Re: [Sidrops] BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA"
"Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov> Wed, 15 June 2022 12:48 UTC
Return-Path: <kotikalapudi.sriram@nist.gov>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4BCCC15D86D; Wed, 15 Jun 2022 05:48:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.532
X-Spam-Level:
X-Spam-Status: No, score=-3.532 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.677, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fY0_NIlLMU5N; Wed, 15 Jun 2022 05:48:55 -0700 (PDT)
Received: from GCC02-DM3-obe.outbound.protection.outlook.com (mail-dm3gcc02on20719.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d04::719]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CF28C14F718; Wed, 15 Jun 2022 05:48:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oVZUQma4VGG69um76EJTYoEUWmHb6hBMF9osRcs7B5hcDQNNED6o/DPuZCR3rkdEmpxfwAJJTsmmBJQ9why8qmV0y+PWQ23j0IKV/LYzU3M8VsoODPAO3NJV2OhEW3uvOAublD9mWrcveaFgoc9HiBtVWvDorGz1w/urwOAb/75mynx2SSTkX5PmXr6yjqZSzTCpNVxVPQC4Nc7LYOF9c6LSl1nxtiOXHc66Z0+rZy4xa7zIqiz9YW+kwSCKPM4ni8bTFaysIuAdiwHJRPIZ/SnspYv8uzqNKxacaAWlVktU0JJ9r2ODTfnb7ZVoSbj0GTLdPG+xlyeG9g3WBNBodw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=IEmSNJ30VpZWvYkGkag9MKHUf3+z1UwjpyY+xvJCGIs=; b=LzcvurhJuRKIwK2kZoD/u+MjwJCtOiAIMFwBrOSewc2aqzjCmu5UXmij84/wuiJF2i6Zl+xomRykMaTcNMZVe/HHrIl4+/AtJsm5WQ9QKw+c53cvhzRI+9qea/U46n8/jIkaFEptM2VFIjUWa+YyxmVo8nA1RaCoXm/Gm12YiLu9iP5KWewUGsk0xopnoIBJt4KbhJ6WfQeudu/cmCGzwT4HhAjt1FXIhUh881a9rFVeyFnBCcpv2TNFldbuXZCqa70hr6rShKuA3XF8fFr3ZWQpTHQJxCUb0i9OXoLuwV2Cr9LNCZWPIGOGiZc2yg1nLnFsjYWU6eD6PizReQFhWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IEmSNJ30VpZWvYkGkag9MKHUf3+z1UwjpyY+xvJCGIs=; b=QyVvNr2EfJAqrhgFbIptGdCXJFhINS5ta3ffbVjQiwObodjl7xYfrSmW8ZPyU6bODBw6lGOJmNIU2LCJw9v8DFtZ0iHXAS8vo/9fEkYdiOzdD6Jxtk2UjV9iEA8/g+/SlRgxuiGPhrNOa4/+ZPZWuOXMO8D8/er6B3Ibwti0T34=
Received: from SA1PR09MB8142.namprd09.prod.outlook.com (2603:10b6:806:171::8) by SA1PR09MB8766.namprd09.prod.outlook.com (2603:10b6:806:17e::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.17; Wed, 15 Jun 2022 12:48:50 +0000
Received: from SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::83d:b4f9:f4c0:bf86]) by SA1PR09MB8142.namprd09.prod.outlook.com ([fe80::83d:b4f9:f4c0:bf86%6]) with mapi id 15.20.5332.020; Wed, 15 Jun 2022 12:48:50 +0000
From: "Sriram, Kotikalapudi (Fed)" <kotikalapudi.sriram@nist.gov>
To: "sidrops@ietf.org" <sidrops@ietf.org>, "savnet@ietf.org" <savnet@ietf.org>
Thread-Topic: BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA"
Thread-Index: AdiAsPZViyhsgu18TmOaXQomPY84/AAAkmhQ
Date: Wed, 15 Jun 2022 12:48:50 +0000
Message-ID: <SA1PR09MB8142595DB2FAF3B81BEED0B484AD9@SA1PR09MB8142.namprd09.prod.outlook.com>
References: <SA1PR09MB81428822A52A72E622408E4484AD9@SA1PR09MB8142.namprd09.prod.outlook.com>
