Certificate Transparency is defined in RFC 6962, not RFC 9162

[AGWA]

MDN URL

https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency

What specific section or headline is this issue about?

No response

What information was incorrect, unhelpful, or incomplete?

The first paragraph states that Certificate Transparency (CT) is defined in RFC 9162. That RFC defines a version of CT that is incompatible with the version of CT that is actually deployed on the Web today. All CT logs and consumers implement a version of CT that is defined in RFC 6962. There are no plans to adopt RFC 9162.

What did you expect to see?

I expected it to reference RFC 6962, since that is the version deployed today.

Do you have any supporting links, references, or citations?

https://www.rfc-editor.org/rfc/rfc6962

Apple and Chrome CT policies both reference RFC 6962:

https://support.apple.com/en-us/103703

https://googlechrome.github.io/CertificateTransparency/log_policy.html

Do you have anything more you want to share?

No response

MDN metadata

Page report details

• Folder: en-us/web/security/certificate_transparency
• MDN URL: https://developer.mozilla.org/en-US/docs/Web/Security/Certificate_Transparency
• GitHub URL: https://github.com/mdn/content/blob/main/files/en-us/web/security/certificate_transparency/index.md
• Last commit: e03b13c
• Document last modified: 2024-07-30T04:48:57.000Z

[Josh-Cena]

Welcoming a PR to add a link to RFC 6962 and saying it's what browsers currently implement, but we should keep mentioning that RFC 9162 is the up-to-date normative document and 6962 is in fact obsoleted.