[OPSEC] FW: New Version Notification for draft-sriram-opsec-urpf-improvements-02.txt
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Tue, 31 October 2017 17:29 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCE2313FA14; Tue, 31 Oct 2017 10:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wihQFi8lzHsd; Tue, 31 Oct 2017 10:29:27 -0700 (PDT)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0105.outbound.protection.outlook.com [23.103.200.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2EBD13FA0D; Tue, 31 Oct 2017 10:29:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=DBTL4w/NqGaqW2UURAMsG7SF8ZSJUtDdxO6kpLJdsK8=; b=vtTItrlB09lmOMX7Cb4Mw5OYei0bhrQrjj3iA2o30cBMLf+aJD0PdkzzAYia2Qog1SxwNf02FhfbKG3VJ3CcOfNEoFhEguqO5yrg859LogoAFdx+Nx5b9Teqj05Sv2vKOk0Rl1bryPdHcmh0eecN3vsmRW1uI9Jtor8SlEaP2XY=
Received: from SN4PR0901MB2176.namprd09.prod.outlook.com (10.167.151.140) by SN4PR0901MB2174.namprd09.prod.outlook.com (10.167.151.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Tue, 31 Oct 2017 17:29:04 +0000
Received: from SN4PR0901MB2176.namprd09.prod.outlook.com ([fe80::2d21:3ea1:3904:77db]) by SN4PR0901MB2176.namprd09.prod.outlook.com ([fe80::2d21:3ea1:3904:77db%13]) with mapi id 15.20.0077.022; Tue, 31 Oct 2017 17:29:04 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "opsec@ietf.org" <opsec@ietf.org>
CC: "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>, "draft-sriram-opsec-urpf-improvements@ietf.org" <draft-sriram-opsec-urpf-improvements@ietf.org>, Job Snijders <job@ntt.net>
Thread-Topic: New Version Notification for draft-sriram-opsec-urpf-improvements-02.txt
Thread-Index: AQHTUcdU3uYXweLKUECpVZ7r+vEPZKL+MfHA
Date: Tue, 31 Oct 2017 17:29:04 +0000
Message-ID: <SN4PR0901MB21760F3C5115CA4E164BC5A7845E0@SN4PR0901MB2176.namprd09.prod.outlook.com>
References: <150939944897.7765.772862235683181250.idtracker@ietfa.amsl.com>
In-Reply-To: <150939944897.7765.772862235683181250.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.140.122]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN4PR0901MB2174; 6:W1MYA80XGrpXgaDdgGqgDZ+QG19Xh39Qs0EkI9LgMZN2RUt4uct2OnF6icSvA5tY6OoQM5RIrRC2/g9eW53sS4be2KDurb5yb19fwpW0GNxHi0jerq4hJmfUToyoxql9nOVWAoGUZifscxs8Zz6lBHLjKK9dm3aY8mGOSjjrYs3ta5Mo0w0N0T+uUcJIaqzYm3wL+MKVMVjNHpILw2wqfjfkcLfqvaikpsp+qvinyJNtuI72LpC2nxhgcs+lBTnoMMPXJZn29VAZMcSIPBMwpjCzKCPOJ9+Mdg54zOiJL5snlpirlzWrt2LGEsJsVb7m3PR64PFcMBebo6Upe1z2nw==; 5:jD5b3tfdkeRHOXCOFirDG4UV7F42KprPNFAdA26rKIpwP5e6RKNnBu/pjXRNMCjv3AOhmr950BwV030+RV6lpsmcFktz5muIYtCo5v07+2RSBDSe6X6tsuK3Tmq9kjTxh/Ui28qa3XVtQQRsyTm23Q==; 24:80cZiJpTOGuItXgd2TDoXX5RBJtI30pNm7+MFMy9D6cQ/erbDeJ2JHSd5cak8jhgk0AOx82iX7T7k+htbGdfdLYdb31MdlpUCUqT3UeWMRw=; 7:RMV2hSXt2NJ8xd4fJdKj+i5fSNc3LilXSZ3maf69v8kLw8PuwB/27kQjK02XMHYuLm5mh6CKP3iXf0NAqhdkF1Xa0IGcqafMkIKKSFoO/9+g2LEzL0kTZo7NIdVVeYHhqRP9iJPJZ4hA1klJTCabWix2TwiWg0HCVh4ZTWNvvJKDsiDFIHF/M7kjK4g0oAnnDH9fe8u42H8yv/71cF5X2e6cEau0sz4F/St7mFBre3M=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 1de15e24-cf4d-4b99-d30f-08d52084e225
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199); SRVR:SN4PR0901MB2174;
x-ms-traffictypediagnostic: SN4PR0901MB2174:
x-exchange-antispam-report-test: UriScan:(65766998875637)(138986009662008);
x-microsoft-antispam-prvs: <SN4PR0901MB217401F7CC06829C4E901B33845E0@SN4PR0901MB2174.namprd09.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231020)(3002001)(100000703101)(100105400095)(10201501046)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123560025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN4PR0901MB2174; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN4PR0901MB2174;
x-forefront-prvs: 04772EA191
