RFC 9824: Compact Denial of Existence in DNSSEC
Ce #RFC permet à un nom de domaine d'être à la fois existant et non-existant. Plus précisément, il permet de fournir une preuve cryptographique avec #DNSSEC, prouvant que le nom existe (alors qu'il n'existe pas) mais n'a pas les données demandées. Cette technique est particulièrement adaptée au cas des signatures dynamiques, mais a l'inconvénient de « mentir ».
RFC 9904: DNSSEC Cryptographic Algorithm Recommendation Update Process, W. Hardaker, et al., https://www.rfc-editor.org/info/rfc9904 #RFC The DNSSEC protocol makes use of various cryptographic algorithms to provide authentication of DNS data and proof of nonexistence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify both a set of 1/4
RFC 9906: Deprecate Usage of ECC-GOST within DNSSEC, W. Hardaker, et al., https://www.rfc-editor.org/info/rfc9906 #RFC This document retires the use of GOST R 34.10-2001 (mnemonic "ECC-GOST") and GOST R 34.11-94 within DNSSEC. RFC 5933 (Historic) defined the use of GOST R 34.10-2001 and GOST R 34.11-94 algorithms with DNS Security Extensions (DNSSEC). This document updates RFC 5933 by 1/2
RFC 9905: Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms, W. Hardaker, et al., https://www.rfc-editor.org/info/rfc9905 #RFC This document deprecates the use of the RSASHA1 and RSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key (DNSKEY) and Resource Record Signature (RRSIG) records. It updates RFCs 4034 and 5155 as it deprecates the use of these algorithms. This 1/2
RFC: what are the highlights of FreeBSD 15.0-RELEASE?
"In the 15.0-RELEASE announcement email, I list a few highlights. Obviously pkgbase is going to be one of them, but I'm looking for a list of 5 or 6 items, and I don't know what you as users care about the most.
"So… can you help out your release engineer and tell me what you personally thing is the most exciting change in 15.0?"
― Colin Percival at <https://www.reddit.com/r/freebsd/comments/1pa8ait/what_are_the_highlights_of_150release/>
(The announcement is scheduled for Tuesday 2nd December – <https://www.freebsd.org/releases/15.0R/>.)
RFC 9906: Deprecate Usage of ECC-GOST within DNSSEC, W. Hardaker, et al., https://www.rfc-editor.org/info/rfc9906 #RFC This document retires the use of GOST R 34.10-2001 (mnemonic "ECC-GOST") and GOST R 34.11-94 within DNSSEC. RFC 5933 (Historic) defined the use of GOST R 34.10-2001 and GOST R 34.11-94 algorithms with DNS Security Extensions (DNSSEC). This document updates RFC 5933 by 1/2
RFC 9905: Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms, W. Hardaker, et al., https://www.rfc-editor.org/info/rfc9905 #RFC This document deprecates the use of the RSASHA1 and RSASHA1-NSEC3-SHA1 algorithms for the creation of DNS Public Key (DNSKEY) and Resource Record Signature (RRSIG) records. It updates RFCs 4034 and 5155 as it deprecates the use of these algorithms. This 1/2
RFC 9904: DNSSEC Cryptographic Algorithm Recommendation Update Process, W. Hardaker, et al., https://www.rfc-editor.org/info/rfc9904 #RFC The DNSSEC protocol makes use of various cryptographic algorithms to provide authentication of DNS data and proof of nonexistence. To ensure interoperability between DNS resolvers and DNS authoritative servers, it is necessary to specify both a set of 1/4
RFC: what are the highlights of FreeBSD 15.0-RELEASE?
"In the 15.0-RELEASE announcement email, I list a few highlights. Obviously pkgbase is going to be one of them, but I'm looking for a list of 5 or 6 items, and I don't know what you as users care about the most.
"So… can you help out your release engineer and tell me what you personally thing is the most exciting change in 15.0?"
― Colin Percival at <https://www.reddit.com/r/freebsd/comments/1pa8ait/what_are_the_highlights_of_150release/>
(The announcement is scheduled for Tuesday 2nd December – <https://www.freebsd.org/releases/15.0R/>.)
Pas de wifi #CapitoleDuLibre dans l'atelier. Il se tient au troisième étage et la gravité empêche les zondes de monter.
À propos de #eBPF, le #RFC : https://www.bortzmeyer.org/9669.html
Et un exemple d'utilisation pour le #DNS : https://blog.apnic.net/2025/08/04/experimental-support-for-af_xdp-sockets-in-nsd/
RFC 9882: Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS), B. Salter, et al., https://www.rfc-editor.org/info/rfc9882 #RFC The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined by NIST in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum 1/2
RFC 9881: Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), J. Massimo, et al., https://www.rfc-editor.org/info/rfc9881 #RFC Digital signatures are used within X.509 certificates and Certificate Revocation Lists (CRLs), and to sign messages. This document specifies the conventions for using FIPS 204, the 1/2
Two RFCs standardizing the addition of post-quantum cryptographic algorithms in existing Internet standard formats (X.509 and CMS).
RFC 9881
Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA)
RFC 9882
Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)
RFC 9881: Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), J. Massimo, et al., https://www.rfc-editor.org/info/rfc9881 #RFC Digital signatures are used within X.509 certificates and Certificate Revocation Lists (CRLs), and to sign messages. This document specifies the conventions for using FIPS 204, the 1/2
RFC 9882: Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS), B. Salter, et al., https://www.rfc-editor.org/info/rfc9882 #RFC The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined by NIST in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum 1/2
An update to #RFC 768 (yup, that's UDP) 45 years ago after its publication
This new RFC's PDF is 51 pages long. RFC 768's PDF is 3 pages long 😅
An update to #RFC 768 (yup, that's UDP) 45 years ago after its publication
This new RFC's PDF is 51 pages long. RFC 768's PDF is 3 pages long 😅
RFC 9861: KangarooTwelve and TurboSHAKE, B. Viguier, et al., https://www.rfc-editor.org/info/rfc9861 #RFC This document defines four eXtendable-Output Functions (XOFs), hash functions with output of arbitrary length, named TurboSHAKE128, TurboSHAKE256, KT128, and KT256. All four functions provide efficient and secure hashing primitives, and the last two are able to exploit the parallelism of 1/2
Vous avez des données à condenser / hacher / résumer cryptographiquement ? Vous trouvez SHA-2 trop classique ? Kangourou Douze, décrit dans ce #RFC, peut le faire. https://www.bortzmeyer.org/9861.html
