8037550: Update RFC references in javadoc to RFC 5280

Reviewed-by: mullan
2014-10-07 22:23:19 -07:00 · 2014-10-07 22:23:19 -07:00 · 6ca1b64883
commit 6ca1b64883
parent cc65df9be1
35 changed files with 109 additions and 109 deletions
--- a/jdk/src/java.base/share/classes/java/security/Key.java
+++ b/jdk/src/java.base/share/classes/java/security/Key.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -63,7 +63,7 @@ package java.security;
 * </pre>
 *
 * For more information, see
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280:
 * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>.
 *
 * <LI>A Format
--- a/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/CRLReason.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -27,8 +27,8 @@ package java.security.cert;

 /**
 * The CRLReason enumeration specifies the reason that a certificate
- * is revoked, as defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
- * RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL
+ * is revoked, as defined in <a href="http://tools.ietf.org/html/rfc5280">
+ * RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL
 * Profile</a>.
 *
 * @author Sean Mullan
--- a/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/PKIXReason.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,7 @@ package java.security.cert;
 /**
 * The {@code PKIXReason} enumerates the potential PKIX-specific reasons
 * that an X.509 certification path may be invalid according to the PKIX
- * (RFC 3280) standard. These reasons are in addition to those of the
+ * (RFC 5280) standard. These reasons are in addition to those of the
 * {@code CertPathValidatorException.BasicReason} enumeration.
 *
 * @since 1.7
--- a/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/TrustAnchor.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -78,7 +78,7 @@ public class TrustAnchor {
     * The name constraints are specified as a byte array. This byte array
     * should contain the DER encoded form of the name constraints, as they
     * would appear in the NameConstraints structure defined in
-     * <a href="http://www.ietf.org/rfc/rfc3280">RFC 3280</a>
+     * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>
     * and X.509. The ASN.1 definition of this structure appears below.
     *
     * <pre>{@code
@ -140,7 +140,7 @@ public class TrustAnchor {
     * <p>
     * The name constraints are specified as a byte array. This byte array
     * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
     * and X.509. The ASN.1 notation for this structure is supplied in the
     * documentation for
     * {@link #TrustAnchor(X509Certificate, byte[])
@ -179,7 +179,7 @@ public class TrustAnchor {
     * <p>
     * The name constraints are specified as a byte array. This byte array
     * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
     * and X.509. The ASN.1 notation for this structure is supplied in the
     * documentation for
     * {@link #TrustAnchor(X509Certificate, byte[])
@ -294,7 +294,7 @@ public class TrustAnchor {
     * <p>
     * The name constraints are returned as a byte array. This byte array
     * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
     * and X.509. The ASN.1 notation for this structure is supplied in the
     * documentation for
     * {@link #TrustAnchor(X509Certificate, byte[])
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRL.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -69,7 +69,7 @@ import sun.security.x509.X509CRLImpl;
 * </pre>
 * <p>
 * More information can be found in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
 * Public Key Infrastructure Certificate and CRL Profile</a>.
 * <p>
 * The ASN.1 definition of {@code tbsCertList} is:
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CRLSelector.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -52,7 +52,7 @@ import sun.security.x509.X500Name;
 * {@link CertStore#getCRLs CertStore.getCRLs} or some similar
 * method.
 * <p>
- * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * Please refer to <a href="http://tools.ietf.org/html/rfc5280">RFC 5280:
 * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>
 * for definitions of the X.509 CRL fields and extensions mentioned below.
 * <p>
--- a/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509CertSelector.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -65,7 +65,7 @@ import sun.security.x509.*;
 * number. Other unique combinations include the issuer, subject,
 * subjectKeyIdentifier and/or the subjectPublicKey criteria.
 * <p>
- * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
+ * Please refer to <a href="http://tools.ietf.org/html/rfc5280">RFC 5280:
 * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a> for
 * definitions of the X.509 certificate extensions mentioned below.
 * <p>
@ -728,7 +728,7 @@ public class X509CertSelector implements CertSelector {
     * The name is provided in string format.
     * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
     * names use the well-established string formats for those types (subject to
-     * the restrictions included in RFC 3280). IPv4 address names are
+     * the restrictions included in RFC 5280). IPv4 address names are
     * supplied using dotted quad notation. OID address names are represented