In-Reply-To: <SA1PR09MB81428822A52A72E622408E4484AD9@SA1PR09MB8142.namprd09.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nist.gov;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0ae19e3f-4280-4acb-af32-08da4ecd65a4
x-ms-traffictypediagnostic: SA1PR09MB8766:EE_
x-microsoft-antispam-prvs: <SA1PR09MB8766327C180FAE87EBB6F04A84AD9@SA1PR09MB8766.namprd09.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0GWXgif+p4dLCN/WVxLjK1w9v/hUfkKX2kU0fVbhQWCX4q65VzyGmFuy2SIY9lfho/5kJa1hdXTZU2NDzDDO2lAP7xi18U8I81dQ+rdi7kSFaWRaFcffH5q9254R2Xd5AxuT5QnYyHtP679advNOlqn+AWXNeG2eVTJRv6OU5C1XAkxcsltsaKK9EApjobQkFM3Z2V7ajqrZJqYNlEp3Jj7X/D+sUAHvm1xgGncpZ0Pj/PMVSl32cyZ/pEFmkXltfXlGtYgcOUiexaAPs0zvdmECqSLz4E9SjbLWGo0tBgg2gTpVr166AP2f3JmFiBQvEmUL3Jb7RiTZhitlWuQvP+0oWFWLlkSl24PdBHBGzsdiIq3qQ5gtxeGyadgcpqvvo3nC0/KTlHqqP1ZG3DKJN/Xb39hX45uREVrUYygHSHSLdRiG8976haq2jGnovco30SPQCnMyDumorioXBEKoTZ1Up7TJ1UkzxTyOWrdU9YXuDNpdtZ9P8S0FzKIVobk1pcZCfZ/DSos/SQMWMqw3BkJNHwqQtbA6FtP9N7nsghDULfqwh1iK9TLDzUwrlzmssIhKKxY/ebha7tqhokyf2p2Na5oDDQRKuCAN8bbwjPhL8V68KH9ahk4MtoYqwLeoSpFhlscfrjx0G1oe+VFDz5y7H513ZQZ9tD57kBIV5aGb/YrM+Wrb8XG9EiE+4DW2EC4HJqG/04gUeQoSCTtp5CZ7oPx4c+r672vbWFiGCSI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA1PR09MB8142.namprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(71200400001)(316002)(5660300002)(2906002)(2940100002)(508600001)(8676002)(110136005)(86362001)(76116006)(186003)(83380400001)(66556008)(66446008)(66476007)(52536014)(66946007)(82960400001)(64756008)(4743002)(8936002)(55016003)(38100700002)(6506007)(99936003)(15650500001)(26005)(966005)(38070700005)(33656002)(53546011)(7696005)(9686003)(122000001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: R/4QK1nW7GDBFZLv17tDIWq29qJn7PUeMOKV7XDBhTsn1nSVaWPSDfo546XAq1yqmGGg99YZuePangWyGTU1CCfXx+Wh+jQkA5dYXbeaGh2fl9TzfN3dm3d8Tj4KIaZha+i50F/2orRLdxn0LwJTQcdbJdhN2rb0p10Q5Uwu1n1G7BZQvrU00ZjtoC10DdU1PSG8kl3iZj4SPS8Snq7RXXU/2NNgKUlOFSCA8stdnzQzvaJlbYtk6UJLxUZRuKkmtAFOdWXXlJuOuc18+xbAJshDN8VmuOeYYpVgAXePhwmeQiqK6z52rJcgMQ3rG3zgiGL+pUV020RwlALsdpx3Nsbr/OWTgl7TnM0MurFJc2hU1M9rAmGvODnGDHaZpBzeS3da5/apL/BmNRoqDVqiR5tR6ayuR8apqtzLN9BmWwS/AP+RCthYv0FMw3uFJs7ER3WeB59qtsTvCqFsRteaJveoLp2kSoxnfNn8w32zjTLx3Wg0s2YsA2ae+xIyxaqHkms/hT0ulH5XNYMgYtQfm4+vdUEsB/jGgSXncUrZy+1q1NztTMO1919Foc8uJPDPpKhYyddcdz5+CyLpESy16gCt37zIS5EKezvcUVv4HOthcyLQfUKHu53SyHvlMTmehrDlsw+g0JVgEKxmLVLyy1y10VHbPwJ304CN9LfTP4bRFjS5aP+53oJt8yT825QX+nviH86vCupbvxwRTmALln+0ifOIaggVGOEfPVwmfIGkIpEmYDD86DZalAqcAyznzI/Im4MtDP1rLS/3mJcYZ16W5OCnGAC83E0IBjSJlHsK6WKDD0ffcHIQJswLqGmvmMKre+Q05ImFA2m1kJCOCKG6HzKFrVkeMCuyEyWM4KVqApPUKehHGwYDh2WkS3sL1oG0XyvuD7IWjgVUMzs0EQnDk4wwAA9taly1/za6BZbULhYzkUELZFThqdIkNY7rGB+uV8VEIBa/KYZVKXXq4hrNHOJ836hW6lfpA2tL/3BM3JY6KXkVpbXLDCr+4vU1GF5q9u122pY1b1SPX1V6Bc3RoNjip+B4mU+spwKDWFCEIfJvDj+g17X