This document specifies how Automated Certificate Management Environment (ACME) can be used by a client to obtain a certificate for a subdomain identifier from a certification authority. Additionally, this document specifies how a client can fulfill a challenge against an ancestor domain but may not need to fulfill a challenge against the explicit subdomain if certification authority policy allows issuance of the subdomain certificate without explicit subdomain ownership proof. Stream: RFC: Category: Published: ISSN: Authors: Internet Engineering Task Force (IETF) 9444 Standards Track August 2023 2070-1721 O. Friel Cisco R. Barnes Cisco T. Hollebeek DigiCert M. Richardson Sandelman Software Works Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at . https://www.rfc-editor.org/info/rfc9444 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( ) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions https://trustee.ietf.org/license-info Friel, et al. Standards Track Page 1 with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of
本文档指定客户端如何使用自动证书管理环境(ACME)从证书颁发机构获取子域标识符的证书。此外,本文档还指定了客户端如何完成对祖先域的挑战,但如果证书颁发机构策略允许在没有显式子域所有权证明的情况下颁发子域证书,则可能不需要完成对显式子域的挑战。流:RFC:类别:发布:ISSN:作者:互联网工程任务组(IETF) 9444标准跟踪2023年8月2070-1721年O. Friel Cisco R. Barnes Cisco T. Hollebeek DigiCert M. Richardson Sandelman本备忘录软件工作状态这是一份互联网标准跟踪文档。本文档是IETF (Internet Engineering Task Force)的产品。它代表了IETF社区的共识。它已接受公众审查,并已被互联网工程指导小组(IESG)批准出版。有关Internet标准的更多信息可在RFC 7841的第2节中获得。有关本文档的当前状态、任何勘误表以及如何提供反馈的信息,可从以下网站获得。版权所有(c) 2023 IETF Trust和确定为文档作者的人员。版权所有。本文档受BCP 78和IETF信托基金《与IETF文档相关的法律规定》的约束,该法律规定在本文档发布之日生效。请仔细阅读这些文件,因为它们描述了您的权利和限制https://trustee.ietf.org/license-info Friel等。关于本文档的标准跟踪第1页。从本文档中提取的代码组件必须包括第4节中描述的修订BSD许可证文本。根据信托法律条款(Trust Legal Provisions)提供,且不提供修订BSD许可证中所述的保证。表
{"title":"Automated Certificate Management Environment (ACME) for Subdomains","authors":"O. Friel, R. Barnes, T. Hollebeek, M. Richardson","doi":"10.17487/rfc9444","DOIUrl":"https://doi.org/10.17487/rfc9444","url":null,"abstract":"This document specifies how Automated Certificate Management Environment (ACME) can be used by a client to obtain a certificate for a subdomain identifier from a certification authority. Additionally, this document specifies how a client can fulfill a challenge against an ancestor domain but may not need to fulfill a challenge against the explicit subdomain if certification authority policy allows issuance of the subdomain certificate without explicit subdomain ownership proof. Stream: RFC: Category: Published: ISSN: Authors: Internet Engineering Task Force (IETF) 9444 Standards Track August 2023 2070-1721 O. Friel Cisco R. Barnes Cisco T. Hollebeek DigiCert M. Richardson Sandelman Software Works Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at . https://www.rfc-editor.org/info/rfc9444 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( ) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions https://trustee.ietf.org/license-info Friel, et al. Standards Track Page 1 with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of","PeriodicalId":21471,"journal":{"name":"RFC","volume":"26 1","pages":"1-20"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88265347","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Operations, Administration, and Maintenance (OAM) Packet and Behavior in the Network Service Header (NSH)","authors":"M. Boucadair","doi":"10.17487/rfc9451","DOIUrl":"https://doi.org/10.17487/rfc9451","url":null,"abstract":"","PeriodicalId":21471,"journal":{"name":"RFC","volume":"58 1","pages":"1-6"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80511696","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In situ Operations, Administration, and Maintenance (IOAM) is used for recording and collecting operational and telemetry information while the packet traverses a path between two points in the network. This document outlines how IOAM-Data-Fields are encapsulated with the Network Service Header (NSH).
