This document describes the queries that a DNS resolver should emit to initialize its cache. The result is that the resolver gets both a

Most HTTP authentication schemes are probeable in the sense that it is possible for an unauthenticated client to probe whether an origin

The RSA Key Encapsulation Mechanism (RSA-KEM) algorithm is a one-pass (store-and-forward) cryptographic mechanism for an originator to

RFC 5280 specifies several extended key purpose identifiers (KeyPurposeIds) for X.509 certificates. This document defines an

The Segment Routing (SR) architecture leverages source routing and can be directly applied to the use of an MPLS data plane. A Segment

This document defines how to use the Address Family Identifier (AFI) 17 "Distinguished Name" in the Locator/ID Separation Protocol (LISP).

This specification proposes an additional response secured by JSON Web Token (JWT) for OAuth 2.0 Token Introspection.

This document describes best current security practice for OAuth 2.0. It updates and extends the threat model and security advice given in

When split-horizon DNS is deployed by a network, certain domain names can be resolved authoritatively by a network-provided DNS resolver.

Following a review of the IETF meeting venue requirements, this document updates RFC 8718 ("IETF Plenary Meeting Venue Selection