Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Stateless Hash-Based Digital Signature Algorithm
RFC 9909, “Internet X.509 Public Key Infrastructure -- Algorithm Identifiers for the Stateless Hash-Based Digital Signature Algorithm”, is a Proposed Standard document published in December 2025 by K. Bashiri, S. Fluhrer, S. Gazdag, D. Van Geest, S. Kousidis. The canonical text is published by the RFC Editor.
Abstract
Digital signatures are used within the X.509 Public Key Infrastructure, such as X.509 certificates and Certificate Revocation Lists (CRLs), as well as to sign messages. This document specifies the conventions for using the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) in the X.509 Public Key Infrastructure. The conventions for the associated signatures, subject public keys, and private keys are also specified.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9909 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9911 Common YANG Data Types
- RFC 9906 Deprecate Usage of ECC-GOST within DNSSEC
- RFC 9905 Deprecating the Use of SHA-1 in DNSSEC Signature Algorithms
- RFC 9904 DNSSEC Cryptographic Algorithm Recommendation Update Process
- RFC 9903 A YANG Data Model for OSPF Segment Routing over the MPLS Data Plane
- RFC 9902 A YANG Data Model for IS-IS Segment Routing over the MPLS Data Plane
- RFC 9901 Selective Disclosure for JSON Web Tokens
- RFC 9900 Updates to NETCONF Transport Port Numbers