{"title":"Network Service Header (NSH) Encapsulation for In Situ OAM (IOAM) Data","authors":"F. Brockners, S. Bhandari","doi":"10.17487/rfc9452","DOIUrl":"https://doi.org/10.17487/rfc9452","url":null,"abstract":"In situ Operations, Administration, and Maintenance (IOAM) is used for recording and collecting operational and telemetry information while the packet traverses a path between two points in the network. This document outlines how IOAM-Data-Fields are encapsulated with the Network Service Header (NSH).","PeriodicalId":21471,"journal":{"name":"RFC","volume":"9 1","pages":"1-9"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78781838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The JSON Meta Application Protocol (JMAP) base protocol (RFC 8620) provides the ability to upload and download arbitrary binary data via HTTP POST and GET on a defined endpoint. This binary data is called a "blob". This extension adds additional ways to create and access blobs by making inline method calls within a standard JMAP request. This extension also adds a reverse lookup mechanism to discover where blobs are referenced within other data types. Stream: RFC: Updates: Category: Published: ISSN: Author: Internet Engineering Task Force (IETF) 9404 8620 Standards Track August 2023 2070-1721 B. Gondwana, Ed. Fastmail Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at . https://www.rfc-editor.org/info/rfc9404 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. Gondwana Standards Track Page 1 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( ) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. https://trustee.ietf.org/license-info Table of
{"title":"JSON Meta Application Protocol (JMAP) Blob Management Extension","authors":"Bron Gondwana","doi":"10.17487/rfc9404","DOIUrl":"https://doi.org/10.17487/rfc9404","url":null,"abstract":"The JSON Meta Application Protocol (JMAP) base protocol (RFC 8620) provides the ability to upload and download arbitrary binary data via HTTP POST and GET on a defined endpoint. This binary data is called a \"blob\". This extension adds additional ways to create and access blobs by making inline method calls within a standard JMAP request. This extension also adds a reverse lookup mechanism to discover where blobs are referenced within other data types. Stream: RFC: Updates: Category: Published: ISSN: Author: Internet Engineering Task Force (IETF) 9404 8620 Standards Track August 2023 2070-1721 B. Gondwana, Ed. Fastmail Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at . https://www.rfc-editor.org/info/rfc9404 Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. Gondwana Standards Track Page 1 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( ) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. https://trustee.ietf.org/license-info Table of","PeriodicalId":21471,"journal":{"name":"RFC","volume":"16 1","pages":"1-24"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87690170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Alberto Rodríguez-Natal, V. Ermagan, A. Cabellos-Aparicio, Sharon Barkai, M. Boucadair
{"title":"Publish/Subscribe Functionality for the Locator/ID Separation Protocol (LISP)","authors":"Alberto Rodríguez-Natal, V. Ermagan, A. Cabellos-Aparicio, Sharon Barkai, M. Boucadair","doi":"10.17487/rfc9437","DOIUrl":"https://doi.org/10.17487/rfc9437","url":null,"abstract":"","PeriodicalId":21471,"journal":{"name":"RFC","volume":"27 1","pages":"1-18"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74793114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Armando Faz-Hernández, Sam Scott, N. Sullivan, R. Wahby, Christopher A. Wood
{"title":"Hashing to Elliptic Curves","authors":"Armando Faz-Hernández, Sam Scott, N. Sullivan, R. Wahby, Christopher A. Wood","doi":"10.17487/rfc9380","DOIUrl":"https://doi.org/10.17487/rfc9380","url":null,"abstract":"","PeriodicalId":21471,"journal":{"name":"RFC","volume":"49 1","pages":"1-145"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73082435","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Update to OSPF Terminology","authors":"M. Fox, A. Lindem, A. Retana","doi":"10.17487/rfc9454","DOIUrl":"https://doi.org/10.17487/rfc9454","url":null,"abstract":"","PeriodicalId":21471,"journal":{"name":"RFC","volume":"146 1","pages":"1-6"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75750613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies - both for the IoCs’ initial discovery and their use in detection - and provides a foundation for new approaches to operational challenges in network security. Abstract Designing an efficient source address validation (SAV) filter requires minimizing false positives (i.e., avoiding dropping legitimate traffic) while maintaining directionality (see RFC8704). This document advances the technology for SAV filter design through a method that makes use of BGP UPDATE messages, Autonomous System Provider Authorization (ASPA), and Route Origin Authorization (ROA). The proposed method’s name is abbreviated as BAR-SAV. BAR-SAV can be used by network operators to derive more robust SAV filters and thus improve network resilience. Abstract Active measurements at Internet-scale can target either collaborating parties or non-collaborating ones. This is similar scan and could be perceived as aggressive. This document proposes a couple of simple techniques allowing any party or organization to understand what this unsolicited packet is, what is its purpose, and more importantly who to contact.
