rfc7469 — Search

US RFC 9932: Mutually Authenticating TLS in the Context of Federations

https://www.rfc-editor.org/rfc/rfc9932.html

…aintaining and securing the federation metadata, which includes public key pins RFC7469 , issuer certificates, and other essential information. Additionally, the federation operator SHOULD develop their own threat models to proactively identify potential risks and threats. This p…

2026-04-24 11:20 View archive →

US RFC 9932 - Mutually Authenticating TLS in the Context of Federations

https://datatracker.ietf.org/doc/rfc9932

…intaining and securing the federation metadata, which includes public key pins [RFC7469], issuer certificates, and other essential information. Additionally, the federation operator SHOULD develop their own threat models to proactively identify potential risks and threats. This p…

2026-04-24 09:38 View archive →

US RFC 7858: Specification for DNS over Transport Layer Security (TLS)

https://www.rfc-editor.org/rfc/rfc7858

…matching a set of SPKI Fingerprints in an analogous manner to that described in RFC7469 ]. With this out-of-band key-pinned privacy profile, client administrators SHOULD deploy a backup pin along with the primary pin, for the reasons explained in [ RFC7469 ]. A backup pin is espe…

2026-04-24 14:02 View archive →

US RFC 9163 - Expect-CT Extension for HTTP

https://datatracker.ietf.org/doc/html/rfc9163

…TTP Strict Transport Security (HSTS) RFC6797 and HTTP Public Key Pinning (HPKP) RFC7469 . HSTS allows websites to declare themselves accessible only via secure connections, and HPKP allows websites to declare their cryptographic identifies. Similarly, Expect-CT allows websites to…

2026-04-24 14:03 View archive →

US RFC 9163: Expect-CT Extension for HTTP

https://www.rfc-editor.org/rfc/rfc9163

…TTP Strict Transport Security (HSTS) RFC6797 and HTTP Public Key Pinning (HPKP) RFC7469 . HSTS allows websites to declare themselves accessible only via secure connections, and HPKP allows websites to declare their cryptographic identifies. Similarly, Expect-CT allows websites to…

2026-04-24 14:02 View archive →

US RFC 8314 - Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

https://datatracker.ietf.org/doc/rfc8314

… means something subtly different than HTTP Public Key Pinning as described in [RFC7469]. The dual use of the same term is confusing, but unfortunately both uses are well established.) Moore & Newman Standards Track [Page 15] RFC 8314 Use of TLS for Email Submission/Access Januar…

2026-04-25 08:47 View archive →

US RFC 8314: Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access

https://www.rfc-editor.org/rfc/rfc8314

…means something subtly different than HTTP Public Key Pinning as described in [ RFC7469 ]. The dual use of the same term is confusing, but unfortunately both uses are well established.) Moore & Newman Standards Track [Page 15] RFC 8314 Use of TLS for Email Submission/Access Janua…

2026-04-25 05:32 View archive →

US RFC 7838: HTTP Alternative Services

https://rfc-editor.org/rfc/rfc7838

…ary. Implementations MUST perform any certificate-pinning validation (such as [ RFC7469 ]) on alternative services just as they would on direct connections to the origin. Implementations might also choose to add other requirements around which certificates are acceptable for alte…

2026-04-24 13:48 View archive →

US OpenConnect VPN client.

https://www.infradead.org/openconnect/manual.html

…ers providing hex encoding of the peer’s public key, while ’pin-sha256:’ is the RFC7469 key PIN, which utilizes base64 encoding. To ease certain testing use-cases, a partial match of the hash will also be accepted, if it is at least 4 characters past the prefix. --useragent=STRIN…

2026-04-24 17:26 View archive →