The Use of Maxlength in the RPKI

The information below is for an old version of the document
Document Type Expired Internet-Draft (sidrops WG)
Authors Yossi Gilad  , Sharon Goldberg  , Kotikalapudi Sriram  , Job Snijders  , Ben Maddison 
Last updated 2020-04-26 (latest revision 2019-10-24)
Replaces draft-yossigi-rpkimaxlen
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document recommends ways to reduce forged-origin attack surface by prudently limiting the address space that is included in Route Origin Authorizations (ROAs). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. The document also discusses creation of ROAs for facilitating Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and origin validation for the case of destination-based Remote Triggered Black Hole (RTBH) filtering are also highlighted.


Yossi Gilad (
Sharon Goldberg (
Kotikalapudi Sriram (
Job Snijders (
Ben Maddison (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)