You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/04/24 14:14:16 UTC
svn commit: r1589688 - /httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml
Author: trawick
Date: Thu Apr 24 12:14:16 2014
New Revision: 1589688
URL: http://svn.apache.org/r1589688
Log:
minor improvements
Modified:
httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml
Modified: httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml?rev=1589688&r1=1589687&r2=1589688&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_ssl_ct.xml Thu Apr 24 12:14:16 2014
@@ -38,7 +38,23 @@ open source project. The goal of Certif
use of server certificates which are trusted by browsers but were mistakenly
or maliciously issued. More information about Certificate Transparency is
available at <a href="http://www.certificate-transparency.org/">
-http://www.certificate-transparency.org/</a>.</p>
+http://www.certificate-transparency.org/</a>. Key terminology used in
+this documentation:</p>
+
+<dl>
+ <dt>Certificate log</dt>
+ <dd>A certificate log, referred to simply as <q>log</q> in this documentation,
+ is a network service to which server certificates have been submitted. A
+ user agent can confirm that the certificate of a server which it accesses
+ has been submitted to a log which it trusts, and that the log itself has
+ not been tampered with.</dd>
+
+ <dt>Signed Certificate Timestamp (SCT)</dt>
+ <dd>This is an acknowledgement from a log that it has accepted a valid
+ certificate. It is signed with the log's public key. One or more SCTs
+ is passed to clients during the handshake, either in the ServerHello
+ (TLS extension), certificate extension, or in a stapled OCSP response.</dd>
+</dl>
<p>This implementation for Apache httpd provides these features for TLS
servers and proxies:</p>
@@ -190,7 +206,7 @@ testing.</p>
<p>Generally, only a small subset of this information is configured for a
particular log. Refer to the documentation for the <directive
- module="mod_ssl_ct">CTStaticLogConfig</directive> and the
+ module="mod_ssl_ct">CTStaticLogConfig</directive> directive and the
<program>ctlogconfig</program> command for more specific information.</p>
</section>