| |
| RFC 9900 | Updates to NETCONF Transport Port Numbers |
| |
|
|
This document releases IANA-assigned port numbers for services related to the Network Configuration Protocol (NETCONF) that have not been in use in production networks. |
|
| |
| RFC 9901 | Selective Disclosure for JSON Web Tokens |
| |
| Authors: | D. Fett, K. Yasuda, B. Campbell. |
| Date: | November 2025 |
| Formats: | txt html pdf xml json |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9901 |
|
This specification defines a mechanism for the selective disclosure of individual elements of a JSON data structure used as the payload of a JSON Web Signature (JWS). The primary use case is the selective disclosure of JSON Web Token (JWT) claims. |
|
| |
| RFC 9902 | A YANG Data Model for IS-IS Segment Routing over the MPLS Data Plane |
| |
| Authors: | S. Litkowski, Y. Qu, A. Lindem, I. Chen, J. Tantsura. |
| Date: | December 2025 |
| Formats: | txt json html xml pdf |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9902 |
|
This document defines a YANG data model that can be used to manageIS-IS extensions for Segment Routing (SR) over the MPLS data plane. |
|
| |
| RFC 9903 | A YANG Data Model for OSPF Segment Routing over the MPLS Data Plane |
| |
| Authors: | Y. Qu, A. Lindem, J. Zhang, I. Chen. |
| Date: | December 2025 |
| Formats: | txt json xml pdf html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9903 |
|
This document defines a YANG data model that can be used to manageOSPF extensions for Segment Routing over the MPLS data plane. |
|
| |
| RFC 9904 | DNSSEC Cryptographic Algorithm Recommendation Update Process |
| |
|
|
The DNSSEC protocol makes use of various cryptographic algorithms to provide authentication of DNS data and proof of nonexistence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify both a set of algorithm implementation requirements and usage guidelines to ensure that there is at least one algorithm that all implementations support. This document replaces and obsoletes RFC 8624 and moves the canonical source of algorithm implementation requirements and usage guidance for DNSSEC from RFC 8624 to the IANA DNSSEC algorithm registries.This is done to allow the list of requirements to be more easily updated and referenced. Extensions to these registries can be made in future RFCs. This document also updates RFC 9157 and incorporates the revised IANA DNSSEC considerations from that RFC.
This document does not change the recommendation status (MUST, MAY,RECOMMENDED, etc.) of the algorithms listed in RFC 8624; that is the work of future documents. |
|
| |
| RFC 9905 | Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms |
| |
|
|
This document deprecates the use of the RSASHA1 andRSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key(DNSKEY) and Resource Record Signature (RRSIG) records.
It updates RFCs 4034 and 5155 as it deprecates the use of these algorithms. |
|
| |
| RFC 9906 | Deprecate Usage of ECC-GOST within DNSSEC |
| |
| Authors: | W. Hardaker, W. Kumari. |
| Date: | November 2025 |
| Formats: | txt pdf json xml html |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9906 |
|
This document retires the use of GOST R 34.10-2001 (mnemonic "ECC-GOST") and GOST R 34.11-94 within DNSSEC.
RFC 5933 (Historic) defined the use of GOST R 34.10-2001 and GOST R34.11-94 algorithms with DNS Security Extensions (DNSSEC). This document updates RFC 5933 by deprecating the use of ECC-GOST. |
|
| |
| RFC 9908 | Clarification and Enhancement of the CSR Attributes Definition in RFC 7030 |
| |
|
|
This document updates RFC 7030, "Enrollment over Secure Transport"(EST), clarifying how the Certificate Signing Request (CSR)Attributes Response can be used by an EST server to specify both CSR attribute Object Identifiers (OIDs) and CSR attribute values, particularly X.509 extension values, that the server expects the client to include in a subsequent CSR request. RFC 9148 is derived from RFC 7030 and is also updated.
RFC 7030 is ambiguous in its specification of the CSR AttributesResponse. This has resulted in implementation challenges and implementor confusion because there was no universal understanding of what was specified. This document clarifies the encoding rules.
This document also provides a new straightforward approach: using a template for CSR contents that may be partially filled in by the server. This also allows an EST server to specify a subjectDistinguished Name (DN). |
|
| |
| RFC 9909 | Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) |
| |
| Authors: | K. Bashiri, S. Fluhrer, S. Gazdag, D. Van Geest, S. Kousidis. |
| Date: | December 2025 |
| Formats: | txt pdf html xml json |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9909 |
|
Digital signatures are used within the X.509 Public KeyInfrastructure, such as X.509 certificates and Certificate RevocationLists (CRLs), as well as to sign messages. This document specifies the conventions for using the Stateless Hash-Based Digital SignatureAlgorithm (SLH-DSA) in the X.509 Public Key Infrastructure. The conventions for the associated signatures, subject public keys, and private keys are also specified. |
|
| |
| RFC 9910 | Registration Data Access Protocol (RDAP) Regional Internet Registry (RIR) Search |
| |
| Authors: | T. Harrison, J. Singh. |
| Date: | January 2026 |
| Formats: | txt xml pdf html json |
| Status: | PROPOSED STANDARD |
| DOI: | 10.17487/RFC 9910 |
|
The Registration Data Access Protocol (RDAP) is used by RegionalInternet Registries (RIRs) and Domain Name Registries (DNRs) to provide access to their resource registration information. The core specifications for RDAP define basic search functionality, but there are various search options related to IP addresses, IP prefixes, andAutonomous System Numbers (ASNs), which are provided by RIRs via their WHOIS services, but for which there is no corresponding RDAP functionality. This document extends RDAP to support those search options. |
|
| |
| RFC 9911 | Common YANG Data Types |
| |
|
|
This document defines a collection of common data types to be used with the YANG data modeling language. It includes several new type definitions and obsoletes RFC 6991. |
|
| |
| RFC 9915 | Dynamic Host Configuration Protocol for IPv6 (DHCPv6) |
| |
|
|
This document specifies the Dynamic Host Configuration Protocol forIPv6 (DHCPv6), an extensible mechanism for configuring nodes with network configuration parameters, IP addresses, and prefixes.Parameters can be provided statelessly or in combination with stateful assignment of one or more IPv6 addresses and/or IPv6 prefixes. DHCPv6 can operate either in place of or in addition to stateless address autoconfiguration (SLAAC).
This document obsoletes RFC 8415. It incorporates verified errata and obsoletes the assignment of temporary addresses (the IA_TA option) and the server unicast capability (the Server Unicast option and UseMulticast status code). |
|
| |
| RFC 9917 | IGP Flexible Algorithms Reverse Affinity Constraint |
| |
|
|
An IGP Flexible Algorithm (Flex-Algorithm) enables the computation of constraint-based paths within an IGP domain, allowing operators to influence path selection according to administrative policies. This document defines an extension to Flex-Algorithm that allows the inclusion or exclusion of links from path computation based onAdministrative Groups (also known as link affinities) associated with the reverse direction of the path under computation.
This document updates RFCs 9350 and 9843 by introducing the new IANA registry that specifies the ordered set of rules that are used to prune links from the topology during the Flex-Algorithm path computation. |
|
