I-D list for SIDR Operations RSS FeedDocument changesurn:uuid:40ec9a07-f498-57b3-a10f-eae127ce8f162024-03-28T03:22:23-0700BGP Community-based Attacks and Community Origin Authentication9831222024-03-24T21:37:05-07002024-03-24T21:37:05-0700Yunhao LiuNew version available: <b>draft-liu-sidrops-community-authentication-01.txt</b>new_revisionnoneactiveidexists BGP community usage has continued to increase during the past decade.
Unfortunately, while BGP community is a seemingly innocuous feature,
it can be used to influence routing in unintended ways. Existing
defense mechanisms are insufficient to prevent community-based
attacks. This document describes some of the scenarios that may be
used to launch these attacks and make recommendations on practices
that may defend them. In particular, this document proposes
SecCommunity, an extension to the Border Gateway Protocol (BGP) that
can authenticate the ASes who added action community values on the
announcements.
01BGP Community-based Attacks and Community Origin Authentication9831212024-03-24T21:37:05-07002024-03-24T21:37:05-0700(System)New version approvednew_submissionnoneactiveidexistsBGP Community-based Attacks and Community Origin Authentication9831202024-03-24T21:27:11-07002024-03-24T21:27:11-0700(System)Request for posting confirmation emailed to previous authors: Jessie Wang <jessiewang@tsinghua.edu.cn>, Mingwei Xu <xumw@tsinghua.edu.cn>, Yangyang Wang <wangyy@cernet.edu.cn>, Yunhao Liu <lyh22@mails.tsinghua.edu.cn>new_submissionnoneactiveidexistsBGP Community-based Attacks and Community Origin Authentication9831192024-03-24T21:27:10-07002024-03-24T21:27:10-0700Yunhao LiuUploaded new revisionnew_submissionnoneactiveidexistsA profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)9829712024-03-21T23:27:57-07002024-03-21T23:27:57-0700Job SnijdersNew version available: <b>draft-ietf-sidrops-rpki-prefixlist-03.txt</b>new_revisionietfsidropsactiveidexistswg-doc This document defines a "Signed Prefix List", a Cryptographic Message
Syntax (CMS) protected content type for use with the Resource Public
Key Infrastructure (RPKI) to carry the complete list of prefixes
which an Autonomous System (the subject AS) may originate to all or
any of its routing peers. The validation of a Signed Prefix List
confirms that the holder of the subject AS produced the object, and
that this list is a current, accurate and complete description of
address prefixes that may be announced into the routing system
originated by the subject AS.
03A profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)9829702024-03-21T23:27:57-07002024-03-21T23:27:57-0700Job SnijdersNew version accepted (logged-in submitter: Job Snijders)new_submissionietfsidropsactiveidexistswg-docA profile for Signed Prefix Lists for Use in the Resource Public Key Infrastructure (RPKI)9829692024-03-21T23:27:56-07002024-03-21T23:27:56-0700Job SnijdersUploaded new revisionnew_submissionietfsidropsactiveidexistswg-docA Profile for Mapping Origin Authorizations (MOAs)9821622024-03-20T01:02:15-07002024-03-20T01:02:15-0700Chongfeng XieNew version available: <b>draft-xie-sidrops-moa-profile-02.txt</b>new_revisionnoneactiveidexists For the authenticity of the mapping origin of IPv4 address block in
IPv6-only networks, this document defines a standard profile for
Mapping Origin Authorizations (MOAs). MOA is a cryptographically
signed object that provides a means of verifying that the holder of a
set of IPv4 prefixes has authorized an IPv6 mapping prefix to
originate mapping for those prefixes. When receiving the MOA objects
from the relying parties, PE devices can verify and discard invalid
address mapping announcements from unauthorized IPv6 mapping prefixes
to prevent IPv4 prefix hijacking.
02A Profile for Mapping Origin Authorizations (MOAs)9821612024-03-20T01:02:15-07002024-03-20T01:02:15-0700Chongfeng XieNew version accepted (logged-in submitter: Chongfeng Xie)new_submissionnoneactiveidexistsA Profile for Mapping Origin Authorizations (MOAs)9821602024-03-20T01:02:15-07002024-03-20T01:02:15-0700Chongfeng XieUploaded new revisionnew_submissionnoneactiveidexistsSigned Prefix List (SPL) Based Route Origin Verification and Operational Considerations9800162024-03-17T08:20:39-07002024-03-17T08:20:39-0700Kotikalapudi SriramNew version available: <b>draft-sriram-sidrops-spl-verification-00.txt</b>new_revisionnoneactiveidexists The Signed Prefix List (SPL) is an RPKI object that attests to the
complete list of prefixes which an Autonomous System (AS) may
originate in the Border Gateway Protocol (BGP). This document
specifies an SPL-based Route Origin Verification (SPL-ROV)
methodology and combines it with the ROA-based ROV (ROA-ROV) to
facilitate an integrated mitigation strategy for prefix hijacks and
AS forgery. The document also explains the various BGP security
threats that SPL can help address and provides operational
considerations associated with SPL-ROV deployment.
00Signed Prefix List (SPL) Based Route Origin Verification and Operational Considerations9800152024-03-17T08:20:39-07002024-03-17T08:20:39-0700(System)New version approvednew_submissionnoneactiveidexistsSigned Prefix List (SPL) Based Route Origin Verification and Operational Considerations9800142024-03-17T08:19:48-07002024-03-17T08:19:48-0700Kotikalapudi SriramRequest for posting confirmation emailed to submitter and authors: Doug Montgomery <dougm@nist.gov>, Job Snijders <job@fastly.com>, Kotikalapudi Sriram <ksriram@nist.gov>new_submissionnoneactiveidexistsSigned Prefix List (SPL) Based Route Origin Verification and Operational Considerations9800132024-03-17T08:16:13-07002024-03-17T08:16:13-0700Kotikalapudi SriramUploaded new revisionnew_submissionnoneactiveidexistsFiltering Out RPKI Data by Type based on Enhanced SLURM Filters9797602024-03-16T21:05:06-07002024-03-16T21:05:06-0700Yu FuNew version available: <b>draft-fu-sidrops-enhanced-slurm-filter-00.txt</b>new_revisionnoneactiveidexists Simplified Local Internet Number Resource Management with the RPKI
(SLURM) helps operators create a local view of the global RPKI by
generating sets of filters and assertions. This document proposes to
filter out RPKI data by type based on enhanced SLURM filters. Only
the RPKI data types that the network or routers are interested in
will appear in the Relay Party's output.
00Filtering Out RPKI Data by Type based on Enhanced SLURM Filters9797592024-03-16T21:05:06-07002024-03-16T21:05:06-0700(System)New version approvednew_submissionnoneactiveidexistsFiltering Out RPKI Data by Type based on Enhanced SLURM Filters9797582024-03-16T21:03:49-07002024-03-16T21:03:49-0700Yu FuRequest for posting confirmation emailed to submitter and authors: Nan Geng <gengnan@huawei.com>, Yu Fu <fuy186@chinaunicom.cn>new_submissionnoneactiveidexistsFiltering Out RPKI Data by Type based on Enhanced SLURM Filters9797572024-03-16T21:03:14-07002024-03-16T21:03:14-0700Yu FuUploaded new revisionnew_submissionnoneactiveidexists