…up language, its common use case these days is with HTTP [ RFC2616 ] or HTTPS [ RFC2818 ] and HTML [ W3C-REC-HTML401 ]. What follows is a typical flow: 1. The browser requests a resource of an RP (via an HTTP request). 2. The RP redirects the browser via an HTTP redirect (as desc…
…ng Policy bodies are, as described above, retrieved by Sending MTAs via HTTPS [ RFC2818 ]. During the TLS handshake initiated to fetch a new or updated policy from the Policy Host, the Policy Host HTTPS server MUST present an X.509 certificate that is valid for the "mta-sts" DNS-…
…e TLSA query. Some specifications for applications that run over TLS, such as [ RFC2818 ] for HTTP, require that the server's certificate have a domain name that matches the host name expected by the client. Some specifications, such as [ RFC6125 ], detail how to match the identi…
…all from a page fetched over HTTP. Even if calls are only possible from HTTPS [ RFC2818 ] sites, if those sites include active content (e.g., JavaScript) from an untrusted site, that JavaScript is executed in the security context of the page [ finer-grained ]. This could lead to …
…, it follows the identification procedures defined in Section 3.1 of RFC 2818 [ RFC2818 ]. Those procedures assume the client is dereferencing a URI. For purposes of usage with this specification, the client treats the domain name or IP address used in Section 8.1 as the host por…
…ted over a secure channel (typically HTTP over Transport Layer Security (TLS) [ RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…different protocols. For HTTPS, these requirements are defined by Section 3 of [RFC2818]. Readers are referred to [RFC6125] for further details regarding generic host name validation in the TLS context. In addition, that RFC contains a long list of example protocols, some of whic…
US
rfc6265
https://www.rfc-editor.org/rfc/inline-errata/rfc6265.html
…tted over a secure channel (typically HTTP over Transport Layer Security (TLS) [RFC2818]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Sec…
… be exercised when using it. Use of Transport Layer Security (TLS) with HTTP ([ RFC2818 ] and [ RFC2817 ]) is currently the only end-to-end way to provide such protection. Nottingham Standards Track [Page 17] RFC 5988 Web Linking October 2010 Applications that take advantage of t…
…, it follows the identification procedures defined in Section 3.1 of RFC 2818 [ RFC2818 ]. Those procedures assume the client is dereferencing a URI. For purposes of usage with this specification, the client treats the domain name or IP address used in Section 8.1 as the host por…
…grity protection; an HTTP GET request to retrieve the certificate MUST use TLS [RFC2818, RFC5246 ]; the identity of the server MUST be validated, as per Section 6 of RFC 6125 [ RFC6125 ]. Use of this member is OPTIONAL. While there is no requirement that optional JWK members prov…
…d be exercised when using it. Use of Transport Layer Security (TLS) with HTTP ([RFC2818] and [RFC2817]) is currently the only end-to-end way to provide such protection. Nottingham Standards Track [Page 17] RFC 5988 Web Linking October 2010 Applications that take advantage of type…
…itted over a secure channel (typically HTTP over Transport Layer Security (TLS) RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…itted over a secure channel (typically HTTP over Transport Layer Security (TLS) RFC2818 ]). Although seemingly useful for protecting cookies from active network attackers, the Secure attribute protects only the cookie's confidentiality. An active network attacker can overwrite Se…
…mission of passwords, it SHOULD NOT be used (without enhancements such as HTTPS RFC2818 ]) to protect sensitive or valuable information. A common use of Basic authentication is for identification purposes -- requiring the user to provide a user-id and password as a means of ident…