     * as a series of nonnegative integers separated by periods. And
     * directory names (distinguished names) are supplied in RFC 2253 format.
@ -746,7 +746,7 @@ public class X509CertSelector implements CertSelector {
     * String form of some distinguished names.
     *
     * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
     * @param name the name in string form (not {@code null})
     * @throws IOException if a parsing error occurs
     */
@ -770,7 +770,7 @@ public class X509CertSelector implements CertSelector {
     * <p>
     * The name is provided as a byte array. This byte array should contain
     * the DER encoded name, as it would appear in the GeneralName structure
-     * defined in RFC 3280 and X.509. The encoded byte array should only contain
+     * defined in RFC 5280 and X.509. The encoded byte array should only contain
     * the encoded value of the name, and should not include the tag associated
     * with the name in the GeneralName structure. The ASN.1 definition of this
     * structure appears below.
@ -806,7 +806,7 @@ public class X509CertSelector implements CertSelector {
     * must contain the specified subjectAlternativeName.
     *
     * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
     * @param name the name in string or byte array form
     * @throws IOException if a parsing error occurs
     */
@ -995,7 +995,7 @@ public class X509CertSelector implements CertSelector {
     * <p>
     * The name constraints are specified as a byte array. This byte array
     * should contain the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
     * and X.509. The ASN.1 definition of this structure appears below.
     *
     * <pre>{@code
@ -1197,7 +1197,7 @@ public class X509CertSelector implements CertSelector {
     * <p>
     * The name is provided in string format. RFC 822, DNS, and URI names
     * use the well-established string formats for those types (subject to
-     * the restrictions included in RFC 3280). IPv4 address names are
+     * the restrictions included in RFC 5280). IPv4 address names are
     * supplied using dotted quad notation. OID address names are represented
     * as a series of nonnegative integers separated by periods. And
     * directory names (distinguished names) are supplied in RFC 2253 format.
@ -1214,7 +1214,7 @@ public class X509CertSelector implements CertSelector {
     * String form of some distinguished names.
     *
     * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
     * @param name the name in string form
     * @throws IOException if a parsing error occurs
     */
@ -1234,7 +1234,7 @@ public class X509CertSelector implements CertSelector {
     * <p>
     * The name is provided as a byte array. This byte array should contain
     * the DER encoded name, as it would appear in the GeneralName structure
-     * defined in RFC 3280 and X.509. The ASN.1 definition of this structure
+     * defined in RFC 5280 and X.509. The ASN.1 definition of this structure
     * appears in the documentation for
     * {@link #addSubjectAlternativeName(int type, byte [] name)
     * addSubjectAlternativeName(int type, byte [] name)}.
@ -1243,7 +1243,7 @@ public class X509CertSelector implements CertSelector {
     * subsequent modifications.
     *
     * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
     * @param name a byte array containing the name in ASN.1 DER encoded form
     * @throws IOException if a parsing error occurs
     */
@ -1258,7 +1258,7 @@ public class X509CertSelector implements CertSelector {
     * the specified pathToName.
     *
     * @param type the name type (0-8, as specified in
-     *             RFC 3280, section 4.2.1.7)
+     *             RFC 5280, section 4.2.1.6)
     * @param name the name in string or byte array form
     * @throws IOException if an encoding error occurs (incorrect form for DN)
     */
@ -1715,7 +1715,7 @@ public class X509CertSelector implements CertSelector {
     * <p>
     * The name constraints are returned as a byte array. This byte array
     * contains the DER encoded form of the name constraints, as they
-     * would appear in the NameConstraints structure defined in RFC 3280
+     * would appear in the NameConstraints structure defined in RFC 5280
     * and X.509. The ASN.1 notation for this structure is supplied in the
     * documentation for
     * {@link #setNameConstraints(byte [] bytes) setNameConstraints(byte [] bytes)}.
--- a/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java
+++ b/jdk/src/java.base/share/classes/java/security/cert/X509Certificate.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -63,7 +63,7 @@ import sun.security.x509.X509CertImpl;
 * CA such as a "root" CA.
 * <p>
 * More information can be found in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
 * Public Key Infrastructure Certificate and CRL Profile</a>.
 * <p>
 * The ASN.1 definition of {@code tbsCertificate} is:
@ -408,7 +408,7 @@ implements X509Extension {
     * Gets the {@code issuerUniqueID} value from the certificate.
     * The issuer unique identifier is present in the certificate
     * to handle the possibility of reuse of issuer names over time.
-     * RFC 3280 recommends that names not be reused and that
+     * RFC 5280 recommends that names not be reused and that
