| |
| RFC 9800 | Compressed SRv6 Segment List Encoding |
| |
| Authors: | W. Cheng, Ed., C. Filsfils, Z. Li, B. Decraene, F. Clad, Ed.. |
| Date: | June 2025 |
| Formats: | txt xml pdf json html |
| Updates: | RFC 8754 |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9800 |
|
Segment Routing over IPv6 (SRv6) is the instantiation of SegmentRouting (SR) on the IPv6 data plane. This document specifies new flavors for the SRv6 endpoint behaviors defined in RFC 8986, which enable the compression of an SRv6 segment list. Such compression significantly reduces the size of the SRv6 encapsulation needed to steer packets over long segment lists.
This document updates RFC 8754 by allowing a Segment List entry in the Segment Routing Header (SRH) to be either an IPv6 address, as specified in RFC 8754, or a REPLACE-CSID container in packed format, as specified in this document. |
|
| |
| RFC 9801 | Private Line Emulation over Packet Switched Networks |
| |
| Authors: | S. Gringeri, J. Whittaker, N. Leymann, C. Schmutzer, Ed., C. Brown. |
| Date: | July 2025 |
| Formats: | txt json xml pdf html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9801 |
|
This document expands the applicability of Virtual Private WireService (VPWS) bit-stream payloads beyond Time Division Multiplexing(TDM) signals and provides pseudowire transport with complete signal transparency over Packet Switched Networks (PSNs). |
|
| |
| RFC 9802 | Use of the HSS and XMSS Hash-Based Signature Algorithms in Internet X.509 Public Key Infrastructure |
| |
| Authors: | D. Van Geest, K. Bashiri, S. Fluhrer, S. Gazdag, S. Kousidis. |
| Date: | June 2025 |
| Formats: | txt html pdf json xml |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9802 |
|
This document specifies algorithm identifiers and ASN.1 encoding formats for the following stateful Hash-Based Signature (HBS) schemes: Hierarchical Signature System (HSS), eXtended MerkleSignature Scheme (XMSS), and XMSS^MT (a multi-tree variant of XMSS).This specification applies to the Internet X.509 Public KeyInfrastructure (PKI) when digital signatures are used to sign certificates and certificate revocation lists (CRLs). |
|
| |
| RFC 9803 | Extensible Provisioning Protocol (EPP) Mapping for DNS Time-to-Live (TTL) Values |
| |
|
|
This document describes an extension to the Extensible ProvisioningProtocol (EPP) that allows EPP clients to manage the Time-to-Live(TTL) value for domain name delegation records. |
|
| |
| RFC 9804 | Simple Public Key Infrastructure (SPKI) S-Expressions |
| |
|
|
This memo specifies the data structure representation that was devised to support Simple Public Key Infrastructure (SPKI) certificates, as detailed in RFC 2692, with the intent that it be more widely applicable. It has been and is being used elsewhere.There are multiple implementations in a variety of programming languages. Uses of this representation are referred to in this document as "S-expressions". This memo makes precise the encodings of these SPKI S-expressions: It gives a "canonical form" for them, describes two "transport" representations, and also describes an"advanced" format for display to people. |
|
| |
| RFC 9805 | Deprecation of the IPv6 Router Alert Option for New Protocols |
| |
|
|
This document deprecates the IPv6 Router Alert option. Protocols that use the IPv6 Router Alert option may continue to do so, even in future versions. However, new protocols that are standardized in the future must not use the IPv6 Router Alert option.
