Re: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-03.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 10 July 2019 17:01 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F9F4120178; Wed, 10 Jul 2019 10:01:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eb_M_7T-oi-u; Wed, 10 Jul 2019 10:01:56 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830100.outbound.protection.outlook.com [40.107.83.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A15412014E; Wed, 10 Jul 2019 10:01:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=H2O/ocLQeLKe4uBF0/aVds1fvDm4GADG44TF8doGWQ3gg2VUNcD9kP5mE0U4QNC99/4E3wtPm4KsFR5wiy06Vejs99xFCAQiUflFbpi3u6pg67hHQ35m9BalAM0xueqY5p9oUIuPT/0vlmey+W+RJrTTNipd007158x0JbSJcvHVBHdQDMmBtNHIzdf0RxNiljNG9RyhywC1mjp5/+8Y3Qey61gD8oR8pLtNnGK4EaLJuVPnaIIoMXZyE6amfRmqlBlL2yTJ/rLIetX6Pzuqvy3yVW9mirZXtaBDiPYcpZ9jY38L7ApgWn/R1KwqEnUavPIWcFR6IiUAjqgYjZPg/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hNeruxmItdRMHuJapakQDL/N0QnSEFgrKAYTdUydF24=; b=AW1KVDVutJMJmf9itIuxsvuKDuLPdSsQBiBoy5GpM4gtMDGG3o0szlot+BwAKNyEdoX9dAhDIIInFRK5xSR63zUHkeUwJxOEj2J7Pl3A5LYplHqFtUZ3ZmRmncxmAaQuPldBgpKJYKu/hQav2g7kePusQkbGlrWPpPDBzn1rRDQVDjGh7CgWkSMTRD1rVNB3jPJkW4QjM0kvMg3W1P/n4poSFgrDZAqupdHQMr5Srzl+rj3+Sw8HLdWsbbuciQn19XzDEy7BRJSqyhYimTaXHm8EF2E8awLmLUyRrJSq/q8VGHwCldH5QslAqaok3DvNPQ31B7nf6tfqCWzGnn0qwA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=nist.gov;dmarc=pass action=none header.from=nist.gov;dkim=pass header.d=nist.gov;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hNeruxmItdRMHuJapakQDL/N0QnSEFgrKAYTdUydF24=; b=rv3dM6Xcp0lc/S3yLF3CWPfdxVoREQfMimvZnC4bzarMZpgE5zQgBFeG+VQjErdtBLQtnCoL7YJBaSJ5ZgrFLPqnxABxlIhEjx0YLre1a3WFRsvZpytTYTcG/VXmqViR+fxGGS24dznMrzL3ao8sZKBqOjEoEpPVZe2+pE+IZQM=
Received: from DM6PR09MB3019.namprd09.prod.outlook.com (20.178.2.203) by DM6PR09MB3115.namprd09.prod.outlook.com (20.178.3.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2073.10; Wed, 10 Jul 2019 17:01:54 +0000
Received: from DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::6973:1f0e:3755:4fc6]) by DM6PR09MB3019.namprd09.prod.outlook.com ([fe80::6973:1f0e:3755:4fc6%6]) with mapi id 15.20.2073.008; Wed, 10 Jul 2019 17:01:54 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "opsec@ietf.org" <opsec@ietf.org>
CC: "Murphy, Sandra (Sandra.Murphy@parsons.com)" <Sandra.Murphy@parsons.com>, "draft-ietf-opsec-urpf-improvements@ietf.org" <draft-ietf-opsec-urpf-improvements@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-03.txt
Thread-Index: AdU3PtZPJ+cjOJnYSJmMldvqEglSgA==
Date: Wed, 10 Jul 2019 17:01:53 +0000
Message-ID: <DM6PR09MB3019664119484D933D13A95384F00@DM6PR09MB3019.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.161]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d221376b-3d12-46b2-de95-08d705584f68
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020); SRVR:DM6PR09MB3115;
