RFC 9618 · PROPOSED STANDARD · 2024
SUN · 14 JUN 2026
Updates to X.509 Policy Validation
Overview
RFC 9618, “Updates to X.509 Policy Validation”, is a Proposed Standard document published in August 2024 by D. Benjamin. It updates RFC 5280. The canonical text is published by the RFC Editor.
Abstract
This document updates RFC 5280 to replace the algorithm for X.509 policy validation with an equivalent, more efficient algorithm. The original algorithm built a structure that scaled exponentially in the worst case, leaving implementations vulnerable to denial-of-service attacks.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
Read this RFC
The canonical text of RFC 9618 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
Relationships to other RFCs
Other RFCs from 2024
- RFC 9617 A YANG Data Model for In Situ Operations, Administration, and Maintenance
- RFC 9619 In the DNS, QDCOUNT Is One
- RFC 9616 Delay-Based Metric Extension for the Babel Routing Protocol
- RFC 9620 Guidelines for Human Rights Protocol and Architecture Considerations
- RFC 9615 Automatic DNSSEC Bootstrapping Using Authenticated Signals from the Zone's Operator
- RFC 9614 Partitioning as an Architecture for Privacy
- RFC 9613 Requirements for Solutions that Support MPLS Network Actions
- RFC 9612 Bidirectional Forwarding Detection Reverse Path for MPLS Label Switched Paths