…Ls in a CRL Distribution Point [RFC5280] but also specify a URL for their OCSP [RFC6960] server in Authority Information Access [RFC5280]. Given that client-cached CRLs are frequently out of date, clients would benefit from using OCSP to access up-to-date status information about…

rfc6960 This is a purely informative rendering of an RFC that includes verified errata. This rendering may not be used as a reference. The following 'Verified' errata have been incorporated in this document: EID 5891 EID 6165 EID 6166 EID 6167 EID 7961 EID 7962 Internet Engineeri…

…Y be checked for revocation via the Online Certificate Status Protocol (OCSP) [ RFC6960 ], certificate revocation lists (CRLs), or some other mechanism. Policies fetched via HTTPS are only valid if the HTTP response code is 200 (OK). HTTP 3xx redirects MUST NOT be followed, and H…

…LS Recommendations May 2015 o The On-Line Certification Status Protocol (OCSP) [RFC6960] presents both scaling and privacy issues. In addition, clients typically "soft-fail", meaning that they do not abort the TLS connection if the OCSP server does not respond. (However, this mig…

…y, a deadlock can occur. The use of Online Certificate Status Protocol (OCSP) [ RFC6960 ] servers or Authority Information Access (AIA) for Certificate Revocation List (CRL) fetching (see Section 4.2.2.1 of [RFC5280] ) are examples of how this deadlock can happen. To mitigate the…

…tus of the public key certificate of the DNS server. OCSP stapling, unlike OCSP RFC6960 ], does not suffer from scale and privacy issues. DNS clients keeping track of servers known to support DTLS enables clients to detect downgrade attacks. To interfere with DNS over DTLS, an on…

…ated certificates, stapled Online Certificate Status Protocol (OCSP) responses [RFC6960], or whatever else would be required to keep the web server functional and its credentials up to date. In this way, it would be nearly as easy to deploy with a CA-issued certificate as with a …

…application/oblivious-dns-message RFC9230 ocsp-request application/ocsp-request RFC6960 ocsp-response application/ocsp-response RFC6960 octet-stream application/octet-stream RFC2045 ][ RFC2046 ODA application/ODA RFC1494 odm+xml application/odm+xml CDISC ][ Sam_Hume ODX applicati…

…application/oblivious-dns-message RFC9230 ocsp-request application/ocsp-request RFC6960 ocsp-response application/ocsp-response RFC6960 octet-stream application/octet-stream RFC2045 ][ RFC2046 ODA application/ODA RFC1494 odm+xml application/odm+xml CDISC ][ Sam_Hume ODX applicati…

…ted certificates, stapled Online Certificate Status Protocol (OCSP) responses [ RFC6960 ], or whatever else would be required to keep the web server functional and its credentials up to date. In this way, it would be nearly as easy to deploy with a CA-issued certificate as with a…

…application/oblivious-dns-message RFC9230 ocsp-request application/ocsp-request RFC6960 ocsp-response application/ocsp-response RFC6960 octet-stream application/octet-stream RFC2045 ][ RFC2046 ODA application/ODA RFC1494 odm+xml application/odm+xml CDISC ][ Sam_Hume ODX applicati…

…application/oblivious-dns-message RFC9230 ocsp-request application/ocsp-request RFC6960 ocsp-response application/ocsp-response RFC6960 octet-stream application/octet-stream RFC2045 ][ RFC2046 ODA application/ODA RFC1494 odm+xml application/odm+xml CDISC ][ Sam_Hume ODX applicati…

…application/oblivious-dns-message RFC9230 ocsp-request application/ocsp-request RFC6960 ocsp-response application/ocsp-response RFC6960 octet-stream application/octet-stream RFC2045 ][ RFC2046 ODA application/ODA RFC1494 odm+xml application/odm+xml CDISC ][ Sam_Hume ODX applicati…

…application/oblivious-dns-message RFC9230 ocsp-request application/ocsp-request RFC6960 ocsp-response application/ocsp-response RFC6960 octet-stream application/octet-stream RFC2045 ][ RFC2046 ODA application/ODA RFC1494 odm+xml application/odm+xml CDISC ][ Sam_Hume ODX applicati…

…tatus structure as defined in [ RFC6066 ], which is interpreted as defined in [ RFC6960 ]. Note: The status_request_v2 extension [ RFC6961 ] is deprecated. TLS 1.3 servers MUST NOT act upon its presence or information in it when processing ClientHello messages; in particular, the…