{"draft":"draft-hallambaker-tlsfeature-10","doc_id":"RFC7633","title":"X.509v3 Transport Layer Security (TLS) Feature Extension","authors":["P. Hallam-Baker"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IETF - NON WORKING GROUP","abstract":"The purpose of the TLS feature extension is to prevent downgrade\r\nattacks that are not otherwise prevented by the TLS protocol.  In\r\nparticular, the TLS feature extension may be used to mandate support\r\nfor revocation checking features in the TLS protocol such as Online\r\nCertificate Status Protocol (OCSP) stapling.  Informing clients that\r\nan OCSP status response will always be stapled permits an immediate\r\nfailure in the case that the response is not stapled.  This in turn\r\nprevents a denial-of-service attack that might otherwise be possible.","pub_date":"October 2015","keywords":["PKIX","Transport Layer Security","Cryptography Certificate"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7633","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7633"}