Return to Web development-related RFCs

• Important Security Related RFCs
• Important Security-Related RFCs
• Security-Related RFCs
• Security RFCs
• Important Security RFCs
• RFCs related to Security

• RFC 5246 – Transport Layer Security (TLS) Protocol Version 1.2
• RFC 8446 – Transport Layer Security (TLS) Protocol Version 1.3
• RFC 7636 – Proof Key for Code Exchange (PKCE)
• RFC 4301 – Security Architecture for the Internet Protocol
• RFC 2401 – Security Architecture for the Internet Protocol (Obsoleted by RFC 4301)
• RFC 6749 – OAuth 2.0 Authorization Framework
• RFC 3552 – Guidelines for Writing RFC Text on Security Considerations
• RFC 4949 – Internet Security Glossary
• RFC 826 – Address Resolution Protocol (ARP)
• RFC 2104 – Keyed-Hashing for Message Authentication
• RFC 6979 – Deterministic ECDSA Signatures
• RFC 7519 – JSON Web Token (JWT)
• RFC 8032 – Ed25519 and Ed448 Signatures
• RFC 3647 – Internet X.509 Public Key Infrastructure Certificate Policy
• RFC 6962 – Certificate Transparency
• RFC 6818 – Updates to the Internet X.509 Public Key Infrastructure Certificate and CRL Profile
• RFC 7515 – JSON Web Signature (JWS)
• RFC 7516 – JSON Web Encryption (JWE)
• RFC 7517 – JSON Web Key (JWK)
• RFC 7518 – JSON Web Algorithms (JWA)
• RFC 5280 – Internet X.509 Public Key Infrastructure Certificate and CRL Profile
• RFC 6960 – Online Certificate Status Protocol (OCSP)
• RFC 2560 – OCSP (Obsoleted by RFC 6960)
• RFC 6125 – Representation and Verification of Domain-Based Application Service Identity
• RFC 2459 – X.509 Public Key Infrastructure (Obsoleted by RFC 5280)
• RFC 7435 – Opportunistic Security
• RFC 6698 – DNS-Based Authentication of Named Entities (DANE)
• RFC 4033 – DNS Security Extensions (DNSSEC) Introduction and Requirements
• RFC 4034 – Resource Records for the DNSSEC
• RFC 4035 – Protocol Modifications for the DNSSEC
• RFC 5155 – DNSSEC Hashed Authenticated Denial of Existence
• RFC 5933 – Use of GOST Algorithms with DNSSEC
• RFC 4253 – Secure Shell (SSH) Transport Layer Protocol
• RFC 4252 – SSH Authentication Protocol
• RFC 4251 – SSH Protocol Architecture
• RFC 6238 – Time-Based One-Time Password Algorithm
• RFC 4226 – An HMAC-Based One-Time Password Algorithm
• RFC 6187 – X.509 Certificates for SSH
• RFC 4880 – OpenPGP Message Format
• RFC 5281 – Extensible Authentication Protocol (EAP)-TTLS
• RFC 5216 – EAP-TLS Authentication
• RFC 5247 – Extensible Authentication Protocol (EAP) Key Management Framework
• RFC 3748 – Extensible Authentication Protocol (EAP)
• RFC 6694 – OAuth 2.0 Threat Model and Security Considerations
• RFC 7634 – OAuth 2.0 Token Revocation
• RFC 6749 – OAuth 2.0 Authorization Framework
• RFC 8705 – OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens
• RFC 7519 – JSON Web Token (JWT)
• RFC 7517 – JSON Web Key (JWK)
• RFC 8037 – JSON Web Algorithms (JWA) Using Curve25519
• RFC 5798 – Virtual Router Redundancy Protocol (VRRP)
• RFC 4303 – IPsec Encapsulating Security Payload (ESP)
• RFC 6071 – IP Security (IPsec) and IKE Document Roadmap
• RFC 7296 – Internet Key Exchange (IKEv2) Protocol
• RFC 2409 – IKE (Obsoleted by RFC 7296)
• RFC 2410 – The NULL Encryption Algorithm and Its Use With IPsec
• RFC 4306 – IKEv2 (Obsoleted by RFC 7296)
• RFC 5282 – IPsec Extensions for EAP
• RFC 4764 – IPsec and IKE Configuration Policy Information
• RFC 4732 – Denial-of-Service Attacks
• RFC 4730 – Multimedia Internet KEYing
• RFC 3833 – Threat Analysis of the DNS
• RFC 6480 – DNSSEC Operational Practices
• RFC 8090 – DNS Threat Mitigation Considerations
• RFC 8932 – Deprecating MD5 and SHA-1 in the IETF
• RFC 5242 – A Generalized Unified Character Code (UCS) Security Framework
• RFC 7457 – TLS Attacks: Analysis of Protocol Vulnerabilities
• RFC 6072 – Certificate Management over CMS (CMC)
• RFC 4210 – Certificate Management Protocol (CMP)
• RFC 2985 – PKCS #9: Selected Object Classes and Attribute Types
