Re: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-02.txt

"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Thu, 04 April 2019 13:27 UTC

Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F36F1201CB; Thu, 4 Apr 2019 06:27:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gECe7tOkhEIk; Thu, 4 Apr 2019 06:27:12 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830134.outbound.protection.outlook.com [40.107.83.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B93B1201B3; Thu, 4 Apr 2019 06:27:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cbo0sByGyZ4UrQ8u7fgu61lmmkfS7GdqGCfN9d+d88s=; b=Y2fBv7rnynVLNkSJYv1C8FdKMO5+YJPjgSgUVoBQ/kltK7wBgPdZxr6jjeAhov3laWKihMQOVi2FPIyhF43ETURCnW7GrOwnBZA11nSKc1/BMYda1Hk1tyqBY71HSZhBue9WDFUetlBJHOjNyBmPma8ddd03UTK5pi7AvsWZRmE=
Received: from SN6PR0901MB2366.namprd09.prod.outlook.com (52.132.115.159) by SN6PR0901MB2365.namprd09.prod.outlook.com (52.132.115.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.17; Thu, 4 Apr 2019 13:27:09 +0000
Received: from SN6PR0901MB2366.namprd09.prod.outlook.com ([fe80::f43e:31c7:74b4:259a]) by SN6PR0901MB2366.namprd09.prod.outlook.com ([fe80::f43e:31c7:74b4:259a%3]) with mapi id 15.20.1750.017; Thu, 4 Apr 2019 13:27:09 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "opsec@ietf.org" <opsec@ietf.org>
CC: "draft-ietf-opsec-urpf-improvements@ietf.org" <draft-ietf-opsec-urpf-improvements@ietf.org>, "opsec-chairs@ietf.org" <opsec-chairs@ietf.org>
Thread-Topic: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-02.txt
Thread-Index: AQHU6ueK5JHncpTm/ECpCCPKak8l0A==
Date: Thu, 4 Apr 2019 13:27:09 +0000
Message-ID: <SN6PR0901MB236635C6DABAD1B74C88466784500@SN6PR0901MB2366.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=kotikalapudi.sriram@nist.gov;
x-originating-ip: [129.6.219.236]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3aeab356-76ad-47c5-0740-08d6b9013d54
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:SN6PR0901MB2365;
x-ms-traffictypediagnostic: SN6PR0901MB2365:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <SN6PR0901MB236597440241C85086B6842D84500@SN6PR0901MB2365.namprd09.prod.outlook.com>
x-forefront-prvs: 0997523C40
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(39860400002)(366004)(136003)(199004)(189003)(71190400001)(7736002)(1730700003)(14444005)(86362001)(229853002)(53936002)(2501003)(6506007)(5660300002)(9686003)(71200400001)(5640700003)(68736007)(7696005)(102836004)(305945005)(26005)(25786009)(74316002)(476003)(52536014)(66574012)(256004)(99286004)(6306002)(14454004)(105586002)(54906003)(2906002)(81166006)(316002)(8936002)(186003)(6916009)(81156014)(966005)(55016002)(6436002)(6116002)(486006)(6246003)(4326008)(478600001)(33656002)(66066001)(106356001)(97736004)(3846002)(2351001)(450100002)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR0901MB2365; H:SN6PR0901MB2366.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: TXX0ODrAExQjc5z2rQ+y6xRTkLW1u882j2KQ/X+s0Mj1aRsRneIGsy2+SG0BvyIbY3TjY2QZ9L7wKMdmadRXK03KzsE2o+UZT4YbhXk5odaBUJIgBSaFbQa0egMfSbrCX6xYqyJixdMnalWdYk03i83rO+FDbXH/H7vn1TOnhLK7Z4G/iO88A7m0q7nDCfhCmmWNmcwc6ocV/UiT09RPAPEMosKlOC5uffzJX5NKlRAMVo9JceE3ttCrw3M0zA9HQP7fHam77iHvhA8xPfgk/AlEEZTIMkTVZOEYNc/15utOgDtCd2B9YP0XQ2OTY1czKNbz+iy2WanKOem8jccHPO1KRufG72R9186drF8Stlc8M8ruQkGgq1F4sr7QGz0CzkC17LFc+3qUYYx88RzFyTiM6x9fiEInm7J4o6vTIn0=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 3aeab356-76ad-47c5-0740-08d6b9013d54
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2019 13:27:09.3105 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR0901MB2365
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/3iuO8UD001Y-zuS86irM72LN19U>
Subject: Re: [OPSEC] I-D Action: draft-ietf-opsec-urpf-improvements-02.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 13:27:15 -0000

This (-02) is a slightly updated over the previous (-01) version -- minor editorial changes and some wording improvements.
Significant changes based on WG adoption call comments/discussion last April were already included in -01. 
Thanks.

Sriram
--------------------------------------------------------------------------------------------  


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Operational Security Capabilities for IP Network Infrastructure WG of the IETF.

        Title           : Enhanced Feasible-Path Unicast Reverse Path Filtering
        Authors         : Kotikalapudi Sriram
                          Doug Montgomery
                          Jeffrey Haas
	Filename        : draft-ietf-opsec-urpf-improvements-02.txt
	Pages           : 16
	Date            : 2019-04-04

Abstract:
   This document identifies a need for improvement of the unicast
   Reverse Path Filtering techniques (uRPF) [BCP84] for source address
   validation (SAV) [BCP38].  The strict uRPF is inflexible about
   directionality, the loose uRPF is oblivious to directionality, and
   the current feasible-path uRPF attempts to strike a balance between
   the two [BCP84].  However, as shown in this draft, the existing
   feasible-path uRPF still has shortcomings.  This document describes
   an enhanced feasible-path uRPF technique, which aims to be more
   flexible (in a meaningful way) about directionality than the
   feasible-path uRPF.  It can potentially alleviate ISPs' concerns
   about the possibility of disrupting service for their customers, and
   encourage greater deployment of uRPF techniques.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-opsec-urpf-improvements/ 

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-opsec-urpf-improvements-02 
https://datatracker.ietf.org/doc/html/draft-ietf-opsec-urpf-improvements-02 

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-opsec-urpf-improvements-02