…refers to a resource for the X.509 public key certificate or certificate chain [RFC5280] corresponding to the key used to digitally sign the JWS. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 [RFC5280] in P…

…t refers to a resource for an X.509 public key certificate or certificate chain RFC5280 ]. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 ] in PEM-encoded form, with each certificate delimited as spe…

…efers to a resource for the X.509 public key certificate or certificate chain [ RFC5280 ] corresponding to the key used to digitally sign the JWS. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 in PE…

…efers to a resource for the X.509 public key certificate or certificate chain [ RFC5280 ] corresponding to the key used to digitally sign the JWS. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 in PE…

…t refers to a resource for an X.509 public key certificate or certificate chain RFC5280 ]. The identified resource MUST provide a representation of the certificate or certificate chain that conforms to RFC 5280 RFC5280 ] in PEM-encoded form, with each certificate delimited as spe…

…d BSD License. Table of Contents 1. Introduction This specification supplements RFC5280 , which profiles public key certificates and certificate revocation lists (CRLs) for use in the Internet, and it supplements RFC5755 , which profiles attribute certificates for use in the Inte…

…nowledgments Authors' Addresses 1. Introduction This specification supplements [RFC5280], which profiles public key certificates and certificate revocation lists (CRLs) for use in the Internet, and it supplements [RFC5755], which profiles attribute certificates for use in the Int…

…ly reissue TA certificates to update the validity period ( Section 4.1.2.5 of [ RFC5280 ), the Subject Information Access (SIA) extension ( Section 4.2.2.2 of [ RFC5280 , Certificate Policies extension ( Section 4.2.1.4 of [ RFC5280 ), and the Internet Number Resources (INR) ( RF…

…-encoded ASN.1 types as defined in [ RFC2560 ]. "Extensions" is imported from [ RFC5280 ]. A zero-length "request_extensions" value means that there are no extensions (as opposed to a zero-length ASN.1 SEQUENCE, which is not valid for the "Extensions" type). In the case of the "i…

… only specify the publication point for their CRLs in a CRL Distribution Point [RFC5280] but also specify a URL for their OCSP [RFC6960] server in Authority Information Access [RFC5280]. Given that client-cached CRLs are frequently out of date, clients would benefit from using OC…

… without warranty as described in the Revised BSD License. ¶ Section 5.2.3 of [ RFC5280 ] describes the value of the Certificate Revocation List (CRL) Number extension as a monotonically increasing sequence number, which "allows users to easily determine when a particular CRL sup…

…ertificate profile defined by the Public Key Infrastructure using X.509 (PKIX) [RFC5280] working group and the extensions for IP addresses and AS numbers representation defined in RFC 3779 [RFC3779]. Also, Cryptographic Message Syntax (CMS) [RFC5652] is used as the syntax Lepinsk…

…escribed in more detail in Appendix A.4 ). This document only applies to PKIX [ RFC5280 ] certificates, not certificates of other formats. Hoffman & Schlyter Standards Track [Page 5] RFC 6698 DNS-Based Authentication for TLS August 2012 This document defines a secure method to as…

…lic key is carried in an X.509 certificate, it MUST use the rsaEncryption OID [ RFC5280 ]. EdDSA algorithms: Indicates a signature algorithm using EdDSA as defined in [ RFC8032 ] or its successors. Note that these correspond to the "PureEdDSA" algorithms and not the "prehash" var…

…ed, structure as the ASN.1 structure of subjectPublicKeyInfo, as specified in [ RFC5280 ], and exactData set to true . When this specification says to parse a PrivateKeyInfo , the user agent must parse an ASN.1 structure with data set to the sequence of bytes to be parsed, struct…