• RFC 8447 – Registry Updates for TLS and DTLS
• RFC 9019 – Recommendations for Secure Use of TLS and DTLS
• RFC 6961 – Multiple OCSP Responses

• RFC 2560 – Online Certificate Status Protocol (OCSP)
• RFC 6066 – TLS Extensions: Extension Definitions
• RFC 6797 – HTTP Strict Transport Security (HSTS)
• RFC 6962 – Certificate Transparency
• RFC 5280 – X.509 Public Key Infrastructure Certificate and CRL Profile
• RFC 5751 – Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2
• RFC 2986 – PKCS #10: Certification Request Syntax Specification Version 1.7
• RFC 8447 – TLS and DTLS IANA Registry Updates
• RFC 8200 – Internet Protocol, Version 6 (IPv6) Specification
• RFC 793 – Transmission Control Protocol (TCP)
• RFC 6880 – TLS and DTLS Heartbeat Extension
• RFC 6125 – Representation and Verification of Domain-Based Application Service Identity
• RFC 3261 – Session Initiation Protocol (SIP)
• RFC 7515 – JSON Web Signature (JWS)
• RFC 7516 – JSON Web Encryption (JWE)
• RFC 7518 – JSON Web Algorithms (JWA)
• RFC 7748 – Elliptic Curves for Security
• RFC 6979 – Deterministic ECDSA Signatures
• RFC 6234 – SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Algorithms
• RFC 4492 – Elliptic Curve Cryptography (ECC) Cipher Suites for TLS
• RFC 5705 – Keying Material Exporters for TLS
• RFC 5281 – Extensible Authentication Protocol (EAP-TTLS)
• RFC 5216 – EAP-TLS Authentication
• RFC 2716 – EAP over PPP
• RFC 7627 – TLS Session Hash and Extended Master Secret Extension
• RFC 5247 – Extensible Authentication Protocol (EAP) Key Management Framework
• RFC 5346 – EAP-AKA (Authentication and Key Agreement)
• RFC 4046 – Multicast Security (MSEC)
• RFC 6187 – X.509 Certificates for SSH
• RFC 2412 – The OAKLEY Key Determination Protocol
• RFC 6818 – Updates to the Internet X.509 Public Key Infrastructure Certificate and CRL Profile
• RFC 7030 – Enrollment over Secure Transport (EST)
• RFC 7034 – Web Security Considerations
• RFC 4409 – Message Submission
• RFC 4271 – Border Gateway Protocol 4 (BGP-4)
• RFC 8205 – Encapsulating Security Payload (ESP)
• RFC 6376 – DomainKeys Identified Mail (DKIM) Signatures
• RFC 7201 – DTLS Extension to WebRTC
• RFC 6265 – HTTP State Management Mechanism (Cookies)
• RFC 6748 – LISP Control Plane Security
• RFC 5952 – A Recommendation for IPv6 Address Text Representation
• RFC 3526 – More Modular Exponential (MODP) Diffie-Hellman Groups for IKE
• RFC 4419 – Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
• RFC 4642 – Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP)
• RFC 5126 – Cryptographic Message Syntax (CMS) Advanced Electronic Signatures (CAdES)
• RFC 8442 – Key Exchange Algorithms for SSH
• RFC 5930 – Using Advanced Encryption Standard (AES)
• RFC 6071 – IPsec and IKE Document Roadmap
• RFC 6069 – Collection of Management Assertions for EAP
• RFC 3546 – TLS Extensions
• RFC 6379 – Naming Extensions for DNS-Based Service Discovery
• RFC 7231 – HTTP/1.1 Semantics and Content
• RFC 5869 – HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
• RFC 7748 – Elliptic Curves for Security
• RFC 7525 – Recommendations for Secure Use of TLS and DTLS
• RFC 8410 – Algorithm Identifiers for Ed25519, Ed448, X25519, and X448
• RFC 8792 – Indicating Error Disclosure Information in DNS Queries
• RFC 8275 – RPKI-Based Routing
• RFC 9063 – Network Time Security for NTP
• RFC 8221 – IPsec Encryption and Authentication Algorithms
• RFC 8951 – A YANG Data Model for IKE and IPsec
• RFC 6090 – Fundamental Elliptic Curve Cryptography Algorithms
• RFC 8649 – Hash of Root Key for DNSSEC Trust Anchor
• RFC 3724 – Internet Security Architecture
• RFC 3723 – Securing Block Storage Protocols over IP
• RFC 7562 – Securing Digital Signatures in E-Mail
• RFC 8994 – Confidential Computing Framework
• RFC 8230 – TCP-Authentication Option (TCP-AO)
• RFC 8452 – AES-GCM-SIV

• RFC 3275 – XML-Signature Syntax and Processing
