target = "https://tools.ietf.org/rfc/rfc8446#4.4.2.1"

# 4.4.2.1.  OCSP Status and SCT Extensions
#
# [RFC6066] and [RFC6961] provide extensions to negotiate the server
# sending OCSP responses to the client.  In TLS 1.2 and below, the
# server replies with an empty extension to indicate negotiation of
# this extension and the OCSP information is carried in a
# CertificateStatus message.  In TLS 1.3, the server's OCSP information
# is carried in an extension in the CertificateEntry containing the
# associated certificate.  Specifically, the body of the
# "status_request" extension from the server MUST be a
# CertificateStatus structure as defined in [RFC6066], which is
# interpreted as defined in [RFC6960].
# 
# Note: The status_request_v2 extension [RFC6961] is deprecated.
# TLS 1.3 servers MUST NOT act upon its presence or information in it
# when processing ClientHello messages; in particular, they MUST NOT
# send the status_request_v2 extension in the EncryptedExtensions,
# CertificateRequest, or Certificate messages.  TLS 1.3 servers MUST be
# able to process ClientHello messages that include it, as it MAY be
# sent by clients that wish to use it in earlier protocol versions.
# 
# A server MAY request that a client present an OCSP response with its
# certificate by sending an empty "status_request" extension in its
# CertificateRequest message.  If the client opts to send an OCSP
# response, the body of its "status_request" extension MUST be a
# CertificateStatus structure as defined in [RFC6066].
# 
# Similarly, [RFC6962] provides a mechanism for a server to send a
# Signed Certificate Timestamp (SCT) as an extension in the ServerHello
# in TLS 1.2 and below.  In TLS 1.3, the server's SCT information is
# carried in an extension in the CertificateEntry.

[[spec]]
level = "MUST"
quote = '''
Specifically, the body of the
"status_request" extension from the server MUST be a
CertificateStatus structure as defined in [RFC6066], which is
interpreted as defined in [RFC6960].
'''

[[spec]]
level = "MUST"
quote = '''
TLS 1.3 servers MUST NOT act upon its presence or information in it
when processing ClientHello messages; in particular, they MUST NOT
send the status_request_v2 extension in the EncryptedExtensions,
CertificateRequest, or Certificate messages.
'''

[[spec]]
level = "MUST"
quote = '''
TLS 1.3 servers MUST NOT act upon its presence or information in it
when processing ClientHello messages; in particular, they MUST NOT
send the status_request_v2 extension in the EncryptedExtensions,
CertificateRequest, or Certificate messages.
'''

[[spec]]
level = "MUST"
quote = '''
TLS 1.3 servers MUST be
able to process ClientHello messages that include it, as it MAY be
sent by clients that wish to use it in earlier protocol versions.
'''

[[spec]]
level = "MAY"
quote = '''
A server MAY request that a client present an OCSP response with its
certificate by sending an empty "status_request" extension in its
CertificateRequest message.
'''

[[spec]]
level = "MUST"
quote = '''
If the client opts to send an OCSP
response, the body of its "status_request" extension MUST be a
CertificateStatus structure as defined in [RFC6066].
'''