The Use of Maxlength in the RPKI
draft-ietf-sidrops-rpkimaxlen-03
| Document | Type | Expired Internet-Draft (sidrops WG) | |
|---|---|---|---|
| Authors | Yossi Gilad , Sharon Goldberg , Kotikalapudi Sriram , Job Snijders , Ben Maddison | ||
| Last updated | 2020-04-26 (Latest revision 2019-10-24) | ||
| Replaces | draft-yossigi-rpkimaxlen | ||
| Stream | Internet Engineering Task Force (IETF) | ||
| Formats |
Expired & archived
plain text
xml
htmlized
pdfized
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | (None) | ||
| IESG | IESG state | Expired | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-ietf-sidrops-rpkimaxlen-03.txt
Abstract
This document recommends ways to reduce forged-origin attack surface by prudently limiting the address space that is included in Route Origin Authorizations (ROAs). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. The document also discusses creation of ROAs for facilitating Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and origin validation for the case of destination-based Remote Triggered Black Hole (RTBH) filtering are also highlighted.
Authors
Yossi Gilad
Sharon Goldberg
Kotikalapudi Sriram
Job Snijders
Ben Maddison
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)