You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/04/24 14:14:16 UTC

svn commit: r1589688 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml

Author: trawick
Date: Thu Apr 24 12:14:16 2014
New Revision: 1589688

URL: http://svn.apache.org/r1589688
Log:
minor improvements

Modified:
    httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml

Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml?rev=1589688&r1=1589687&r2=1589688&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml Thu Apr 24 12:14:16 2014
@@ -38,7 +38,23 @@ open source project.  The goal of Certif
 use of server certificates which are trusted by browsers but were mistakenly
 or maliciously issued.  More information about Certificate Transparency is
 available at <a href="http://www.certificate-transparency.org/">
-http://www.certificate-transparency.org/</a>.</p>
+http://www.certificate-transparency.org/</a>.  Key terminology used in
+this documentation:</p>
+
+<dl>
+  <dt>Certificate log</dt>
+  <dd>A certificate log, referred to simply as <q>log</q> in this documentation,
+  is a network service to which server certificates have been submitted.  A
+  user agent can confirm that the certificate of a server which it accesses
+  has been submitted to a log which it trusts, and that the log itself has
+  not been tampered with.</dd>
+
+  <dt>Signed Certificate Timestamp (SCT)</dt>
+  <dd>This is an acknowledgement from a log that it has accepted a valid
+  certificate.  It is signed with the log's public key.  One or more SCTs
+  is passed to clients during the handshake, either in the ServerHello
+  (TLS extension), certificate extension, or in a stapled OCSP response.</dd>
+</dl>
 
 <p>This implementation for Apache httpd provides these features for TLS
 servers and proxies:</p>
@@ -190,7 +206,7 @@ testing.</p>
 
   <p>Generally, only a small subset of this information is configured for a
   particular log.  Refer to the documentation for the <directive 
-  module="mod_ssl_ct">CTStaticLogConfig</directive> and the 
+  module="mod_ssl_ct">CTStaticLogConfig</directive> directive and the 
   <program>ctlogconfig</program> command for more specific information.</p>
 
 </section>