     * conforming certificates not make use of unique identifiers.
     * Applications conforming to that profile should be capable of
     * parsing unique identifiers and making comparisons.
@ -459,7 +459,7 @@ implements X509Extension {
     *     encipherOnly            (7),
     *     decipherOnly            (8) }
     * </pre>
-     * RFC 3280 recommends that when used, this be marked
+     * RFC 5280 recommends that when used, this be marked
     * as a critical extension.
     *
     * @return the KeyUsage extension of this certificate, represented as
@ -572,7 +572,7 @@ implements X509Extension {
     * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
     * names are returned as {@code String}s,
     * using the well-established string formats for those types (subject to
-     * the restrictions included in RFC 3280). IPv4 address names are
+     * the restrictions included in RFC 5280). IPv4 address names are
     * returned using dotted quad notation. IPv6 address names are returned
     * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
     * representing the eight 16-bit pieces of the address. OID names are
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/X500Principal.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -41,13 +41,13 @@ import sun.security.util.*;
 * of the distinguished name, or by using the ASN.1 DER encoded byte
 * representation of the distinguished name.  The current specification
 * for the string representation of a distinguished name is defined in
- * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253: Lightweight
+ * <a href="http://tools.ietf.org/html/rfc2253">RFC 2253: Lightweight
 * Directory Access Protocol (v3): UTF-8 String Representation of
 * Distinguished Names</a>. This class, however, accepts string formats from
- * both RFC 2253 and <a href="http://www.ietf.org/rfc/rfc1779.txt">RFC 1779:
+ * both RFC 2253 and <a href="http://tools.ietf.org/html/rfc1779">RFC 1779:
 * A String Representation of Distinguished Names</a>, and also recognizes
 * attribute type keywords whose OIDs (Object Identifiers) are defined in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
 * Public Key Infrastructure Certificate and CRL Profile</a>.
 *
 * <p> The string representation for this {@code X500Principal}
@ -108,7 +108,7 @@ public final class X500Principal implements Principal, java.io.Serializable {
     * (and listed in {@link #getName(String format) getName(String format)}),
     * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS,
     * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object
-     * Identifiers (OIDs) are defined in RFC 3280 and its successor.
+     * Identifiers (OIDs) are defined in RFC 5280.
     * Any other attribute type must be specified as an OID.
     *
     * <p>This implementation enforces a more restrictive OID syntax than
@ -456,7 +456,7 @@ public final class X500Principal implements Principal, java.io.Serializable {
     * (obtained via the {@code getName(X500Principal.CANONICAL)} method)
     * of this object and <i>o</i> are equal.
     *
-     * <p> This implementation is compliant with the requirements of RFC 3280.
+     * <p> This implementation is compliant with the requirements of RFC 5280.
     *
     * @param o Object to be compared for equality with this
     *          {@code X500Principal}
--- a/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java
+++ b/jdk/src/java.base/share/classes/javax/security/auth/x500/package-info.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -31,15 +31,15 @@
 * <h2>Package Specification</h2>
 *
 * <ul>
- *   <li><a href="http://www.ietf.org/rfc/rfc1779.txt">
+ *   <li><a href="http://tools.ietf.org/html/rfc1779">
 *     RFC 1779: A String Representation of Distinguished Names</a></li>
- *   <li><a href="http://www.ietf.org/rfc/rfc2253.txt">
+ *   <li><a href="http://tools.ietf.org/html/rfc2253">
 *     RFC 2253: Lightweight Directory Access Protocol (v3):
 *     UTF-8 String Representation of Distinguished Names</a></li>
- *   <li><a href="http://www.ietf.org/rfc/rfc3280.txt">
- *     RFC 3280: Internet X.509 Public Key Infrastructure
+ *   <li><a href="http://tools.ietf.org/html/rfc5280">
+ *     RFC 5280: Internet X.509 Public Key Infrastructure
 *     Certificate and Certificate Revocation List (CRL) Profile</a></li>
- *   <li><a href="http://www.ietf.org/rfc/rfc4512.txt">
+ *   <li><a href="http://tools.ietf.org/html/rfc4512">
 *     RFC 4512: Lightweight Directory Access Protocol (LDAP):
 *     Directory Information Models</a></li>
 * </ul>
--- a/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -64,7 +64,7 @@ import java.security.*;
 *   and CRLs. Aliases for X.509 are X509.
 *
 * - PKIX is the certification path validation algorithm described
- *   in RFC 3280. The ValidationAlgorithm attribute notes the
+ *   in RFC 5280. The ValidationAlgorithm attribute notes the
 *   specification that this provider implements.
 *
 * - LDAP is the CertStore type for LDAP repositories. The
@ -250,7 +250,7 @@ final class SunEntries {
        map.put("CertPathBuilder.PKIX",
            "sun.security.provider.certpath.SunCertPathBuilder");
        map.put("CertPathBuilder.PKIX ValidationAlgorithm",
-            "RFC3280");
+            "RFC5280");

