Tootfinder

looking at an old rfc i was reminded of how pointless “security considerations” sections used to be
which made me wonder what rule the authors were supposed to be obeying
the first security considerations section was in RFC 1060 which set a bad example that almost everyone followed
https://www.r…

Weekend Reads
* Preventing route leaks
https://blog.apnic.net/2025/09/05/preventing-route-leaks-made-simple-bgp-roleplay-with-junos-rfc-9234/
* IPTV piracy network report

Preventing route leaks made simple: BGP roleplay with Junos (RFC 9234) | APNIC Blog
Guest Post: For 35 years, accidental BGP route leaks and hijacks have been routine — a simple tweak, now defined in RFC 9234, could have prevented most of them.

Three small announcements:
1. RFC 9839, a guide to which Unicode characters you should never use: https://www.rfc-editor.org/rfc/rfc9839.html
2. Blog piece with background and context, “RFC 9839 and Bad Unicode”:

"I just want my life back!"
New from Chuck Tingle. This Summer don't stray too far from the standards track, lest you be…
Pounded in the Ass By the RFC Process
https://mailarchive.ietf.org/arch/msg/dane/JPY1_4_KFznrh_sAPUvQc2ig9Cs/

Woohoo #OPAQUE now is an #IETF #RFC 9807!
https://www.rfc-edi…

Working with the new #Idempotency Keys #RFC
https://httptoolkit.com/blog/idempotency-keys/…

What's the go-to for non-Microsoft non-Google email hosting these days?
Requirements:
* Supports proper RFC compliant SMTP/IMAP TLS access. No oauth, no EWS, no exchange nonsense. Needs to be usable on e.g. a headless box without a web browser, command line clients, etc.
* Reasonably priced for a handful of accounts across a bunch of domains
* Setup and forget third party hosting, I don't have an IP block suitable for mail hosting in house and I don't want …

Has anybody seen #RFC9727
(api-catalog: A Well-Known URI and Link Relation to Help Discovery of APIs) implemented anywhere on the internet yet?
https://www.rfc-editor.org/rfc/rfc9727.html

from my link log —
Intra-procedural lifetime and borrowing analysis in Clang.
https://discourse.llvm.org/t/rfc-intra-procedural-lifetime-analysis-in-clang/86291
saved 2025-07-15

JSON Whisperer: Efficient JSON Editing with LLMs
Sarel Duanis, Asnat Greenstein-Messica, Eliya Habba
https://arxiv.org/abs/2510.04717 https://arxiv.org/pdf…

JSON Whisperer: Efficient JSON Editing with LLMs
Large language models (LLMs) can modify JSON documents through natural language commands, but current approaches regenerate entire structures for each edit, resulting in computational inefficiency. We present JSON Whisperer, a framework that enables LLMs to generate RFC 6902 diff patches-expressing only the necessary modifications-rather than complete documents. We identify two key challenges in patch-based editing: (1) LLMs often miss related updates when generating isolated patches, and (2) a…

No to poprawcie mnie, jeżeli się mylę, co do aktualnego stanu #OpenPGP.
Po pierwsze, jest dawne #RFC4880bis, aktualnie przepychane jako "#LibrePGP", używane przez

OpenSSL Security Advisory [30th September 2025]
#openssl #vulnerability

@… Temporal seems to use RFC 9557 which is a much stricter date format https://developer.mozilla.org/en-US/do

TIL that chatgpt signs HTTP requests with RFC 9421 signatures, which initially seems over the top, until you consider the scope of what agentic systems might end up doing.
https://fedi.simonwillison.net/@simon/114973107878476323

#PGP bzw. genauer #OpenPGP gibt es in verschiedenen Standards:
- RFC 2440
- RFC 4880
- RFC 9580 und
- LibrePGP
Johannes Roth und Falko Strenzke haben die Unterschiede zwischen den wichtigsten Standards herausgearbeitet:

A few days back I tweeted and blogged about the brand-new RFC 9839, and also published the first draft of tiny Go library to help enforce the subsets defined in the RFC. Got lots of useful input on the library and have progressed it enough to do a v0.8.0 release: https://github.com/timbray/rfc9839…

Some modernization planning for Duende IdentityServer. If you are in the #dotnet space, please leave your thoughts. https://github.com/orgs/DuendeSoftware/discussions/285

RFC: Modernizing CancellationToken Usage in Async APIs · DuendeSoftware · Discussion #285
Hey everyone, We're considering a significant change to how IdentityServer handles asynchronous operations, and we need your feedback before moving forward. TL;DR: We want to add CancellationToken ...