网络防御者经常依靠入侵指标(ioc)来识别、跟踪和阻止网络或端点上的恶意活动。本草案审查了国际奥委会使用的基础、机会、操作限制和最佳实践。它强调了在互联网协议、工具和技术的实现中对ioc进行检测的必要性——无论是对ioc的初始发现还是它们在检测中的使用——并为应对网络安全中操作挑战的新方法提供了基础。设计一个有效的源地址验证(SAV)过滤器需要最小化误报(即避免丢弃合法流量),同时保持方向性(见RFC8704)。本文提出了利用BGP UPDATE消息、ASPA (Autonomous System Provider Authorization)和ROA (Route Origin Authorization)的方法来设计SAV过滤器的技术。该方法的名称缩写为BAR-SAV。网络运营商可以使用BAR-SAV来获得更健壮的SAV滤波器,从而提高网络的弹性。互联网尺度的主动测量既可以针对合作方,也可以针对非合作方。这是类似的扫描,可以被认为是侵略性的。本文提出了一些简单的技术,允许任何一方或组织了解这个未经请求的数据包是什么,它的目的是什么,更重要的是与谁联系。
{"title":"Indicators of Compromise (IoCs) and Their Role in Attack Defence","authors":"K. Paine, O. Whitehouse, J. Sellwood, A. Shaw","doi":"10.17487/rfc9424","DOIUrl":"https://doi.org/10.17487/rfc9424","url":null,"abstract":"Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies - both for the IoCs’ initial discovery and their use in detection - and provides a foundation for new approaches to operational challenges in network security. Abstract Designing an efficient source address validation (SAV) filter requires minimizing false positives (i.e., avoiding dropping legitimate traffic) while maintaining directionality (see RFC8704). This document advances the technology for SAV filter design through a method that makes use of BGP UPDATE messages, Autonomous System Provider Authorization (ASPA), and Route Origin Authorization (ROA). The proposed method’s name is abbreviated as BAR-SAV. BAR-SAV can be used by network operators to derive more robust SAV filters and thus improve network resilience. Abstract Active measurements at Internet-scale can target either collaborating parties or non-collaborating ones. This is similar scan and could be perceived as aggressive. This document proposes a couple of simple techniques allowing any party or organization to understand what this unsolicited packet is, what is its purpose, and more importantly who to contact.","PeriodicalId":21471,"journal":{"name":"RFC","volume":"51 1","pages":"1-24"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76617878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"PIM Message Type Space Extension and Reserved Bits","authors":"S. Venaas, A. Retana","doi":"10.17487/rfc9436","DOIUrl":"https://doi.org/10.17487/rfc9436","url":null,"abstract":"","PeriodicalId":21471,"journal":{"name":"RFC","volume":"30 1","pages":"1-7"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139352596","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The wireless medium presents significant specific challenges to achieve properties similar to those of wired deterministic networks. At the same time, a number of use cases cannot be solved with wires and justify the extra effort of going wireless. This document presents wireless use cases (such as aeronautical communications, amusement parks, industrial applications, pro audio and video, gaming, Unmanned Aerial Vehicle (UAV) and vehicle-to-vehicle (V2V) control, edge robotics
{"title":"Reliable and Available Wireless (RAW) Use Cases","authors":"G. Papadopoulos, P. Thubert, Fabrice Théoleyre","doi":"10.17487/rfc9450","DOIUrl":"https://doi.org/10.17487/rfc9450","url":null,"abstract":"The wireless medium presents significant specific challenges to achieve properties similar to those of wired deterministic networks. At the same time, a number of use cases cannot be solved with wires and justify the extra effort of going wireless. This document presents wireless use cases (such as aeronautical communications, amusement parks, industrial applications, pro audio and video, gaming, Unmanned Aerial Vehicle (UAV) and vehicle-to-vehicle (V2V) control, edge robotics","PeriodicalId":21471,"journal":{"name":"RFC","volume":"6 1","pages":"1-24"},"PeriodicalIF":0.0,"publicationDate":"2023-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87702454","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: