UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7633

X.509v3 Transport Layer Security (TLS) Feature Extension

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 October 2015
Status: active
Page Count: 11
scope:

The purpose of the TLS feature extension is to prevent downgrade attacks that are not otherwise prevented by the TLS protocol. In particular, the TLS feature extension may be used to mandate support for revocation checking features in the TLS protocol such as Online Certificate Status Protocol (OCSP) stapling. Informing clients that an OCSP status response will always be stapled permits an immediate failure in the case that the response is not stapled. This in turn prevents a denial-of-service attack that might otherwise be possible.

Document History

IETF RFC 7633
October 1, 2015
X.509v3 Transport Layer Security (TLS) Feature Extension
The purpose of the TLS feature extension is to prevent downgrade attacks that are not otherwise prevented by the TLS protocol. In particular, the TLS feature extension may be used to mandate support...

References

This document references:
IETF RFC 2986 - PKCS #10: Certification Request Syntax Specification Version 1.7
Published by IETF on November 1, 2000
A description is not available for this item.
This document references:
IETF RFC 6844 - DNS Certification Authority Authorization (CAA) Resource Record
Published by IETF on January 1, 2013
The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that...
This document references:
IETF RFC 6961 - The Transport Layer Security (TLS) Multiple Certificate Status Request Extension
Published by IETF on June 1, 2013
This document defines the Transport Layer Security (TLS) Certificate Status Version 2 Extension to allow clients to specify and support several certificate status methods. (The use of the Certificate...
This document is referenced by:
EUROCAE ED 262 - TECHNICAL STANDARD OF AVIATION PROFILES FOR INTERNET PROTOCOL SUITE
Published by EUROCAE on September 1, 2019
PURPOSE AND SCOPE INTRODUCTION This document contains the technical Profiles of the Internet Engineering Task Force (IETF) Request for Comments (RFC) series of documents addressing relevant...
This document is referenced by:
RTCA DO-379 - Internet Protocol Suite Profiles
Published by RTCA on September 16, 2019
PURPOSE AND SCOPE Introduction This document contains the technical Profiles of the Internet Engineering Task Force (IETF) Request for Comments (RFC) series of documents addressing relevant...
This document is referenced by:
TS 133 310 - Universal Mobile Telecommunications System (UMTS); LTE; 5G; Network Domain Security (NDS); Authentication Framework (AF)
Published by ETSI on April 1, 2022
The scope of this Technical Specification is limited to authentication of network elements, which are using NDS/IP or TLS, and to Certificate Enrolment for Base Stations as described in the present...
View Less
View All
Advertisement