[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: HTTPS implementation language
DRAFT 2. HTTPS Requirements The TAXII Protocol defined in this specification requires HTTPS as the transport for all communications. · TAXII Servers and Clients MUST implement HTTPS [RFC7230]. · TAXII Servers and Clients MUST implement TLS version 1.2 [RFC5246]. o TAXII Servers and Clients SHOULD implement later versions when available. · TAXII Servers MUST implement PKIX X.509 certificates and certificate revocation lists [RFC5280 and RFC6818]. · TAXII Servers MUST support authenticating certificates using PKIX [RFC6125]. o TAXII guarantees TAXII Clients can use at least PKIX (see above). · TAXII Servers and Clients MAY support other certification verification policies such as: o Certificate Pinning: A single or limited set of either hard-coded or physically distributed pinned certificate authorities or end-entity certificates. o DANE: DNS-based Authentication of Named Entities [RFC7671] o Note that Self-Signed Certificates (like other certificates which cannot be verified by PKIX) MAY be supported via Certificate Pinning and/or DANE as noted above for limited, closed user group applications.
Description: Message signed with OpenPGP using GPGMail