From: Jeff Trawick Date: Thu, 24 Apr 2014 12:14:16 +0000 (+0000) Subject: minor improvements X-Git-Tag: 2.5.0-alpha~4261 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0503410df325ebec912397321b4058b7d799ab29;p=apache minor improvements git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1589688 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ssl_ct.xml b/docs/manual/mod/mod_ssl_ct.xml index eb86644b36..d8b76b5904 100644 --- a/docs/manual/mod/mod_ssl_ct.xml +++ b/docs/manual/mod/mod_ssl_ct.xml @@ -38,7 +38,23 @@ open source project. The goal of Certificate Transparency is to expose the use of server certificates which are trusted by browsers but were mistakenly or maliciously issued. More information about Certificate Transparency is available at -http://www.certificate-transparency.org/.

+http://www.certificate-transparency.org/. Key terminology used in +this documentation:

+ +
+
Certificate log
+
A certificate log, referred to simply as log in this documentation, + is a network service to which server certificates have been submitted. A + user agent can confirm that the certificate of a server which it accesses + has been submitted to a log which it trusts, and that the log itself has + not been tampered with.
+ +
Signed Certificate Timestamp (SCT)
+
This is an acknowledgement from a log that it has accepted a valid + certificate. It is signed with the log's public key. One or more SCTs + is passed to clients during the handshake, either in the ServerHello + (TLS extension), certificate extension, or in a stapled OCSP response.
+

This implementation for Apache httpd provides these features for TLS servers and proxies:

@@ -190,7 +206,7 @@ testing.

Generally, only a small subset of this information is configured for a particular log. Refer to the documentation for the CTStaticLogConfig and the + module="mod_ssl_ct">CTStaticLogConfig directive and the ctlogconfig command for more specific information.