5.1.5.3 Security Consideration Citations

Implementers of this protocol are advised to consider the following security precautions:

  • A client or server has to follow generally accepted principles of secure key management. For more information, see section 9 of [RFC3280]. For an introduction to these generally accepted principles, see [CRYPTO] and [HOWARD].

  • Clients and servers should validate cryptographic parameters prior to issuing or accepting certificates. For more information, see section 9 of [RFC2797].

  • Clients and servers should validate and verify certificate path information identified in section 6 of [RFC3280]. See section 9 of [RFC3280] for more information on the requirement for certificate path validation.

  • Clients and servers should validate and verify the freshness of revocation information of all digital certificates prior to usage, trust, or encryption as identified in section 6.3 of [RFC3280]. See section 9 of [RFC3280] for more information on the requirement for revocation freshness.

  • A client or server should follow all security considerations in section 5 of [RFC2560].

  • A client or server should follow all security considerations discussed throughout [RFC2315] and [RFC2986], because neither normative reference has a specific security section.

  • Clients and servers should use an authenticated HTTP session between client and server to mitigate denial of service attacks. For more information on generic denial-of-service (DoS) mitigation techniques, see [HOWARD].