draft-ietf-tls-rfc4366-bis-11.txt   draft-ietf-tls-rfc4366-bis-12.txt 
TLS Working Group Donald Eastlake 3rd TLS Working Group Donald Eastlake 3rd
INTERNET-DRAFT Stellar Switches INTERNET-DRAFT Stellar Switches
Obsoletes: 4366 Obsoletes: 4366
Intended status: Proposed Standard Intended status: Proposed Standard
Expires: March 18, 2011 September 19, 2010 Expires: March 19, 2011 September 20, 2010
Transport Layer Security (TLS) Extensions: Extension Definitions Transport Layer Security (TLS) Extensions: Extension Definitions
<draft-ietf-tls-rfc4366-bis-11.txt> <draft-ietf-tls-rfc4366-bis-12.txt>
Abstract Abstract
This document provides specifications for existing TLS extensions. It This document provides specifications for existing TLS extensions. It
is a companion document for RFC 5246, "The Transport Layer Security is a companion document for RFC 5246, "The Transport Layer Security
(TLS) Protocol Version 1.2". The extensions specified are (TLS) Protocol Version 1.2". The extensions specified are
server_name, max_fragment_length, client_certificate_url, server_name, max_fragment_length, client_certificate_url,
trusted_ca_keys, truncated_hmac, and status_request. trusted_ca_keys, truncated_hmac, and status_request.
Status of This Memo Status of This Memo
skipping to change at page 8, line 16 skipping to change at page 8, line 16
necessarily find out which name the server selected. Multiple necessarily find out which name the server selected. Multiple
names of the same name_type are therefore now prohibited. names of the same name_type are therefore now prohibited.
Currently, the only server names supported are DNS hostnames; Currently, the only server names supported are DNS hostnames;
however, this does not imply any dependency of TLS on DNS, and other however, this does not imply any dependency of TLS on DNS, and other
name types may be added in the future (by an RFC that updates this name types may be added in the future (by an RFC that updates this
document). The data structure associated with the host_name NameType document). The data structure associated with the host_name NameType
is a variable-length vector that begins with a 16-bit length. For is a variable-length vector that begins with a 16-bit length. For
backward compatibility, all future data structures associated with backward compatibility, all future data structures associated with
new NameTypes MUST begin with a 16-bit length field TLS MAY treat new NameTypes MUST begin with a 16-bit length field. TLS MAY treat
provided server names as opaque data and pass the names and types to provided server names as opaque data and pass the names and types to
the application. the application.
"HostName" contains the fully qualified DNS hostname of the server, "HostName" contains the fully qualified DNS hostname of the server,
as understood by the client. The hostname is represented as a byte as understood by the client. The hostname is represented as a byte
string using ASCII encoding without a trailing dot. This allows the string using ASCII encoding without a trailing dot. This allows the
support of internationalized domain names through the use of A-labels support of internationalized domain names through the use of A-labels
defined in [RFC5890]. defined in [RFC5890].
Literal IPv4 and IPv6 addresses are not permitted in "HostName". Literal IPv4 and IPv6 addresses are not permitted in "HostName".
skipping to change at page 20, line 27 skipping to change at page 20, line 27
10.1 pkipath MIME Type Registration 10.1 pkipath MIME Type Registration
MIME media type name: application MIME media type name: application
MIME subtype name: pkix-pkipath MIME subtype name: pkix-pkipath
Required parameters: none Required parameters: none
Optional parameters: version (default value is "1") Optional parameters: version (default value is "1")
Encoding considerations: Encoding considerations:
This MIME type is a DER encoding of the ASN.1 type PkiPath, Binary; this MIME type is a DER encoding of the ASN.1 type
defined as follows: PkiPath, defined as follows:
PkiPath ::= SEQUENCE OF Certificate PkiPath ::= SEQUENCE OF Certificate
PkiPath is used to represent a certification path. Within the PkiPath is used to represent a certification path. Within the
sequence, the order of certificates is such that the subject of sequence, the order of certificates is such that the subject of
the first certificate is the issuer of the second certificate, the first certificate is the issuer of the second certificate,
etc. etc.
This is identical to the definition published in [X509-4th-TC1]; This is identical to the definition published in [X509-4th-TC1];
note that it is different from that in [X509-4th]. note that it is different from that in [X509-4th].
All Certificates MUST conform to [RFC5280]. (This should be All Certificates MUST conform to [RFC5280]. (This should be
interpreted as a requirement to encode only PKIX-conformant interpreted as a requirement to encode only PKIX-conformant
 End of changes. 4 change blocks. 
5 lines changed or deleted 5 lines changed or added

This html diff was produced by rfcdiff 1.39. The latest version is available from http://tools.ietf.org/tools/rfcdiff/