Making Sense of RFCs: Reading List

By |Published On: June 10th, 2022|Tags: |

If you’re looking for resources to help you learn about the world of cybersecurity, here are the 7 RFCs Roxy, Hurricane Labs’ Director of Compliance, recommends you start with. Looking for more details? Check out their webinar, Making Sense of RFCs!

The List

1. RFC 2196 Site Security Handbook

RFC 2196 (Site Security Handbook) “is a guide to developing computer security policies and procedures for sites that have systems on the Internet.” It goes over, in detail, such topics as why you’d want a security policy and how to handle incident response.

2. RFC 2504 Users’ Security Handbook

Even though it was written in 1999, RFC 2504 (Users’ Security Handbook) has advice that still hasn’t aged much, such as “How to Prepare for the Worst in Advance” and “Encrypt Everything… Shred Everything Else.”

3. RFC 6274 Security Assessment of [IPv4]

Written in 2011, RFC 6274 (Security Assessment of IPv4) uses several RFCs as sources and fully describes IPv4 and considers the security of its features. It includes known issues that have not previously been addressed by other RFCs.

4. RFC 6454 The Web Origin Concept

RFC 6454 mentions security implications of the same-origin policy. Web Origin is, according to Mozilla, “defined by the scheme (protocol), hostname (domain), and port of the URL used to access it. Two objects have the same origin only when the scheme, hostname, and port all match.”

5. RFCs 9110 HTTP Semantics

Just released this week, RFC 9110 (HTTP Semantics) obsoletes most of the HTTP RFCs mentioned in our webinar. It explains the “Core Semantics” of HTTP, regardless of version, which are important to understand when observing and working with HTTP traffic. There are also new RFCs for HTTP 1.1 (9112), HTTP 2 (9113), and HTTP 3 (9114).

Table 1 from RFC 9110 shows all the RFCs it obsoletes:

Managed Cyber Security Services

6. RFC 7624 Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement

After Edward Snowden released documents showing mass surveillance should be a concern for most Americans, RFC 7624 was written to explore the ways in which the confidentiality of Internet communications can be breached. It includes threat models that should be considered to decrease and expose possible vulnerabilities.

7. RFC 7457 Summarizing Known Attacks on [TLS] & Datagram TLS

Due to increased attacks on TLS, RFC 7457 was written to show possible attacks on the most common implementations of it. Those interested in vulnerability management and how to mitigate TLS’s most common vulnerabilities would benefit from reading this RFC.

Bonus reading!

  • The Human Rights Protocol Considerations Research Group (HRPC) “is chartered to research whether standards and protocols can enable, strengthen or threaten human rights.” One of their outputs is published RFCs. You can find out more on the IRTF website.
  • RFC 1 Host Software) was published on April 7, 1969. As of this month, June 2022, there are over 9200 RFCs. Not all are Internet Standards; some are experimental, informational, best current standards, or historic, and there are even some that are April Fools’ jokes.
  • The first RFC April Fools’ joke was RFC 748. It was published in 1978 and called “Telnet Randomly-Lose Option” in which a protocol was created to allow servers to ask to randomly drop packets, and it closes with the expectation that, if not implemented, servers are expected to be 100% reliable.
  • A history of RFCs was published in 2019 in RFC 8700 if you’d like to learn the full story about how RFCs came to be and the milestones that make up 50 years of RFCs.

Conclusion

Most people would consider RFCs to be pretty dry reading, but they can provide valuable information for any tech job that requires the use of the Internet. RFCs also address other topics that intersect with technology today, such as human rights, mass surveillance, research methods, and more. You can read RFCs and learn more about them at RFC-editor.org.

Share with your network!
Get monthly updates from Hurricane Labs
* indicates required

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.

managed SOAR services