5.1 Security Considerations for Implementers

There are no special security considerations specific to this specification. It is recommended that communication between the client and server occur across an HTTP connection secured by the Secure Sockets Layer (SSL) protocol.

When connecting to a server using SSL, clients are required to support server certificates that use the Subject Alternative Name for domain names, as specified in [RFC4985], as well as wildcard certificate names, as specified in [RFC2818] and [RFC3280].