• RFC 3394 – Advanced Encryption Standard (AES) Key Wrap Algorithm
• RFC 3550 – RTP: A Transport Protocol for Real-Time Applications
• RFC 4307 – Cryptographic Algorithms for Use in IPsec
• RFC 4493 – The AES-CMAC Algorithm
• RFC 4510 – Lightweight Directory Access Protocol (LDAP): Technical Specification
• RFC 4543 – Galois/Counter Mode (GCM) for IPsec
• RFC 5242 – UTF-8 and Unicode Standard Security Considerations
• RFC 5288 – AES-GCM Cipher Suites for TLS
• RFC 5289 – AES-CCM Cipher Suites for TLS
• RFC 5652 – Cryptographic Message Syntax (CMS)
• RFC 5752 – CMS Algorithm Identifier Protection Attributes
• RFC 6151 – MD5 and the HMAC-MD5 Algorithm
• RFC 6188 – The Security Architecture for Media Control Protocols
• RFC 6402 – Transport Layer Security (TLS) Authorization Extensions
• RFC 6454 – The Web Origin Concept
• RFC 6476 – Basic ECC Cipher Suites for TLS
• RFC 6487 – Certificate Policy for the Resource Public Key Infrastructure (RPKI)
• RFC 6488 – Profiles for RPKI Signed Objects
• RFC 6748 – Map-Versioning with LISP
• RFC 6961 – Multiple OCSP Responses
• RFC 7020 – Internet Numbers Registry System
• RFC 7034 – HTTP Header Field X-Frame-Options
• RFC 7131 – Cryptographic Message Syntax (CMS) Key Package Receipt and Error Content
• RFC 7258 – Pervasive Monitoring Is an Attack
• RFC 7371 – Security Requirements for Automated Network Management
• RFC 7383 – Security Mechanisms for the Open Web Application Security Project (OWASP)
• RFC 7390 – Group Communication for the Constrained Application Protocol (CoAP)
• RFC 7517 – JSON Web Key (JWK)
• RFC 7536 – Transport Layer Security (TLS) False Start
• RFC 7561 – The User Datagram Protocol (UDP) Checksum Coverage
• RFC 7641 – CoAP Observing Resources
• RFC 7805 – The Privacy Considerations for Internet Protocols
• RFC 7838 – The HTTP Alternative Services Protocol
• RFC 7901 – Secure Dynamic Updates in DNS
• RFC 7919 – Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for TLS
• RFC 7924 – TLS Cached Information Extension
• RFC 7942 – Improving Awareness of ICANN Root KSK Rollover
• RFC 7950 – YANG Data Modeling Language
• RFC 7961 – Transport Layer Security (TLS)-Based Authorization for ACE
• RFC 8040 – RESTCONF Protocol
• RFC 8061 – Transmission of IPv6 Packets over IEEE 802.15.4 Networks
• RFC 8066 – Group Communication for CoAP
• RFC 8086 – The Quick UDP Internet Connections (QUIC) Protocol
• RFC 8154 – OSCORE Profile of the Authentication and Authorization for Constrained Environments (ACE)
• RFC 8167 – Traffic Management and Quality-of-Service Considerations for IPsec
• RFC 8192 – Interface to Network Security Functions (I2NSF) Framework
• RFC 8207 – IPv6 Prefix Delegation
• RFC 8232 – TCP Extensions for High Performance
• RFC 8247 – IPsec Cryptographic Algorithms Requirements
• RFC 8258 – Use Cases and Requirements for JSON Web Token (JWT) Proof of Possession
• RFC 8291 – Transparent Interconnection of Lots of Links (TRILL) Over IP
• RFC 8310 – Usage Profiles for DNS over TLS (DoT)
• RFC 8341 – Network Configuration Protocol (NETCONF)
• RFC 8351 – PCEPS: PCE Communication Protocol Secure with TLS
• RFC 8357 – Using Secure DNS to Associate with the TSA
• RFC 8374 – BGPsec Operational Considerations
• RFC 8397 – Protecting Privacy in IDNs
• RFC 8447 – Cryptographic Algorithm and Transport Requirements for DNSSEC
• RFC 8489 – Session Traversal Utilities for NAT (STUN)
• RFC 8545 – Automated Certificate Management Environment (ACME)
• RFC 8555 – ACME Protocol
• RFC 8613 – OSCORE (Object Security for Constrained RESTful Environments)
• RFC 8645 – Border Gateway Protocol Security (BGPsec)
• RFC 8660 – Secure Group Communication for CoAP
• RFC 8672 – HTTP Alternative Services Security
• RFC 8695 – YANG Data Model for SRv6 Base
• RFC 8714 – Update to ACME Identifiers and Challenges
• RFC 8725 – Best Practices for Securing JSON Web Tokens (JWT)
• RFC 8766 – Updates to HTTP Alternative Services Protocol