        /*
         * CertPathValidator
@ -258,7 +258,7 @@ final class SunEntries {
        map.put("CertPathValidator.PKIX",
            "sun.security.provider.certpath.PKIXCertPathValidator");
        map.put("CertPathValidator.PKIX ValidationAlgorithm",
-            "RFC3280");
+            "RFC5280");

        /*
         * CertStores
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/DistributionPointFetcher.java
@ -434,7 +434,7 @@ public class DistributionPointFetcher {
                        }
                        if (indirectCRL) {
                            if (pointCrlIssuers.size() != 1) {
-                                // RFC 3280: there must be only 1 CRL issuer
+                                // RFC 5280: there must be only 1 CRL issuer
                                // name when relativeName is present
                                if (debug != null) {
                                    debug.println("must only be one CRL " +
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyChecker.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -578,7 +578,7 @@ class PolicyChecker extends PKIXCertPathChecker {
    }

    /**
-     * Rewrite leaf nodes at the end of validation as described in RFC 3280
+     * Rewrite leaf nodes at the end of validation as described in RFC 5280
     * section 6.1.5: Step (g)(iii). Leaf nodes with anyPolicy are replaced
     * by nodes explicitly representing initial policies not already
     * represented by leaf nodes.
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PolicyNodeImpl.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -56,7 +56,7 @@ final class PolicyNodeImpl implements PolicyNode {
    private PolicyNodeImpl mParent;
    private HashSet<PolicyNodeImpl> mChildren;

-    // the 4 fields specified by RFC 3280
+    // the 4 fields specified by RFC 5280
    private String mValidPolicy;
    private HashSet<PolicyQualifierInfo> mQualifierSet;
    private boolean mCriticalityIndicator;
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/RevocationChecker.java
@ -472,9 +472,9 @@ class RevocationChecker extends PKIXRevocationChecker {
                          " ---checking revocation status ...");
        }

-        // reject circular dependencies - RFC 3280 is not explicit on how
-        // to handle this, so we feel it is safest to reject them until
-        // the issue is resolved in the PKIX WG.
+        // Reject circular dependencies - RFC 5280 is not explicit on how
+        // to handle this, but does suggest that they can be a security
+        // risk and can create unresolvable dependencies
        if (stackedCerts != null && stackedCerts.contains(cert)) {
            if (debug != null) {
                debug.println("RevocationChecker.checkCRLs()" +
@ -628,7 +628,7 @@ class RevocationChecker extends PKIXRevocationChecker {
                /*
                 * Abort CRL validation and throw exception if there are any
                 * unrecognized critical CRL entry extensions (see section
-                 * 5.3 of RFC 3280).
+                 * 5.3 of RFC 5280).
                 */
                Set<String> unresCritExts = entry.getCriticalExtensionOIDs();
                if (unresCritExts != null && !unresCritExts.isEmpty()) {
@ -880,9 +880,9 @@ class RevocationChecker extends PKIXRevocationChecker {
                " ---checking " + msg + "...");
        }