This document updates RFC 2711. |
|
| |
| RFC 9806 | Updates to SIP-Based Media Recording (SIPREC) to Correct Metadata Media Type |
| |
|
|
The SIP-based Media Recording (SIPREC) protocol is defined by both"Session Initiation Protocol (SIP) Recording Metadata" (RFC 7865) and"Session Recording Protocol" (RFC 7866). Unfortunately, both RFCs contradict each other regarding how recording metadata is to be labeled. In addition, neither RFC registered the new media type.This document updates RFC 7866 to align with RFC 7865 when labeling recording metadata and also registers the media type. |
|
| |
| RFC 9807 | The OPAQUE Augmented Password-Authenticated Key Exchange (aPAKE) Protocol |
| |
| Authors: | D. Bourdrez, H. Krawczyk, K. Lewi, C. A. Wood. |
| Date: | July 2025 |
| Formats: | txt xml pdf html json |
| Status: | INFORMATIONAL |
| DOI: | 10.17487/RFC 9807 |
|
This document describes the OPAQUE protocol, an Augmented (orAsymmetric) Password-Authenticated Key Exchange (aPAKE) protocol that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. In addition, the protocol provides forward secrecy and the ability to hide the password from the server, even during password registration. This document specifies the coreOPAQUE protocol and one instantiation based on 3DH. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF. |
|
| |
| RFC 9808 | Content Delivery Network Interconnection (CDNI) Capacity Capability Advertisement Extensions |
| |
| Authors: | A. Ryan, B. Rosenblum, N. Sopher. |
| Date: | July 2025 |
| Formats: | txt xml pdf json html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9808 |
|
This specification defines a set of additional Capability Objects that provide information about current downstream CDN (dCDN) utilization and specified usage limits to the delegating upstream CDN(uCDN) in order to inform traffic delegation decisions.
This document supplements the CDNI Capability Objects, defined in RFC8008 as part of the Footprint & Capabilities Advertisement Interface(FCI), with two additional Capability Objects: FCI.CapacityLimits andFCI.Telemetry. |
|
| |
| RFC 9809 | X.509 Certificate Extended Key Usage (EKU) for Configuration, Updates, and Safety-Critical Communication |
| |
| Authors: | H. Brockhaus, D. Goltzsche. |
| Date: | July 2025 |
| Formats: | txt xml json pdf html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9809 |
|
RFC 5280 defines the Extended Key Usage (EKU) extension and specifies several extended key purpose identifiers (KeyPurposeIds) for use with that extension in X.509 certificates. This document definesKeyPurposeIds for general-purpose and trust anchor configuration files, for software and firmware update packages, and for safety- critical communication to be included in the EKU extension of X.509 v3 public key certificates. |
|
| |
| RFC 9810 | Internet X.509 Public Key Infrastructure -- Certificate Management Protocol (CMP) |
| |
|
|
This document describes the Internet X.509 Public Key Infrastructure(PKI) Certificate Management Protocol (CMP). Protocol messages are defined for X.509v3 certificate creation and management. CMP provides interactions between client systems and PKI components such as a Registration Authority (RA) and a Certification Authority (CA).
This document adds support for management of certificates containing a Key Encapsulation Mechanism (KEM) public key and uses EnvelopedData instead of EncryptedValue. This document also includes the updates specified in Section 2 and Appendix A.2 of RFC 9480.
This document obsoletes RFC 4210, and together with RFC 9811, it also obsoletes RFC 9480. Appendix F of this document updates Section 9 ofRFC 5912. |
|
| |
| RFC 9811 | Internet X.509 Public Key Infrastructure -- HTTP Transfer for the Certificate Management Protocol (CMP) |
| |
|
|
This document describes how to layer the Certificate ManagementProtocol (CMP) over HTTP.
