Support This Book
Appendices Chapter 1

Untitled

Appendix A: RFC Reference

Overview

This appendix provides a comprehensive reference to RFCs (Request for Comments) relevant to network security. RFCs are the primary standards documents for internet protocols.

Core Networking Protocols

IP Protocol Family

RFCTitleDescription
RFC 791Internet ProtocolIPv4 specification
RFC 792ICMPInternet Control Message Protocol
RFC 826ARPAddress Resolution Protocol
RFC 2460IPv6 SpecificationOriginal IPv6 (obsoleted by 8200)
RFC 8200IPv6 SpecificationCurrent IPv6 standard
RFC 4443ICMPv6ICMP for IPv6
RFC 4861NDPNeighbor Discovery Protocol for IPv6

Transport Layer

RFCTitleDescription
RFC 793TCPTransmission Control Protocol
RFC 768UDPUser Datagram Protocol
RFC 9000QUICQUIC transport protocol
RFC 4960SCTPStream Control Transmission Protocol
RFC 6528TCP ISNDefending against sequence number attacks

Application Layer

RFCTitleDescription
RFC 7230-7235HTTP/1.1HTTP protocol suite
RFC 7540HTTP/2HTTP version 2
RFC 9114HTTP/3HTTP over QUIC
RFC 1035DNSDomain Name System
RFC 5321SMTPSimple Mail Transfer Protocol
RFC 3501IMAPInternet Message Access Protocol

Security Protocols

TLS/SSL

RFCTitleDescription
RFC 8446TLS 1.3Current TLS version
RFC 5246TLS 1.2Previous TLS version
RFC 6066TLS ExtensionsSNI, certificate status
RFC 7918TLS 1.3 False StartPerformance optimization
RFC 8996Deprecate TLS 1.0/1.1Security recommendation

Authentication & Authorization

RFCTitleDescription
RFC 4120Kerberos V5Network authentication protocol
RFC 6749OAuth 2.0Authorization framework
RFC 7519JWTJSON Web Tokens
RFC 7617HTTP Basic AuthBasic authentication scheme
RFC 2617HTTP AuthDigest authentication

IPsec & VPN

RFCTitleDescription
RFC 4301IPsec ArchitectureSecurity architecture for IP
RFC 4302AHAuthentication Header
RFC 4303ESPEncapsulating Security Payload
RFC 7296IKEv2Internet Key Exchange
RFC 8031Curve25519/448 for IKEv2Modern cryptography

DNS Security

RFCTitleDescription
RFC 4033DNSSEC IntroductionDNS Security Extensions intro
RFC 4034DNSSEC RecordsDNSSEC resource records
RFC 4035DNSSEC ProtocolProtocol modifications
RFC 8484DoHDNS over HTTPS
RFC 7858DoTDNS over TLS
RFC 8310Usage Profiles DoT/DoHBest practices

Email Security

RFCTitleDescription
RFC 7208SPFSender Policy Framework
RFC 6376DKIMDomainKeys Identified Mail
RFC 7489DMARCDomain-based Message Auth
RFC 8617ARCAuthenticated Received Chain

BGP Security

RFCTitleDescription
RFC 4271BGP-4Border Gateway Protocol
RFC 7454BGP Operations SecurityOperational security
RFC 6811RPKI/ROVRoute Origin Validation
RFC 8205BGPsecBGP path validation
RFC 8893RPKI Best PracticesResource certification

Best Current Practices

RFCTitleDescription
RFC 2827BCP 38Network ingress filtering
RFC 3704BCP 84Ingress filtering for multihomed
RFC 5765BCP 46Security considerations for IETFprotocols
RFC 6302Logging RecommendationsSecurity logging
RFC 7123Security AutomationSecurity automation and monitoring

Wireless Security

RFCTitleDescription
RFC 5765EAP-TLSEAP with TLS
RFC 5281EAP-TTLSTunneled TLS
RFC 4186EAP-SIMEAP for GSM
RFC 5216EAP-TLS v1.3Updated EAP-TLS

How to Read RFCs

Structure

Typical RFC Structure:
1. Abstract - Brief summary
2. Introduction - Context and motivation
3. Terminology - Definitions
4. Protocol Specification - Technical details
5. Security Considerations - Security analysis
6. IANA Considerations - Registry updates
7. References - Normative and informative
8. Appendices - Additional details

Key Terms

TermMeaning
MUSTAbsolute requirement
MUST NOTAbsolute prohibition
SHOULDRecommended
SHOULD NOTNot recommended
MAYOptional

Access

Security-Focused RFCs by Topic

Network Attacks & Defenses

RFCTitleTopic
RFC 4987TCP SYN FloodingSYN flood defense
RFC 5765Security ConsiderationsProtocol security
RFC 6528TCP ISNSequence number security
RFC 2827Ingress FilteringIP spoofing prevention

Cryptography

RFCTitleTopic
RFC 7748Elliptic CurvesX25519, X448
RFC 8032EdDSAEdwards-curve signatures
RFC 7693BLAKE2Hash function
RFC 8439ChaCha20-Poly1305AEAD cipher