The IESG has approved the following document: - 'The Use of maxLength in the RPKI' (draft-ietf-sidrops-rpkimaxlen-15.txt) as Best Current Practice
This document is the product of the SIDR Operations Working Group. The IESG contact persons are Warren Kumari and Robert Wilton. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpkimaxlen/ Technical Summary This document recommends ways to reduce the forged-origin hijack attack surface by prudently limiting the set of IP prefixes that are included in a Route Origin Authorization (ROA). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. The document also discusses the creation of ROAs for facilitating the use of Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and origin validation in the context of destination-based Remote Triggered Black Hole (RTBH) filtering are also highlighted. Working Group Summary The document went through 9 revisions in the WG, had good conversation during meetings as well as on-list. Document Quality The document is well written and clear. Personnel Chris Morrow is the DS Warren Kumari is, as always, RAD!!!! IESG Note: RFC Editor: Please add this document to BCP185. (this is just a request to the RFC Editor; and shouldn't be added to the document itself) _______________________________________________ IETF-Announce mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-announce
