| |
| RFC 9900 | Updates to NETCONF Transport Port Numbers |
| |
|
|
This document releases IANA-assigned port numbers for services related to the Network Configuration Protocol (NETCONF) that have not been in use in production networks. |
|
| |
| RFC 9901 | Selective Disclosure for JSON Web Tokens |
| |
| Authors: | D. Fett, K. Yasuda, B. Campbell. |
| Date: | November 2025 |
| Formats: | txt html pdf xml json |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9901 |
|
This specification defines a mechanism for the selective disclosure of individual elements of a JSON data structure used as the payload of a JSON Web Signature (JWS). The primary use case is the selective disclosure of JSON Web Token (JWT) claims. |
|
| |
| RFC 9902 | A YANG Data Model for IS-IS Segment Routing over the MPLS Data Plane |
| |
| Authors: | S. Litkowski, Y. Qu, A. Lindem, I. Chen, J. Tantsura. |
| Date: | December 2025 |
| Formats: | txt json html xml pdf |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9902 |
|
This document defines a YANG data model that can be used to manageIS-IS extensions for Segment Routing (SR) over the MPLS data plane. |
|
| |
| RFC 9903 | A YANG Data Model for OSPF Segment Routing over the MPLS Data Plane |
| |
| Authors: | Y. Qu, A. Lindem, J. Zhang, I. Chen. |
| Date: | December 2025 |
| Formats: | txt json xml pdf html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9903 |
|
This document defines a YANG data model that can be used to manageOSPF extensions for Segment Routing over the MPLS data plane. |
|
| |
| RFC 9904 | DNSSEC Cryptographic Algorithm Recommendation Update Process |
| |
|
|
The DNSSEC protocol makes use of various cryptographic algorithms to provide authentication of DNS data and proof of nonexistence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify both a set of algorithm implementation requirements and usage guidelines to ensure that there is at least one algorithm that all implementations support. This document replaces and obsoletes RFC 8624 and moves the canonical source of algorithm implementation requirements and usage guidance for DNSSEC from RFC 8624 to the IANA DNSSEC algorithm registries.This is done to allow the list of requirements to be more easily updated and referenced. Extensions to these registries can be made in future RFCs. This document also updates RFC 9157 and incorporates the revised IANA DNSSEC considerations from that RFC.
This document does not change the recommendation status (MUST, MAY,RECOMMENDED, etc.) of the algorithms listed in RFC 8624; that is the work of future documents. |
|
| |
| RFC 9905 | Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms |
| |
|
|
This document deprecates the use of the RSASHA1 andRSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key(DNSKEY) and Resource Record Signature (RRSIG) records.
It updates RFCs 4034 and 5155 as it deprecates the use of these algorithms. |
|
| |
| RFC 9906 | Deprecate Usage of ECC-GOST within DNSSEC |
| |
| Authors: | W. Hardaker, W. Kumari. |
| Date: | November 2025 |
| Formats: | txt pdf json xml html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9906 |
|
This document retires the use of GOST R 34.10-2001 (mnemonic "ECC-GOST") and GOST R 34.11-94 within DNSSEC.
RFC 5933 (Historic) defined the use of GOST R 34.10-2001 and GOST R34.11-94 algorithms with DNS Security Extensions (DNSSEC). This document updates RFC 5933 by deprecating the use of ECC-GOST. |
|
| |
| RFC 9908 | Clarification and Enhancement of the CSR Attributes Definition in RFC 7030 |
| |
|
|
This document updates RFC 7030, "Enrollment over Secure Transport"(EST), clarifying how the Certificate Signing Request (CSR)Attributes Response can be used by an EST server to specify both CSR attribute Object Identifiers (OIDs) and CSR attribute values, particularly X.509 extension values, that the server expects the client to include in a subsequent CSR request. RFC 9148 is derived from RFC 7030 and is also updated.
RFC 7030 is ambiguous in its specification of the CSR AttributesResponse. This has resulted in implementation challenges and implementor confusion because there was no universal understanding of what was specified. This document clarifies the encoding rules.
This document also provides a new straightforward approach: using a template for CSR contents that may be partially filled in by the server. This also allows an EST server to specify a subjectDistinguished Name (DN). |
|
| |
| RFC 9909 | Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) |
| |
| Authors: | K. Bashiri, S. Fluhrer, S. Gazdag, D. Van Geest, S. Kousidis. |
| Date: | December 2025 |
| Formats: | txt pdf html xml json |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9909 |
|
Digital signatures are used within the X.509 Public KeyInfrastructure, such as X.509 certificates and Certificate RevocationLists (CRLs), as well as to sign messages. This document specifies the conventions for using the Stateless Hash-Based Digital SignatureAlgorithm (SLH-DSA) in the X.509 Public Key Infrastructure. The conventions for the associated signatures, subject public keys, and private keys are also specified. |
|
| |
| RFC 9911 | Common YANG Data Types |
| |
|
|
This document defines a collection of common data types to be used with the YANG data modeling language. It includes several new type definitions and obsoletes RFC 6991. |
|
