RFC: Request for Comments

Acronym Series

Written by: Scott Hammond, Senior Security Engineer
Connect with Scott on LinkedIn

In our Acronym Series, Nexum’s expert engineers define the industry’s most popular topics.

Acronym: RFC – Request for Comments

Definition: RFCs are a publication series from technical development and standard-setting bodies for the Internet, most notably of which is the Internet Engineering Task Force (IETF).


RFCs came to be in 1969 as part of the seminal ARPANET project. Steve Crocker invented the system. An RFC is authored by individuals, groups, and computer scientists as a memorandum describing innovations and methods applicable to the inner workings of the Internet and various connected systems. RFCs leave questions open in a less formal style, inviting comments in a peer-review fashion.

Internet Engineering Task Force

The IETF adopts some of the published RFCs as Internet Standards; however, many are informational and do not necessarily represent standards. There are three sub-series IETF RFCs:

·       Best Current Practice (BCP) is a series of mandatory IETF RFCs not on a standards track

·       For Your Information (FYI) is a series of informational-only RFCs as outlined in RFC 1150 or “FYI 1,” though in 2011, RFC 6360 brought an end to the FYI sub-series

·       Standard (STD) was the highest maturity level, but in 2011, as part of RFC 6410, the standards track was reduced to just two maturity levels known as “Proposed Standard” and “Internet Standard.”

There are four RFC streams: IETF, IRTF (Internet Research Task Force), IAB (Internet Architecture Board), and independent submission.

Not all RFCs have grown up to be standards. Therefore, there are five different statuses:

·       Informational

o   These can be anything from a joke to something like DNS Structure and Delegation RFC 1591

o   I’m serious. There are April Fools’ RFCs cranked out almost every year.

·       Experimental

o   This is for proposals that may or may not work and may or may not be embraced

o   Some of these originate as Informational “jokes” (see RFC 1149 or IP on Avian Carrier)

·       Best Current Practice

o   There is some gray area between this and Standards, but the general rule of thumb is that if it only affects the Internet Standards Process or IETF administration, it’s a BCP

·       Standards Track

o   Further divided into Proposed and Internet Standards as we touched on above

·       Historic

o   We’ve left behind these older RFCs in favor of newer ones. BGP version 4 would be an example of a Historic RFC.

·       Unknown

o   Wait, Scott, you said there were only five. Well, we all have the junk drawer in the kitchen, right? This is where it goes when you don’t have any other place to put it.


Check Out More Resources

Nexum Resources

Enterprise Logging Best Practices

Each quarter, the managed security team at Nexum shares insights from our first*defense SNOCC. In this post, we decided to share some general logging best practices that are likely to benefit every organization.

Read More »