Skip to content

Commit

Permalink
fixes incorrect deletions
Browse files Browse the repository at this point in the history
  • Loading branch information
@seanturner
seanturner committed Oct 18, 2023
1 parent 6d09cc3 commit ea6cf04
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions draft-ietf-tls-rfc8446bis.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2064,7 +2064,7 @@ Legacy algorithms:

The signatures on certificates that are self-signed or certificates that are
trust anchors are not validated, since they begin a certification path (see
{{}}, Section 3.2). A certificate that begins a certification
{{RFC5280}}, Section 3.2). A certificate that begins a certification
path MAY use a signature algorithm that is not advertised as being supported
in the "signature_algorithms" and "signature_algorithms_cert" extensions.

Expand Down Expand Up @@ -2143,7 +2143,7 @@ extension, if provided by the server, MUST only be sent in the CertificateReques

filters:

: A list of certificate extension OIDs {{}} with their allowed value(s) and
: A list of certificate extension OIDs {{RFC5280}} with their allowed value(s) and
represented in DER-encoded {{X690}} format. Some certificate extension OIDs
allow multiple values (e.g., Extended Key Usage). If the server has included
a non-empty filters list, the client certificate included in
Expand All @@ -2165,7 +2165,7 @@ on their PKI libraries to perform certificate selection using certificate
extension OIDs.

This document defines matching rules for two standard certificate extensions
defined in {{}}:
defined in {{RFC5280}}:

- The Key Usage extension in a certificate matches the request when all key
usage bits asserted in the request are also asserted in the Key Usage
Expand Down Expand Up @@ -3093,7 +3093,7 @@ CertificateEntry.

The following rules apply to the certificates sent by the server:

- The certificate type MUST be X.509v3 {{}}, unless explicitly negotiated
- The certificate type MUST be X.509v3 {{RFC5280}}, unless explicitly negotiated
otherwise (e.g., {{RFC7250}}).

- The end-entity certificate MUST allow the key to be used for signing with
Expand Down Expand Up @@ -3134,7 +3134,7 @@ above-mentioned criteria (in addition to other criteria, such as transport-layer

The following rules apply to certificates sent by the client:

- The certificate type MUST be X.509v3 {{}}, unless explicitly negotiated
- The certificate type MUST be X.509v3 {{RFC5280}}, unless explicitly negotiated
otherwise (e.g., {{RFC7250}}).

- If the "certificate_authorities" extension in the CertificateRequest
Expand All @@ -3153,7 +3153,7 @@ The following rules apply to certificates sent by the client:
#### Receiving a Certificate Message

In general, detailed certificate validation procedures are out of scope for
TLS (see {{}}). This section provides TLS-specific requirements.
TLS (see {{RFC5280}}). This section provides TLS-specific requirements.

If the server supplies an empty Certificate message, the client MUST abort
the handshake with a "decode_error" alert.
Expand Down

0 comments on commit ea6cf04

Please sign in to comment.