[lacnog] Fwd: [GROW] FW: [OPSEC] BCP 84, RFC 8704 on Enhanced Feasible-Path Unicast Reverse Path Forwarding

Alejandro Acosta alejandroacostaalamo en gmail.com
Sab Feb 29 00:23:51 GMT+3 2020


FYI..., muy interesante este documento. Un avance para el famoso uRPF.


Por otro lado, sorprendente (IMHO) que un documento tan importante haya
avanzado tan rápido, apenas la versión 00 fue en Abril 2018.


Saludos,


Alejandro,



-------- Forwarded Message --------
Subject: 	[GROW] FW: [OPSEC] BCP 84, RFC 8704 on Enhanced Feasible-Path
Unicast Reverse Path Forwarding
Date: 	Mon, 10 Feb 2020 17:37:40 +0000
From: 	Sriram, Kotikalapudi (Fed)
<kotikalapudi.sriram=40nist.gov en dmarc.ietf.org>
To: 	grow en ietf.org <grow en ietf.org>
CC: 	sidrops en ietf.org <sidrops en ietf.org>



This new RFC is a product of the OPSEC WG.
https://tools.ietf.org/html/rfc8704
I thought I should share the publication notice in GROW because
substantial discussion and feedback occurred also in the GROW WG when
this RFC was in draft form. Thank you.

CC'ing SIDROPS WG also since the RFC (BCP) recommendations include using
ROA data as part of the overall EFP-uRPF scheme.
Sriram
-------------------------
A new Request for Comments is now available in online RFC libraries.

BCP 84 RFC 8704

Title: Enhanced Feasible-Path Unicast Reverse Path Forwarding Author: K.
Sriram,
D. Montgomery,
J. Haas
Status: Best Current Practice
Stream: IETF
Date: February 2020
Mailbox: ksriram en nist.gov, dougm en nist.gov, jhaas en juniper.net
Pages: 17
Updates: RFC 3704
See Also: BCP 84

I-D Tag: draft-ietf-opsec-urpf-improvements-04.txt

URL: https://www.rfc-editor.org/info/rfc8704

DOI: 10.17487/RFC8704

This document identifies a need for and proposes improvement of the
unicast Reverse Path Forwarding (uRPF) techniques (see RFC 3704) for
detection and mitigation of source address spoofing (see BCP 38).
Strict uRPF is inflexible about directionality, the loose uRPF is
oblivious to directionality, and the current feasible-path uRPF
attempts to strike a balance between the two (see RFC 3704). However,
as shown in this document, the existing feasible-path uRPF still has
shortcomings. This document describes enhanced feasible-path uRPF
(EFP-uRPF) techniques that are more flexible (in a meaningful way)
about directionality than the feasible-path uRPF (RFC 3704). The
proposed EFP-uRPF methods aim to significantly reduce false positives
regarding invalid detection in source address validation (SAV).
Hence, they can potentially alleviate ISPs' concerns about the
possibility of disrupting service for their customers and encourage
greater deployment of uRPF techniques. This document updates RFC
3704.

This document is a product of the Operational Security Capabilities for
IP Network Infrastructure Working Group of the IETF.

BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.

***************

_______________________________________________
GROW mailing list
GROW en ietf.org
https://www.ietf.org/mailman/listinfo/grow
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20200228/7fc4c97a/attachment.html>
------------ próxima parte ------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1782 bytes
Desc: no disponible
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20200228/7fc4c97a/attachment.key>


Más información sobre la lista de distribución LACNOG