Fully-Specified Algorithms for JSON Object Signing and Encryption and CBOR Object Signing and Encryption
RFC 9864, “Fully-Specified Algorithms for JSON Object Signing and Encryption and CBOR Object Signing and Encryption”, is a Proposed Standard document published in October 2025 by M.B. Jones, O. Steele. It updates RFC 7518, RFC 8037, RFC 9053. The canonical text is published by the RFC Editor.
Abstract
This specification refers to cryptographic algorithm identifiers that fully specify the cryptographic operations to be performed, including any curve, key derivation function (KDF), and hash functions, as being "fully specified". It refers to cryptographic algorithm identifiers that require additional information beyond the algorithm identifier to determine the cryptographic operations to be performed as being "polymorphic". This specification creates fully-specified algorithm identifiers for registered JSON Object Signing and Encryption (JOSE) and CBOR Object Signing and Encryption (COSE) polymorphic algorithm identifiers, enabling applications to use only fully-specified algorithm identifiers. It deprecates those polymorphic algorithm identifiers.
This specification updates RFCs 7518, 8037, and 9053. It deprecates polymorphic algorithms defined by RFCs 8037 and 9053 and provides fully-specified replacements for them. It adds to the instructions to designated experts in RFCs 7518 and 9053.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9864 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9863 Path Computation Element Protocol Extension for Color
- RFC 9865 Cursor-Based Pagination of System of Cross-domain Identity Management Resources
- RFC 9862 Path Computation Element Communication Protocol Extensions for Segment Routing Policy Candidate Paths
- RFC 9866 Root Node Failure Detector : Fast Detection of Border Router Crashes in the Routing Protocol for Low-Power and Lossy Networks
- RFC 9861 KangarooTwelve and TurboSHAKE
- RFC 9867 Mixing Preshared Keys in the IKE_INTERMEDIATE and CREATE_CHILD_SA Exchanges of the Internet Key Exchange Protocol Version 2 for Post-Quantum Security
- RFC 9860 Multicast-Only Fast Reroute Based on Topology Independent Loop-Free Alternate Fast Reroute
- RFC 9868 Transport Options for UDP