Quantum Computing-resistant cryptographic algorithms now available for .NET developers.
✅ .NET 10 Preview 7 - Module Lattice Digital Signature Algorithm
https://github.com/dotnet/core/blob/main/release-note…

core/release-notes/10.0/preview/preview7/libraries.md at main · dotnet/core
.NET news, announcements, release notes, and more! - dotnet/core

«Unicode is good. If you’re designing a data structure or protocol that has text fields, they should contain #Unicode characters encoded in #UTF8. There’s another question, though: “Which Unicode characters?” The answer is “Not all of them, please exclude some.”
This issue keeps coming up, so [

@… I did look through those APIs and it looks like they parse RFC 9557 which is less forgiving https://developer.mozilla.org/en-US/…

I scored 20/21 on https://e-mail.wtf and all I got was this lousy text to share on social media.
This is an entertaining quiz. But RFC 5322 is not the right place to look for an answer to the question of what a (syntactically) valid email address is.

Enhanced Predictive Modeling for Hazardous Near-Earth Object Detection: A Comparative Analysis of Advanced Resampling Strategies and Machine Learning Algorithms in Planetary Risk Assessment
Sunkalp Chandra
https://arxiv.org/abs/2508.15106

Enhanced Predictive Modeling for Hazardous Near-Earth Object Detection: A Comparative Analysis of Advanced Resampling Strategies and Machine Learning Algorithms in Planetary Risk Assessment
This study evaluates the performance of several machine learning models for predicting hazardous near-Earth objects (NEOs) through a binary classification framework, including data scaling, power transformation, and cross-validation. Six classifiers were compared, namely Random Forest Classifier (RFC), Gradient Boosting Classifier (GBC), Support Vector Classifier (SVC), Linear Discriminant Analysis (LDA), Logistic Regression (LR), and K-Nearest Neighbors (KNN). RFC and GBC performed the best, b…

The correct regional coding for a "London" IP address in RFC 8805 is
10.0.0.0/16,GB,GB-ENG,London,
This is because there is no ISO 3166-2 code for London, just for its individual boroughs. The code GB-LND is often used to represent London, but this specifically identifies City of London which has the property of being London's central point geographically, but is not London itself.
(I think that a "GB-LON" that covers City and 32 boroughs would be go…

@… so basically, I had the library and test suite already ready, just needed to make some small changes in the library for RFC 9557 compat (and to save ~55KB over the full Temporal polyfill lib)

Time-Based State-Management of Hash-Based Signature CAs for VPN-Authentication
Daniel Herzinger, Linus Heise, Daniel Loebenberger, Matthias S\"ollner
https://arxiv.org/abs/2509.11695

Time-Based State-Management of Hash-Based Signature CAs for VPN-Authentication
Advances in quantum computing necessitate migrating the entire technology stack to post-quantum cryptography. This includes IPsec-based VPN connection authentication. Although there is an RFC draft for post-quantum authentication in this setting, the draft does not consider (stateful) hash-based signatures despite their small signature size and trusted long-term security. We propose a design with time-based state-management that assigns VPN devices a certificate authority (CA) based on the ha…

One more entry in my epic date parsing adventure. I’ve shipped a breaking change to this library to ensure that all valid date strings supported in Eleventy v4 will be RFC 9557-compatible, ensuring friendliness with the standardized Temporal APIs coming to a JavaScript runtime near you. Our full test suite runs against both!
Read (a little) more:

RFSeek and Ye Shall Find
Noga H. Rotman, Tiago Ferreira, Hila Peleg, Mark Silberstein, Alexandra Silva
https://arxiv.org/abs/2509.10216 https://arxiv.org/p…

RFSeek and Ye Shall Find
Requests for Comments (RFCs) are extensive specification documents for network protocols, but their prose-based format and their considerable length often impede precise operational understanding. We present RFSeek, an interactive tool that automatically extracts visual summaries of protocol logic from RFCs. RFSeek leverages large language models (LLMs) to generate provenance-linked, explorable diagrams, surfacing both official state machines and additional logic found only in the RFC text. Com…

Researching ISO 8601 and RFC 3339 date parsing and found this excellent resource: https://ijmacd.github.io/rfc3339-iso8601/
Tried a few packages to solve this problem (dayjs, date-fns, luxon, moment). Unfortunately they are either not accurate enough or very large 😭

Safefetch is close: currently rewriting commit messages closer to required style
Then it'll be off to linux-hardening for initial feedback and testing as an RFC
It's taken about a year to forward port the patchset