rfc – Page 3 – WindowsTechs.com

Which RFCs should I read for web pentesting? [on hold]

Posted on June 27, 2019 by Neolex

I’m new in web pentesting and I have read a lot of books.

But I think I should read some RFC to have a better knowledge about web applications.

There is a lot of RFC and I’m a bit lost on which one should I read…

i’m st… Continue reading Which RFCs should I read for web pentesting? [on hold]→

RFC 3281 and RFC 5755 major difference

Posted on June 21, 2019 by Brown

How RFC 5755 is compared to RFC 3281 for attribute certificates?

Continue reading RFC 3281 and RFC 5755 major difference→

What is the message to be prehashed for ed25519ph example from RFC 8032?

Posted on February 8, 2019 by jww

RFC 8032 provides ed25519, ed25519ph and ed25519ctx. ed25519 is Bernstein’s signing using curve25519. ed25519ph and ed25519ctx are IETF additions. I have a working ed25519.

I’m trying to extend things to ed25519ph, which sho… Continue reading What is the message to be prehashed for ed25519ph example from RFC 8032?→

RFC 8446 – RSA Key Exchange removed

Posted on January 2, 2019 by blablatrace

from A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)

RSA encryption was removed from TLS 1.3, leaving ephemeral Diffie-Hellman as the only key exchange mechanism.

Which sentence in RFC8446 does say this ?

TLS support… Continue reading RFC 8446 – RSA Key Exchange removed→

OAuth2 for mobile apps with confidential backend client (Is PKCE required?)

Posted on May 30, 2018 by catanman

I’m wondering why neither rfc6749 nor rfc8252 seem to consider the case where the mobile app does not make protected resource requests (and is therefore not a client) but instead relies on a backend server (confidential client) that does. … Continue reading OAuth2 for mobile apps with confidential backend client (Is PKCE required?)→

Use of ESSCertIDv2 in a RFC 3161 Timestamp

Posted on April 20, 2018 by Victor

A qualified trust service provider under eIDAS uses ESSCertIDv2 for their time stamp tokens, but ESSCertIDv2 was not present in the RFC 3161 specification, it was added later in RFC 5816.
RFC 3161 in 2.4.2 requires ESSCertID:

The certific… Continue reading Use of ESSCertIDv2 in a RFC 3161 Timestamp→

Why does curl/NSS encryption library not allow a CA with the extended key usage by SEC_ERROR_INADEQUATE_CERT_TYPE?

Posted on December 27, 2017 by mon

Problem

curl rejects the CA certificate below with 60) Certificate type not approved for application for SEC_ERROR_INADEQUATE_CERT_TYPE. I would like to understand the reason.

SEC_ERROR_INADEQUATE_CERT_TYPE

A certificat… Continue reading Why does curl/NSS encryption library not allow a CA with the extended key usage by SEC_ERROR_INADEQUATE_CERT_TYPE?→