+71UjeRfGLWb8ZTVnMZYoF3QkfYFsb48Dvd/rWV02+fmsUp8bQlGti/hcjEdvV8tmr90UStq5S12noDC6Rk86etrroPoUzDwlqLA+gvu8tCfBeM045V9ZFduwX+9Yyn+YpUey/+IHGBOHZaA1lSCT5TNMIG588CtNOHv8hO94woscMWOTveIgH1rYJ8d2PztiIJpdnS37nWUaZ9icDXRA0k+Gyjk3npqEmoGmIt8WrxtzKeY/Ryv5DaLAXNLIuWYmf087E+HPrRw/a912V1tck3WDSdWF+CQwnpm4BJgyk6ZNfdEqEiOWXtxtP76fscSBTzi/R8o8RvZrZOunyZuY+HllnRZKKqDaCIoNxh3wOk860uo8MKAciiThfH+KzcoIfFznB56uSGv6ouDalTrBsSt5Mrn9nMFucestVjegX0J4SbDAmAy8TfKdhxLEjk0Y9HtQ2VfPPHXNx+9HsB7NhSryCLDkQ0+uTGhTCypXRW9b1UMgia26DXcKS68YPGPdaQ3AqowdaN7GMD3UoaNf6vlStW5HnaehmZMQpUFFP27gEcesQytfyV7i89P8JDkEy9qwpYUUmL7FT+yKYzrIq/SpsB0KcvEgqO4x1tSKP/3qpIaucEV9pU3A21GI7059z8jnoi1Y8YASlsXbdil3Lmjtn2JfBQ==
Content-Type: multipart/mixed; boundary="_002_SA1PR09MB8142595DB2FAF3B81BEED0B484AD9SA1PR09MB8142namp_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR09MB8142.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 0ae19e3f-4280-4acb-af32-08da4ecd65a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2022 12:48:50.6275 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB8766
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/nU3oUrspwFjp0KPbvgEUbNp5g4s>
Subject: Re: [Sidrops] BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA"
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2022 12:48:59 -0000
A set of slides explaining the design principles of BAR-SAV with illustrations is available at: https://github.com/ksriram25/IETF/blob/main/BAR-SAV.pdf Also, a pdf of the slides is attached here. Sriram -----Original Message----- From: Sriram, Kotikalapudi (Fed) Sent: Wednesday, June 15, 2022 8:21 AM To: sidrops@ietf.org; savnet@ietf.org Subject: BAR-SAV: new draft on "Source Address Validation Using BGP Updates, ASPA, and ROA" We (authors) would like to invite comments on the following new draft submitted in the SIDROPS WG. Thank you. Title: Source Address Validation Using BGP UPDATEs, ASPA, and ROA (BAR-SAV) URL: https://www.ietf.org/archive/id/draft-sriram-sidrops-bar-sav-00.txt Htmlized: https://datatracker.ietf.org/doc/html/draft-sriram-sidrops-bar-sav Abstract: Designing an efficient source address validation (SAV) filter requires minimizing false positives (i.e., avoiding dropping legitimate traffic) while maintaining directionality (see RFC8704). This document advances the technology for SAV filter design through a method that makes use of BGP UPDATE messages, Autonomous System Provider Authorization (ASPA), and Route Origin Authorization (ROA). The proposed method's name is abbreviated as BAR-SAV. BAR-SAV can be used by network operators to derive more robust SAV filters and thus improve network resilience. Sriram, Igor, Doug
- [Sidrops] BAR-SAV: new draft on "Source Address V… Sriram, Kotikalapudi (Fed)
- Re: [Sidrops] BAR-SAV: new draft on "Source Addre… Sriram, Kotikalapudi (Fed)