Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)

Abstract: Many application technologies enable secure communication between two entities by means of Internet

“…This reversal is incongruous with [RFC4253], which says "the client initiates the connection" and also [RFC6125], which says "the client MUST construct a list of acceptable reference identifiers, and MUST do so independently of the identifiers presented by the service. "…”

NETCONF Call Home and RESTCONF Call Home

“…This reversal is incongruous with [RFC4253], which says "the client initiates the connection" and also [RFC6125], which says "the client MUST construct a list of acceptable reference identifiers, and MUST do so independently of the identifiers presented by the service. "…”

NETCONF Call Home and RESTCONF Call Home

“…Reference identifiers are used for performing name checks on server certificates. (This term is formally defined in [RFC6125]. )…”

“…CN-ID, DNS-ID, SRV-ID, and URI-ID are identifier types (see [RFC6125] for details). For convenience, their short definitions from [RFC6125] are listed below:…”

“…This check is only performed after the server certificate passes certification path validation as described in Section 6 of [RFC5280]. Matching is performed according to the rules specified in Section 6 of [RFC6125], including the relative order of matching of different identifier types, "certificate pinning", and the procedure on failure to match. The 2.…”

“…The rules and guidelines defined in [RFC6125] apply to an email server certificate with the following supplemental rules:…”

Updated Transport Layer Security (TLS) Server Identity Check Procedure for Email-Related Protocols

Diameter Security