[OPSEC] Protocol Action: 'Enhanced Feasible-Path Unicast Reverse Path Forwarding' to Best Current Practice (draft-ietf-opsec-urpf-improvements-04.txt)

The IESG <iesg-secretary@ietf.org> Tue, 03 September 2019 20:57 UTC

Return-Path: <iesg-secretary@ietf.org>
X-Original-To: opsec@ietf.org
Delivered-To: opsec@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 933AC12084D; Tue, 3 Sep 2019 13:57:35 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Cc: The IESG <iesg@ietf.org>, draft-ietf-opsec-urpf-improvements@ietf.org, opsec-chairs@ietf.org, Sandra Murphy <sandy@tislabs.com>, opsec@ietf.org, sandy@tislabs.com, warren@kumari.net, rfc-editor@rfc-editor.org
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Message-ID: <156754425559.21098.18161411910915701683.idtracker@ietfa.amsl.com>
Date: Tue, 03 Sep 2019 13:57:35 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/zq6Vyr5-J_ipD7XJHxf0bAW0hQg>
Subject: [OPSEC] Protocol Action: 'Enhanced Feasible-Path Unicast Reverse Path Forwarding' to Best Current Practice (draft-ietf-opsec-urpf-improvements-04.txt)
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Sep 2019 20:57:48 -0000

The IESG has approved the following document:
- 'Enhanced Feasible-Path Unicast Reverse Path Forwarding'
  (draft-ietf-opsec-urpf-improvements-04.txt) as Best Current Practice

This document is the product of the Operational Security Capabilities for IP
Network Infrastructure Working Group.

The IESG contact persons are Warren Kumari and Ignas Bagdonas.

A URL of this Internet Draft is:

Technical Summary

This document identifies a need for improvement of the unicast
   Reverse Path Filtering techniques (uRPF) (see BCP 84) for detection
   and mitigation of source address spoofing (see BCP 38). The strict
   uRPF technique is inflexible about directionality, the loose uRPF
   technique is oblivious to directionality, and the current
   feasible-path uRPF technique attempts to strike a balance between the
   two (see BCP 84). However, as shown in this draft, the existing
   feasible-path uRPF technique still has shortcomings. This document
   describes an enhanced feasible-path uRPF technique, which aims to be
   more flexible (in a meaningful way) about directionality than the
   feasible-path uRPF technique. It can potentially alleviate ISPs'
   concerns about the possibility of disrupting service for their
   customers, and encourage greater deployment of uRPF techniques.

Working Group Summary

 The document was discussed in GROW and in OPSEC, and adopted by OPSEC.  Discussions
  in both working groups were incorporated into the document. 

Document Quality

The shepherd sees no wg mail indicating that there are are current software implementations.  However, the draft contains a section “Implementation Considerations” that points to the similarity to current uRPF techniques that query a VRF table, so existing implementation methods could be leveraged for this new technique.  One wg comment explicitly said that the document was clear enough to “assist the operators to better implement the recommendations”.

AD Note: Nits tool notes: The 'Updates: ' line in the draft header should list only the _numbers_ of the RFCs which will be updated by this document. I decided this is a nit, and not worth asking the authors to spin another copy for this. Other nits seem to be false positives.

  Document Shepherd: Sandra Murphy
  Responsible Area Director: Warren Kumari