Technical Summary
This document recommends ways to reduce the forged-origin hijack
attack surface by prudently limiting the set of IP prefixes that are
included in a Route Origin Authorization (ROA). One recommendation
is to avoid using the maxLength attribute in ROAs except in some
specific cases. The recommendations complement and extend those in
RFC 7115. The document also discusses the creation of ROAs for
facilitating the use of Distributed Denial of Service (DDoS)
mitigation services. Considerations related to ROAs and origin
validation in the context of destination-based Remote Triggered Black
Hole (RTBH) filtering are also highlighted.
Working Group Summary
The document went through 9 revisions in the WG, had good conversation during meetings as well as on-list.
Document Quality
The document is well written and clear.
Personnel
Chris Morrow is the DS
Warren Kumari is, as always, RAD!!!!
IESG Note:
RFC Editor: Please add this document to BCP185. (this is just a request to the RFC Editor; and shouldn't be added to the document itself)