RFC Reference

RFC stands for Request for Comments — a series of technical and organizational documents published by the Internet Engineering Task Force (IETF) and the Internet Society. RFCs define the protocols, procedures, and policies that make up the internet. Some RFCs are informational or experimental, while others become mandatory internet standards (STDs). Every internet protocol like TCP, HTTP, TLS, and DNS has at least one defining RFC.

HTTP/2 (RFC 7540, published 2015) uses binary framing and multiplexing over a single TCP connection to eliminate head-of-line blocking at the application layer. However, TCP's own head-of-line blocking at the transport layer still causes latency when packets are lost. HTTP/3 (RFC 9114, published 2022) solves this by running over QUIC (a UDP-based transport) instead of TCP, enabling independent stream multiplexing and faster connection establishment.

TLS 1.3 (RFC 8446, published 2018) introduces a 1-RTT handshake (down from 2-RTT in TLS 1.2) and optional 0-RTT resumption for returning clients, significantly reducing connection latency. It also removes insecure cipher suites (RC4, DES, 3DES, MD5, SHA-1, RSA key exchange) and mandates forward secrecy on all connections, making the protocol more secure and efficient than TLS 1.2 (RFC 5246).

OAuth 2.0 (RFC 6749) is an authorization framework that defines how a client application can obtain limited access to a resource on behalf of a user, using grant types like Authorization Code, Implicit, Client Credentials, and Resource Owner Password. JWT (RFC 7519) is a compact token format (Header.Payload.Signature) often used to represent the access tokens and ID tokens that OAuth 2.0 and OpenID Connect issue. OAuth 2.0 defines the workflow; JWT is a common format for the tokens it issues.

Both protect against email spoofing and phishing. SPF (Sender Policy Framework, RFC 7208) allows a domain owner to publish a DNS TXT record listing which mail servers are authorized to send email for that domain. Receiving servers check this record to reject unauthorized senders. DKIM (DomainKeys Identified Mail, RFC 6376) adds a cryptographic digital signature to outgoing emails so receiving servers can verify the message was not tampered with in transit and originated from the claimed domain.

RFC 1918 (Address Allocation for Private Internets, published 1996) reserves three address blocks for private use: 10.0.0.0/8 (Class A, 16 million addresses), 172.16.0.0/12 (Class B, about 1 million addresses), and 192.168.0.0/16 (Class C, 65,536 addresses). These addresses are not routable on the public internet and are used for internal networks, requiring NAT to communicate with public IP addresses.

OSPFv2 (RFC 2328) is an Interior Gateway Protocol (IGP) that uses the Dijkstra Shortest Path First algorithm and link-state advertisements to find the optimal route within a single autonomous system (AS). BGP-4 (RFC 4271) is the Exterior Gateway Protocol (EGP) of the internet, used to exchange routing information between different autonomous systems (ISPs, enterprises). BGP makes policy-based routing decisions based on path attributes rather than just shortest path.

DNS over HTTPS (DoH, RFC 8484, published 2018) sends DNS queries as HTTPS requests to a DoH-capable resolver, encrypting the DNS traffic. Traditional DNS queries are sent in plaintext over UDP port 53, allowing ISPs, network operators, or attackers on the same network to observe which domain names you are looking up. DoH prevents this surveillance by encapsulating DNS queries inside encrypted HTTPS, making them indistinguishable from regular web traffic.