-        // reject circular dependencies - RFC 3280 is not explicit on how
-        // to handle this, so we feel it is safest to reject them until
-        // the issue is resolved in the PKIX WG.
+        // Reject circular dependencies - RFC 5280 is not explicit on how
+        // to handle this, but does suggest that they can be a security
+        // risk and can create unresolvable dependencies
        if ((stackedCerts != null) && stackedCerts.contains(cert)) {
            if (debug != null) {
                debug.println(
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -53,7 +53,7 @@ import sun.security.util.Debug;
 * <p> If successful, it returns a certification path which has successfully
 * satisfied all the constraints and requirements specified in the
 * PKIXBuilderParameters object and has been validated according to the PKIX
- * path validation algorithm defined in RFC 3280.
+ * path validation algorithm defined in RFC 5280.
 *
 * <p> This implementation uses a depth-first search approach to finding
 * certification paths. If it comes to a point in which it cannot find
--- a/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerInputBuffer.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -285,7 +285,7 @@ class DerInputBuffer extends ByteArrayInputStream implements Cloneable {
         *       YYMMDDhhmmss-hhmm
         * UTC Time is broken in storing only two digits of year.
         * If YY < 50, we assume 20YY;
-         * if YY >= 50, we assume 19YY, as per RFC 3280.
+         * if YY >= 50, we assume 19YY, as per RFC 5280.
         *
         * Generalized time has a four-digit year and allows any
         * precision specified in ISO 8601. However, for our purposes,
--- a/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerOutputStream.java
@ -461,7 +461,7 @@ extends ByteArrayOutputStream implements DerEncoder {
     * Marshals a DER UTC time/date value.
     *
     * <P>YYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time
-     * and with seconds (even if seconds=0) as per RFC 3280.
+     * and with seconds (even if seconds=0) as per RFC 5280.
     */
    public void putUTCTime(Date d) throws IOException {
        putTime(d, DerValue.tag_UtcTime);
@ -471,7 +471,7 @@ extends ByteArrayOutputStream implements DerEncoder {
     * Marshals a DER Generalized Time/date value.
     *
     * <P>YYYYMMDDhhmmss{Z|+hhmm|-hhmm} ... emits only using Zulu time
-     * and with seconds (even if seconds=0) as per RFC 3280.
+     * and with seconds (even if seconds=0) as per RFC 5280.
     */
    public void putGeneralizedTime(Date d) throws IOException {
        putTime(d, DerValue.tag_GeneralizedTime);
--- a/jdk/src/java.base/share/classes/sun/security/util/DerValue.java
+++ b/jdk/src/java.base/share/classes/sun/security/util/DerValue.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -45,8 +45,8 @@ import sun.misc.IOUtils;
 * (such as PKCS #10 certificate requests, and some kinds of PKCS #7 data).
 *
 * A note with respect to T61/Teletex strings: From RFC 1617, section 4.1.3
- * and RFC 3280, section 4.1.2.4., we assume that this kind of string will
- * contain ISO-8859-1 characters only.
+ * and RFC 5280, section 8, we assume that this kind of string will contain
+ * ISO-8859-1 characters only.
 *
 *
 * @author David Brownell
--- a/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/AuthorityInfoAccessExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -43,7 +43,7 @@ import sun.security.util.DerValue;
 * certificate that identifies the specific OCSP Responder to use when
 * performing on-line validation of that certificate.
 * <p>
- * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
+ * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280">
 * Internet X.509 PKI Certificate and Certificate Revocation List
 * (CRL) Profile</a>. The profile permits
 * the extension to be included in end-entity or CA certificates,
--- a/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/CertificateIssuerExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -44,7 +44,7 @@ import sun.security.util.DerOutputStream;
 * <p>
 * If used by conforming CRL issuers, this extension is always
 * critical.  If an implementation ignored this extension it could not
- * correctly attribute CRL entries to certificates.  PKIX (RFC 3280)
+ * correctly attribute CRL entries to certificates.  PKIX (RFC 5280)
 * RECOMMENDS that implementations recognize this extension.
 * <p>
 * The ASN.1 definition for this is:
--- a/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/DeltaCRLIndicatorExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -45,7 +45,7 @@ import sun.security.util.*;
 *
 * <p>
 * The extension is defined in Section 5.2.4 of
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific
+ * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
 ate and Certificate Revocation List (CRL) Profile</a>.
 *
 * <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/ExtendedKeyUsageExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -94,7 +94,7 @@ implements CertAttrSet<String> {
    public static final String NAME = "ExtendedKeyUsage";
    public static final String USAGES = "usages";

