| rfc9399v5.txt | rfc9399.txt | |||
|---|---|---|---|---|
| skipping to change at line 970 ¶ | skipping to change at line 970 ¶ | |||
| signature of the certificate. Some image types, such as SVG, allow | signature of the certificate. Some image types, such as SVG, allow | |||
| part of the image to be collected from an external source by | part of the image to be collected from an external source by | |||
| incorporating a reference to an external file that contains the | incorporating a reference to an external file that contains the | |||
| image. If this feature were used within a logotype image, the hash | image. If this feature were used within a logotype image, the hash | |||
| of the image would only cover the URI reference to the external image | of the image would only cover the URI reference to the external image | |||
| file but not the referenced image data. Clients SHOULD verify that | file but not the referenced image data. Clients SHOULD verify that | |||
| SVG images meet all requirements listed in Section 7 and reject | SVG images meet all requirements listed in Section 7 and reject | |||
| images that contain references to external data. | images that contain references to external data. | |||
| CAs issuing certificates with embedded logotype images should be | CAs issuing certificates with embedded logotype images should be | |||
| cautious when accepting graphics from the certificate requestor for | cautious when accepting graphics from the certificate requester for | |||
| inclusion in the certificate if the hash algorithm used to sign the | inclusion in the certificate if the hash algorithm used to sign the | |||
| certificate is vulnerable to collision attacks, as described in | certificate is vulnerable to collision attacks, as described in | |||
| [RFC6151]. In such a case, the accepted image may contain data that | [RFC6151]. In such a case, the accepted image may contain data that | |||
| could help an attacker to obtain colliding certificates with | could help an attacker to obtain colliding certificates with | |||
| identical certificate signatures. | identical certificate signatures. | |||
| Certification paths may also impose name constraints that are | Certification paths may also impose name constraints that are | |||
| systematically checked during certification path processing, which, | systematically checked during certification path processing, which, | |||
| in theory, may be circumvented by logotypes. | in theory, may be circumvented by logotypes. | |||
| skipping to change at line 2088 ¶ | skipping to change at line 2088 ¶ | |||
| instead of the now obsolete RFC 2396. | instead of the now obsolete RFC 2396. | |||
| * Update the reference for the application/pdf media type to be RFC | * Update the reference for the application/pdf media type to be RFC | |||
| 8118 instead of the now obsolete RFC 3778. | 8118 instead of the now obsolete RFC 3778. | |||
| * No longer require support for the FTP scheme (ftp://...) URI. | * No longer require support for the FTP scheme (ftp://...) URI. | |||
| * Require support for the HTTP scheme (http://...) URI and the HTTPS | * Require support for the HTTP scheme (http://...) URI and the HTTPS | |||
| scheme (https://...) URI. | scheme (https://...) URI. | |||
| * Provide syntax of the "data" URI scheme using modern ABNF. | ||||
| * Require support for the compressed SVG image format with the | * Require support for the compressed SVG image format with the | |||
| image/svg+xml+gzip media type. | image/svg+xml+gzip media type. | |||
| * Media types MUST follow the ABNF [RFC5234] that is provided in | * Media types MUST follow the ABNF [RFC5234] that is provided in | |||
| Section 8.3.1 of [RFC9110]. This change resolves Errata ID 2679. | Section 8.3.1 of [RFC9110]. This change resolves Errata ID 2679. | |||
| * Remove the requirement that the LogotypeData file name have a file | * Remove the requirement that the LogotypeData file name have a file | |||
| extension of ".LTD". This change resolves Errata ID 2325. | extension of ".LTD". This change resolves Errata ID 2325. | |||
| * Encourage, instead of requiring, each logotype to be represented | * Encourage, instead of requiring, each logotype to be represented | |||
| End of changes. 2 change blocks. | ||||
| 1 lines changed or deleted | 3 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||