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(346002)(376002)(39860400002)(189002)(377424004)(199003)(13464003)(189998001)(68736007)(4001150100001)(25786009)(5660300001)(106356001)(81156014)(2900100001)(305945005)(7736002)(81166006)(1730700003)(33656002)(3846002)(74316002)(8676002)(8936002)(6116002)(54906003)(316002)(102836003)(4326008)(7696004)(5250100002)(229853002)(39060400002)(2501003)(66066001)(15650500001)(6916009)(86362001)(561944003)(478600001)(97736004)(2950100002)(230783001)(50986999)(2906002)(6306002)(101416001)(55016002)(14454004)(6436002)(5640700003)(76176999)(9686003)(966005)(53546010)(54356999)(99286003)(3280700002)(105586002)(2473003)(2351001)(3660700001)(53936002)(6506006); DIR:OUT; SFP:1102; SCL:1; SRVR:SN4PR0901MB2174; H:SN4PR0901MB2176.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2017 17:29:04.2663 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR0901MB2174
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/nYwCHcey-mXw84gx6V0WAWmWvGA>
Subject: [OPSEC] FW: New Version Notification for draft-sriram-opsec-urpf-improvements-02.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 17:29:30 -0000
In this freshly uploaded new version, https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements-02 https://tools.ietf.org/rfcdiff?url2=draft-sriram-opsec-urpf-improvements-02.txt the following changes are worth noting: 1. Jeff Haas has been added as a co-author. (The original authors had several very helpful discussion with Jeff and received very useful inputs from him, particularly regarding implementation considerations.) 2. At the OPSEC WG meeting in July in Prague, the we had a lively discussion regarding a challenging scenario in which the original proposal would not work. This scenario is described in Section 3.3. 3. Adding further flexibility to the proposed method has the potential to overcome this challenge. Section 3.4 describes this added flexibility and the new revised algorithm. 4. Implementation considerations, including an analysis of the FIB memory size requirements, are presented in more detail in Section 3.5. Thanks to many in the OPSEC and GROW WGs for discussions and constructive criticism. Sriram -----Original Message----- From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] Sent: Monday, October 30, 2017 5:37 PM To: Sriram, Kotikalapudi (Fed) <kotikalapudi.sriram@nist.gov>; Montgomery, Douglas (Fed) <dougm@nist.gov>; Jeffrey Haas <jhaas@juniper.net> Subject: New Version Notification for draft-sriram-opsec-urpf-improvements-02.txt A new version of I-D, draft-sriram-opsec-urpf-improvements-02.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-opsec-urpf-improvements Revision: 02 Title: Enhanced Feasible-Path Unicast Reverse Path Filtering Document date: 2017-10-30 Group: Individual Submission Pages: 14 https://tools.ietf.org/html/draft-sriram-opsec-urpf-improvements-02 https://tools.ietf.org/rfcdiff?url2=draft-sriram-opsec-urpf-improvements-02.txt Abstract: This document identifies a need for improvement of the unicast Reverse Path Filtering techniques (uRPF) [BCP84] for source address validation (SAV) [BCP38]. The strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two [BCP84]. However, as shown in this draft, the existing feasible-path uRPF still has short comings. This document proposes an enhanced feasible-path uRPF technique, which aims to be more flexible (in a meaningful way) about directionality than the feasible-path uRPF. It can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers, and encourage greater deployment of uRPF techniques.
- [OPSEC] FW: New Version Notification for draft-sr… Sriram, Kotikalapudi (Fed)