Skip to main content

Origin Validation Signaling

Document Type Expired Internet-Draft (individual)
Authors Randy Bush , Keyur Patel
Last updated 2020-01-03 (Latest revision 2019-07-02)
Stream (None)
Intended RFC status (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


Within a trust boundary, e.g. an operator's PoP, it may be useful to have only a few central devices do full Origin Validation using the Resource Public Key Infrastructure, and be able to signal to an internal sender that a received route fails Origin Validation. E.g. route reflectors could perform Origin Validation for a cluster and signal back to a sending client that it sent an invalid route. Routers capable of sending and receiving this signal can use the extended community described in [RFC8097].


Randy Bush
Keyur Patel

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)