-    // OID defined in RFC 3280 Sections 4.2.1.13
+    // OID defined in RFC 5280 Sections 4.2.1.12
    // more from http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.html
    private static final Map <ObjectIdentifier, String> map =
            new HashMap <ObjectIdentifier, String> ();
--- a/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/FreshestCRLExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -42,7 +42,7 @@ import sun.security.util.*;
 *
 * <p>
 * The extension is defined in Section 5.2.6 of
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific
+ * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
 ate and Certificate Revocation List (CRL) Profile</a>.
 *
 * <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/InvalidityDateExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -33,7 +33,7 @@ import java.util.Enumeration;
 import sun.security.util.*;

 /**
- * From RFC 3280:
+ * From RFC 5280:
 * <p>
 * The invalidity date is a non-critical CRL entry extension that
 * provides the date on which it is known or suspected that the private
--- a/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/IssuingDistributionPointExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -46,7 +46,7 @@ import sun.security.util.DerValue;
 *
 * <p>
 * The extension is defined in Section 5.2.5 of
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">Internet X.509 PKI Certific
+ * <a href="http://tools.ietf.org/html/rfc5280">Internet X.509 PKI Certific
 ate and Certificate Revocation List (CRL) Profile</a>.
 *
 * <p>
--- a/jdk/src/java.base/share/classes/sun/security/x509/RDN.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/RDN.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -341,7 +341,7 @@ public class RDN {
    /*
     * Returns a printable form of this RDN, using RFC 1779 style catenation
     * of attribute/value assertions, and emitting attribute type keywords
-     * from RFCs 1779, 2253, and 3280.
+     * from RFCs 1779, 2253, and 5280.
     */
    public String toString() {
        if (assertion.length == 1) {
--- a/jdk/src/java.base/share/classes/sun/security/x509/README
+++ b/jdk/src/java.base/share/classes/sun/security/x509/README
@ -34,7 +34,7 @@ found in:
    Protocol (LDAP) that many organizations are expecting will help
    address online certificate distribution over the Internet.

-    RFC 3280, which describes the Internet X.509 Public Key
+    RFC 5280, which describes the Internet X.509 Public Key
    Infrastructure Certificate and CRL Profile.  

    RSA DSI has a bunch of "Public Key Cryptography Standards" (PKCS) which
--- a/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/SubjectInfoAccessExtension.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -47,7 +47,7 @@ import sun.security.util.DerValue;
 * included in end entity or CA certificates.  Conforming CAs MUST mark
 * this extension as non-critical.
 * <p>
- * This extension is defined in <a href="http://www.ietf.org/rfc/rfc3280.txt">
+ * This extension is defined in <a href="http://tools.ietf.org/html/rfc5280">
 * Internet X.509 PKI Certificate and Certificate Revocation List
 * (CRL) Profile</a>. The profile permits
 * the extension to be included in end-entity or CA certificates,
--- a/jdk/src/java.base/share/classes/sun/security/x509/URIName.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/URIName.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -35,15 +35,15 @@ import sun.security.util.*;
 * This class implements the URIName as required by the GeneralNames
 * ASN.1 object.
 * <p>
- * [RFC3280] When the subjectAltName extension contains a URI, the name MUST be
+ * [RFC5280] When the subjectAltName extension contains a URI, the name MUST be
 * stored in the uniformResourceIdentifier (an IA5String). The name MUST
 * be a non-relative URL, and MUST follow the URL syntax and encoding
- * rules specified in [RFC 1738].  The name must include both a scheme
+ * rules specified in [RFC 3986].  The name must include both a scheme
 * (e.g., "http" or "ftp") and a scheme-specific-part.  The scheme-
 * specific-part must include a fully qualified domain name or IP
 * address as the host.
 * <p>
- * As specified in [RFC 1738], the scheme name is not case-sensitive
+ * As specified in [RFC 3986], the scheme name is not case-sensitive
 * (e.g., "http" is equivalent to "HTTP").  The host part is also not
 * case-sensitive, but other components of the scheme-specific-part may
 * be case-sensitive. When comparing URIs, conforming implementations
@ -113,7 +113,7 @@ public class URIName implements GeneralNameInterface {
        }

