[GROW] FW: [OPSEC] BCP 84, RFC 8704 on Enhanced Feasible-Path Unicast Reverse Path Forwarding

Mon, 10 Feb 2020 09:39:00 -0800 

This new RFC is a product of the OPSEC WG.
https://tools.ietf.org/html/rfc8704
I thought I should share the publication notice in GROW because 
substantial discussion and feedback occurred also in 
the GROW WG when this RFC was in draft form. Thank you.

CC'ing SIDROPS WG also since the RFC (BCP) recommendations 
include using ROA data as part of the overall EFP-uRPF scheme. 

Sriram
-------------------------
A new Request for Comments is now available in online RFC libraries.

        BCP 84        
        RFC 8704

        Title:      Enhanced Feasible-Path Unicast Reverse Path 
                    Forwarding 
        Author:     K. Sriram,
                    D. Montgomery,
                    J. Haas
        Status:     Best Current Practice
        Stream:     IETF
        Date:       February 2020
        Mailbox:    ksri...@nist.gov, 
                    do...@nist.gov, 
                    jh...@juniper.net
        Pages:      17
        Updates:    RFC 3704
        See Also:   BCP 84

        I-D Tag:    draft-ietf-opsec-urpf-improvements-04.txt

        URL:   https://www.rfc-editor.org/info/rfc8704

        DOI:        10.17487/RFC8704

This document identifies a need for and proposes improvement of the
unicast Reverse Path Forwarding (uRPF) techniques (see RFC 3704) for
detection and mitigation of source address spoofing (see BCP 38).
Strict uRPF is inflexible about directionality, the loose uRPF is
oblivious to directionality, and the current feasible-path uRPF
attempts to strike a balance between the two (see RFC 3704). However,
as shown in this document, the existing feasible-path uRPF still has
shortcomings. This document describes enhanced feasible-path uRPF
(EFP-uRPF) techniques that are more flexible (in a meaningful way)
about directionality than the feasible-path uRPF (RFC 3704). The
proposed EFP-uRPF methods aim to significantly reduce false positives
regarding invalid detection in source address validation (SAV).
Hence, they can potentially alleviate ISPs' concerns about the
possibility of disrupting service for their customers and encourage
greater deployment of uRPF techniques. This document updates RFC
3704.

This document is a product of the Operational Security Capabilities for IP 
Network Infrastructure Working Group of the IETF.

BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

***************

_______________________________________________
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow

Reply via email to