…otes: The RFC6960 changes OCSP protocol in part of KeyHash type calculation. In RFC2560 there is the description: KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key (excluding the tag and length fields) But in Appendix B.1, which is the major OCSP descriptive module…
…ficate status information (e.g., an Online Certificate Status Protocol (OCSP) [ RFC2560 ] response) during a TLS handshake. This functionality is desirable in order to avoid sending a Certificate Revocation List (CRL) over a constrained access network and therefore saving bandwid…
…equirements are specified in separate documents. This specification obsoletes [ RFC2560 ] and [ RFC6277 ]. The primary reason for the publication of this document is to address ambiguities that have been found since the publication of RFC 2560 . This document differs from RFC 256…
… 8954 RFC 9654 Obsoletes RFC 6277 RFC 2560 Updates RFC 5912 Was draft-ietf-pkix-rfc2560bis pkix WG Authors Stefan Santesson Michael Myers Rich Ankney Ambarish Malpani Slava Galperin Dr. Carlisle Adams 2020-01-21 RFC stream Internet Engineering Task Force (IETF) Formats txt html p…
…equirements are specified in separate documents. This specification obsoletes [ RFC2560 ] and [ RFC6277 ]. The primary reason for the publication of this document is to address ambiguities that have been found since the publication of RFC 2560 . This document differs from RFC 256…
…equirements are specified in separate documents. This specification obsoletes [ RFC2560 ] and [ RFC6277 ]. The primary reason for the publication of this document is to address ambiguities that have been found since the publication of RFC 2560 . This document differs from RFC 256…
…equirements are specified in separate documents. This specification obsoletes [ RFC2560 ] and [ RFC6277 ]. The primary reason for the publication of this document is to address ambiguities that have been found since the publication of RFC 2560 . This document differs from RFC 256…
… more Online Certificate Status Protocol (OCSP) responses as in Section 4.2 of [RFC2560]. Providing OCSP responses directly in this data structure can reduce the number of communication rounds required (saving the implementation from needing to perform OCSP checking out-of-band) …
… more Online Certificate Status Protocol (OCSP) responses as in Section 4.2 of [RFC2560] . Providing OCSP responses directly in this data structure can reduce the number of communication rounds required (saving the implementation from needing to perform OCSP checking out-of-band)…
…n Lists (CRLs) [RFC5280], or via the Online Certificate Status Protocol (OCSP) [RFC2560], as well as via TLS server identity checking [RFC6125]. 8.5. HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elements…
…ists (CRLs) [ RFC5280 ], or via the Online Certificate Status Protocol (OCSP) [ RFC2560 ], as well as via TLS server identity checking [ RFC6125 ]. 8.5 . HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elem…
…ists (CRLs) [ RFC5280 ], or via the Online Certificate Status Protocol (OCSP) [ RFC2560 ], as well as via TLS server identity checking [ RFC6125 ]. 8.5 . HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elem…
…ists (CRLs) [ RFC5280 ], or via the Online Certificate Status Protocol (OCSP) [ RFC2560 ], as well as via TLS server identity checking [ RFC6125 ]. 8.5 . HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elem…
…ists (CRLs) [ RFC5280 ], or via the Online Certificate Status Protocol (OCSP) [ RFC2560 ], as well as via TLS server identity checking [ RFC6125 ]. 8.5 . HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Strict-Transport-Security" attribute settings on <meta> elem…
…on and compare method. In the case of the "id-pkix-ocsp-nonce" OCSP extension, [RFC2560] is unclear about its encoding; for clarification, the nonce MUST be a DER-encoded OCTET STRING, which is encapsulated as another OCTET STRING (note that implementations based on an existing O…