It includes the updates to RFC 6712 specified in Section 3 of RFC9480; these updates introduce CMP URIs using a well-known prefix. It obsoletes RFC 6712; and, together with RFC 9810, it also obsoletesRFC 9480. |
|
| |
| RFC 9813 | Operational Considerations for Using TLS Pre-Shared Keys (TLS-PSKs) with RADIUS |
| |
|
|
This document provides implementation and operational considerations for using TLS Pre-Shared Keys (TLS-PSKs) with RADIUS/TLS (RFC 6614) and RADIUS/DTLS (RFC 7360). The purpose of the document is to help smooth the operational transition from the use of RADIUS/UDP toRADIUS/TLS. |
|
| |
| RFC 9814 | Use of the SLH-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS) |
| |
| Authors: | R. Housley, S. Fluhrer, P. Kampanakis, B. Westerbaan. |
| Date: | July 2025 |
| Formats: | txt json xml pdf html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9814 |
|
SLH-DSA is a stateless hash-based signature algorithm. This document specifies the conventions for using the SLH-DSA signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. |
|
| |
| RFC 9815 | BGP Link State (BGP-LS) Shortest Path First (SPF) Routing |
| |
| Authors: | K. Patel, A. Lindem, S. Zandi, W. Henderickx. |
| Date: | July 2025 |
| Formats: | txt json html xml pdf |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9815 |
|
Many Massively Scaled Data Centers (MSDCs) have converged on simplified Layer 3 (L3) routing. Furthermore, requirements for operational simplicity have led many of these MSDCs to converge onBGP as their single routing protocol for both fabric routing and DataCenter Interconnect (DCI) routing. This document describes extensions to BGP for use with BGP Link State (BGP-LS) distribution and the Shortest Path First (SPF) algorithm. In doing this, it allows BGP to be efficiently used as both the underlay protocol and the overlay protocol in MSDCs. |
|
| |
| RFC 9816 | Usage and Applicability of BGP Link State (BGP-LS) Shortest Path First (SPF) Routing in Data Centers |
| |
| Authors: | K. Patel, A. Lindem, S. Zandi, G. Dawra, J. Dong. |
| Date: | July 2025 |
| Formats: | txt pdf xml html json |
| Status: | INFORMATIONAL |
| DOI: | 10.17487/RFC 9816 |
|
This document discusses the usage and applicability of BGP Link State(BGP-LS) Shortest Path First (SPF) extensions in data center networks utilizing Clos or Fat Tree topologies. The document is intended to provide simplified guidance for the deployment of BGP-LS SPF extensions. |
|
| |
| RFC 9818 | DHCPv6 Prefix Delegation on IPv6 Customer Edge (CE) Routers in LANs |
| |
|
|
This document defines requirements for IPv6 Customer Edge (CE) routers to support DHCPv6 Prefix Delegation for distributing available prefixes to LAN devices that were delegated to an IPv6 CE router. This document updates RFC 7084. |
|
| |
| RFC 9819 | Argument Signaling for BGP Services in Segment Routing over IPv6 (SRv6) |
| |
|
|
RFC 9252 defines procedures and messages for BGP overlay services forSegment Routing over IPv6 (SRv6), including Layer 3 Virtual PrivateNetwork (L3VPN), Ethernet VPN (EVPN), and global Internet routing.This document updates RFC 9252 and provides more detailed specifications for the signaling and processing of SRv6 SegmentIdentifier advertisements for BGP overlay service routes associated with SRv6 Endpoint Behaviors that support arguments. |
|
| |
| RFC 9825 | Extensions to OSPF for Advertising Prefix Administrative Tags |
| |
| Authors: | A. Lindem, Ed., P. Psenak, Y. Qu. |
| Date: | July 2025 |
| Formats: | txt pdf json xml html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9825 |
|
It is useful for routers in OSPFv2 and OSPFv3 routing domains to be able to associate tags with prefixes. Previously, OSPFv2 and OSPFv3 were relegated to a single tag and only for Autonomous System (AS)External and Not-So-Stubby-Area (NSSA) prefixes. With the flexible encodings provided by OSPFv2 Prefix/Link Attribute Advertisement andOSPFv3 Extended Link State Advertisements (LSAs), multiple administrative tags may be advertised for all types of prefixes.These administrative tags can be used for many applications including route redistribution policy, selective prefix prioritization, selective IP Fast Reroute (IPFRR) prefix protection, and many others. |
|