        host = uri.getHost();
-        // RFC 3280 says that the host should be non-null, but we allow it to
+        // RFC 5280 says that the host should be non-null, but we allow it to
        // be null because some widely deployed certificates contain CDP
        // extensions with URIs that have no hostname (see bugs 4802236 and
        // 5107944).
@ -148,7 +148,7 @@ public class URIName implements GeneralNameInterface {
    /**
     * Create the URIName object with the specified name constraint. URI
     * name constraints syntax is different than SubjectAltNames, etc. See
-     * 4.2.1.11 of RFC 3280.
+     * 4.2.1.10 of RFC 5280.
     *
     * @param value the URI name constraint
     * @throws IOException if name is not a proper URI name constraint
@ -300,7 +300,7 @@ public class URIName implements GeneralNameInterface {
     * These results are used in checking NameConstraints during
     * certification path verification.
     * <p>
-     * RFC3280: For URIs, the constraint applies to the host part of the name.
+     * RFC5280: For URIs, the constraint applies to the host part of the name.
     * The constraint may specify a host or a domain.  Examples would be
     * "foo.bar.com";  and ".xyz.com".  When the the constraint begins with
     * a period, it may be expanded with one or more subdomains.  That is,
--- a/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X500Name.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -605,7 +605,7 @@ public class X500Name implements GeneralNameInterface, Principal {
     * Returns a string form of the X.500 distinguished name.
     * The format of the string is from RFC 1779. The returned string
     * may contain non-standardised keywords for more readability
-     * (keywords from RFCs 1779, 2253, and 3280).
+     * (keywords from RFCs 1779, 2253, and 5280).
     */
    public String toString() {
        if (dn == null) {
@ -866,7 +866,7 @@ public class X500Name implements GeneralNameInterface, Principal {
     *     O="Sue, Grabbit and Runn" or
     *     O=Sue\, Grabbit and Runn
     *
-     * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 3280
+     * This method can parse RFC 1779, 2253 or 4514 DNs and non-standard 5280
     * keywords. Additional keywords can be specified in the keyword/OID map.
     */
    private void parseDN(String input, Map<String, String> keywordMap)
@ -1122,7 +1122,7 @@ public class X500Name implements GeneralNameInterface, Principal {

    /*
     * Selected OIDs from X.520
-     * Includes all those specified in RFC 3280 as MUST or SHOULD
+     * Includes all those specified in RFC 5280 as MUST or SHOULD
     * be recognized
     */
    private static final int commonName_data[] = { 2, 5, 4, 3 };
@ -1220,7 +1220,7 @@ public class X500Name implements GeneralNameInterface, Principal {
        ipAddress_oid = intern(ObjectIdentifier.newInternal(ipAddress_data));

    /*
-     * Domain component OID from RFC 1274, RFC 2247, RFC 3280
+     * Domain component OID from RFC 1274, RFC 2247, RFC 5280
     */

    /*
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -63,7 +63,7 @@ import sun.misc.HexDumpEncoder;
 *     signature            BIT STRING  }
 * </pre>
 * More information can be found in
- * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509
+ * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
 * Public Key Infrastructure Certificate and CRL Profile</a>.
 * <p>
 * The ASN.1 definition of <code>tbsCertList</code> is:
--- a/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java
+++ b/jdk/src/java.base/share/classes/sun/security/x509/X509CertInfo.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -708,7 +708,7 @@ public class X509CertInfo implements CertAttrSet<String> {
    }

    /*
-     * Verify if X.509 V3 Certificate is compliant with RFC 3280.
+     * Verify if X.509 V3 Certificate is compliant with RFC 5280.
     */
    private void verifyCert(X500Name subject,
        CertificateExtensions extensions)
--- a/jdk/src/java.base/share/conf/security/java.security
+++ b/jdk/src/java.base/share/conf/security/java.security
@ -345,7 +345,7 @@ networkaddress.cache.negative.ttl=10
 # By default, the location of the OCSP responder is determined implicitly
 # from the certificate being validated. This property explicitly specifies
 # the location of the OCSP responder. The property is used when the
-# Authority Information Access extension (defined in RFC 3280) is absent
+# Authority Information Access extension (defined in RFC 5280) is absent
 # from the certificate or when it requires overriding.
 #
 # Example,
--- a/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java
+++ b/jdk/src/jdk.dev/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -140,7 +140,7 @@ public final class TimestampedSigner extends ContentSigner {

    /**
     * Examine the certificate for a Subject Information Access extension
-     * (<a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280</a>).
+     * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>).
     * The extension's <tt>accessMethod</tt> field should contain the object
     * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its
     * <tt>accessLocation</tt> field should contain an HTTP or HTTPS URL.