Skip to main content

The Use of Maxlength in the RPKI
draft-ietf-sidrops-rpkimaxlen-03

The information below is for an old version of the document.
Document Type Expired Internet-Draft (sidrops WG)
Authors Yossi Gilad , Sharon Goldberg , Kotikalapudi Sriram , Job Snijders , Ben Maddison
Last updated 2020-04-26 (Latest revision 2019-10-24)
Replaces draft-yossigi-rpkimaxlen
Stream Internet Engineering Task Force (IETF)
Formats
Expired & archived
plain text xml htmlized pdfized bibtex
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:
https://www.ietf.org/archive/id/draft-ietf-sidrops-rpkimaxlen-03.txt

Abstract

This document recommends ways to reduce forged-origin attack surface by prudently limiting the address space that is included in Route Origin Authorizations (ROAs). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. The document also discusses creation of ROAs for facilitating Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and origin validation for the case of destination-based Remote Triggered Black Hole (RTBH) filtering are also highlighted.

Authors

Yossi Gilad
Sharon Goldberg
Kotikalapudi Sriram
Job Snijders
Ben Maddison

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)