x-ms-traffictypediagnostic: DM6PR09MB3115:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <DM6PR09MB3115D7F71C5B3E1B4B1F0DBF84F00@DM6PR09MB3115.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0094E3478A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(396003)(366004)(136003)(346002)(376002)(199004)(189003)(4326008)(5640700003)(486006)(2906002)(6506007)(186003)(66066001)(26005)(33656002)(478600001)(3846002)(102836004)(14454004)(6306002)(9686003)(25786009)(54906003)(316002)(6116002)(71190400001)(71200400001)(966005)(53936002)(99286004)(7696005)(14444005)(256004)(8676002)(76116006)(1730700003)(55016002)(229853002)(74316002)(86362001)(8936002)(2501003)(68736007)(7736002)(52536014)(6246003)(2351001)(305945005)(5660300002)(6916009)(476003)(6436002)(66574012)(66446008)(81156014)(81166006)(66556008)(66476007)(66946007)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR09MB3115; H:DM6PR09MB3019.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: bRBY0d3vfffyXFFoTJFlcO6owU79oh+r854cXcgJAQZKZCca1K/AhhUCScPx5u/2traqQngI8oeKwpexyvN4pNYH6Z/YcTOkVycRja/p0stIJmyhp0vtC2ZJNp8ecCfnW5qBYnZs6b5Ue06pQeZcowz0ZLhI5cKr8oh8CW6edig8IsHWgqEaXKHAT9WJh74A6fQwf2XjIfJIGoF+4pnC56FW6WenwXHe4XX+i2nEJk2oOXaD4Nrs6x6Z/cyQYair3vfH43btmWro7EAi6smqxIHVIyiNZxVSEddTu4UstU5jSoqQVhicZywSx0RTLypLxOKBf22WJm0iEnbQIrXxaj2rPJ6y/7sLJtOojL81j1gw2OfNelK0QBtwpAN9i1BGAy/dejujEBVlzRGdwaIQCPBavBHbdLMF901LAKAibg0=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: d221376b-3d12-46b2-de95-08d705584f68
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jul 2019 17:01:54.1099 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ksriram@nist.gov
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR09MB3115
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/rafp9nb_Nrk6r29CCxTs0jIOr5Y>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-03.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 17:01:59 -0000
This revised version (-03) incorporates editorial comments that the authors have received from the document shepherd (Sandy Murphy). Many thanks to Sandy. Sriram ---------------------------------------------------------------------------------------- Date: Mon, 08 Jul 2019 16:38:29 -0700 From: internet-drafts@ietf.org To: <i-d-announce@ietf.org> Cc: opsec@ietf.org Subject: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-03.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF. Title : Enhanced Feasible-Path Unicast Reverse Path Filtering Authors : Kotikalapudi Sriram Doug Montgomery Jeffrey Haas Filename : draft-ietf-opsec-urpf-improvements-03.txt Pages : 18 Date : 2019-07-08 Abstract: This document identifies a need for improvement of the unicast Reverse Path Filtering techniques (uRPF) (see BCP 84) for detection and mitigation of source address spoofing (see BCP 38). The strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two (see BCP 84). However, as shown in this draft, the existing feasible-path uRPF still has shortcomings. This document describes an enhanced feasible-path uRPF technique, which aims to be more flexible (in a meaningful way) about directionality than the feasible-path uRPF. It can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers, and encourage greater deployment of uRPF techniques. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-opsec-urpf-improvements/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-opsec-urpf-improvements-03 https://datatracker.ietf.org/doc/html/draft-ietf-opsec-urpf-improvements-03 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-urpf-improvements-03
- [OPSEC] I-D Action: draft-ietf-opsec-urpf-improve… internet-drafts
- Re: [OPSEC] I-D Action: draft-ietf-opsec-urpf-imp… Sriram, Kotikalapudi (Fed)