any reliant system which depends on this type of KCCS requires the log be audited o…
…tocol_negotiation [ RFC7301 ] | CH, EE | | | | | signed_certificate_timestamp [ RFC6962 ] | CH, CR, CT | | | | | client_certificate_type [ RFC7250 ] | CH, EE | | | | | server_certificate_type [ RFC7250 ] | CH, EE | | | | | padding [ RFC7685 ] | CH | | | | | key_share ( RFC 8446 )…
…RFC7301 17 status_request_v2 RFC6961 18 signed_certificate_timestamp CH, CR, CT RFC6962 19 client_certificate_type CH, EE RFC7250 20 server_certificate_type CH, EE RFC7250 21 padding CH RFC7685 22 encrypt_then_mac RFC7366 23 extended_main_secret RFC7627 ][ RFC-ietf-tls-rfc8446bis…