IETF-Announce List
![[Feed]](feedicon16.png) New RFCs
New and Revived Drafts
- A Distributed Algorithm for Constrained Flooding of IGP Advertisements (draft-allan-lsr-flooding-algorithm)
By Dave Allan, 2018-10-18 TXT HTML PDF
Abstract: This document describes a distributed algorithm that can be applied to the problem of constraining IGP flooding in dense mesh topologies. The flooding topology utilizes two node-diverse spanning trees in order to provide complete coverage in the presence of any single failure while constraining the number of LSAs received by any IGP speaker connected to the flooding topology.
- Architecture for Overlay Virtual Sub-Network Interconnection (draft-ao-nvo3-overlay-subnet-architecture)
By Ting Ao, Gregory Mirsky, Fan Yongbing, 2018-10-20 TXT HTML PDF
Abstract: An virtualized overlay network may be divided into several subnets for the reasons of geographical location, management, or using different technologies being used. For example, different customer have their own preference. But all these subnets need to work together to provide an end-to-end connectionif in a virtual network, An extended architecture of the NVO3 and propose a new component to provide the connection fucntion are introduced in this document.
- SFC OAM for path consistency (draft-ao-sfc-oam-path-consistency)
By Ting Ao, Gregory Mirsky, Zhonghua Chen, 2018-10-19 TXT HTML PDF
Abstract: Service Function Chain (SFC) defines an ordered set of service functions (SFs) to be applied to packets and/or frames and/or flows selected as a result of classification. SFC Operation, Administration and Maintenance can monitor the continuity of the SFC, i.e., that all elements of the SFC are reachable to each other in the downstream direction. But SFC OAM must support verification that the order of traversing these SFs corresponds to the state defined by the SFC control plane or orchestrator, the metric referred in this document as the path consistency of the SFC. This document defines a new SFC OAM method to support SFC consistency, i.e. verification that all elements of the given SFC are being traversed in the expected order.
- Controlled Return Path for Service Function Chain (SFC) OAM (draft-ao-sfc-oam-return-path-specified)
By Ting Ao, Gregory Mirsky, Zhonghua Chen, 2018-10-19 TXT HTML PDF
Abstract: This document defines extensions to the Service Function Chain (SFC) Operation, Administration and Maintenance (OAM) that enable control of the Echo Reply return path by specifying it as Reverse Service Function Path. Enforcing the specific return path can be used to verify bidirectional connectivity of SFC and increase the robustness of SFC OAM.
- Analysis of the SFC scalability (draft-ao-sfc-scalability-analysis)
By Ting Ao, Gregory Mirsky, 2018-10-19 TXT HTML PDF
Abstract: SFC is an ordered set of service function, should be scalable to meet broad range of requirements. The scalability of SFC can be interpreted as ability of the SFC to accommodate one or more SFs joining the SFC , or leaving the SFC without significant impact to SFC performance.
- A Tunnel Extension to the Interface Management YANG Module (draft-boucadair-netmod-softwire-iftunnel)
By Mohamed Boucadair, 2018-10-19 TXT HTML PDF
Abstract: This document specifies an extension the Interface Management YANG module.
- RADIUS Extensions for 0-RTT TCP Converters (draft-boucadair-radext-tcpm-converter)
By Mohamed Boucadair, Christian Jacquenet, 2018-10-18 TXT HTML PDF
Abstract: Because of the lack of Multipath TCP (MPTCP) support at the server side, some service providers now consider a network-assisted model that relies upon the activation of a dedicated function called Converters. Network-assisted MPTCP deployment models are designed to facilitate the adoption of MPTCP for the establishment of multi-path communications without making any assumption about the support of MPTCP by the communicating peers. Converters located in the network are responsible for establishing multi-path communications on behalf of endpoints, thereby taking advantage of MPTCP capabilities to achieve different goals that include (but are not limited to) optimization of resource usage (e.g., bandwidth aggregation), of resiliency (e.g., primary/backup communication paths), and traffic offload management.
- DHCP Options for 0-RTT TCP Converters (draft-boucadair-tcpm-dhc-converter)
By Mohamed Boucadair, Christian Jacquenet, Reddy K, 2018-10-18 TXT HTML PDF
Abstract: Because of the lack of Multipath TCP (MPTCP) support at the server side, some service providers now consider a network-assisted model that relies upon the activation of a dedicated function called Converters. Network-assisted MPTCP deployment models are designed to facilitate the adoption of MPTCP for the establishment of multi-path communications without making any assumption about the support of MPTCP by the communicating peers. Converters located in the network are responsible for establishing multi-path communications on behalf of endpoints, thereby taking advantage of MPTCP capabilities to achieve different goals that include (but are not limited to) optimization of resource usage (e.g., bandwidth aggregation), of resiliency (e.g., primary/backup communication paths), and traffic offload management.
- Segment Routing (SR) Based Bounded Latency (draft-chen-detnet-sr-based-bounded-latency)
By Mach Chen, Xuesong Geng, Zhenqiang Li, 2018-10-19 TXT HTML PDF
Abstract: One of the goals of DetNet is to provide bounded end-to-end latency for critical flows. This document defines how to leverage Segment Routing (SR) to implement bounded latency. Specifically, the SR Identifier (SID) is used to specify transmission time (cycles) of a packet. When forwarding devices along the path follow the instructions carried in the packet, the bounded latency is achieved. This is called Cycle Specified Queuing and Forwarding (CSQF) in this document.
- Framework of Visible Light Communications in IoT Networks (draft-chkim-vlc-iot)
By Cheol-Min Kim, Seok Koh, 2018-10-18 TXT HTML PDF
Abstract: The LED-based Visible Light Communication (VLC) has been proposed as the IEEE 802.15.7-2011 standard and regarded as a new wireless access medium in IoT environment. With this trend, many works have so far been made to improve the performance of VLC. However, how to effectively integrate VLC services into IoT networks has not been studied enough. In this document, we propose a scheme for device management and data transport in IoT networks using VLC. Specifically, we discuss how to manage VLC transmitters and receivers, and to support VLC data transmission in IoT networks. The proposed scheme considers uni-directional VLC transmissions from transmitter to receivers for delivery of location-based VLC data. The backward transmission from VLC receivers will be made by using platform server and aggregation agents in the network.
- 5G Session Continuity Support in MPTCP (draft-defoy-5g-session-continuity-support-in-mptcp)
By Xavier de Foy, Ulises Olvera, Uma Chunduri, 2018-10-19 TXT HTML PDF
Abstract: This document describes how 5G session continuity can affect MPTCP. For now only potential performance issues are identified. This document aims to document discussions that took place at the IETF on this subject, to facilitate future deployment of MPTCP over 5G.
- A YANG Data Model for Segment Routing in IPv6 (SRv6) support in Path Computation Element Communications Protocol (PCEP) (draft-dhody-pce-pcep-srv6-yang)
By Dhruv Dhody, Siva Sivabalan, 2018-10-19 TXT HTML PDF
Abstract: This document augments a YANG data model for the management of Path Computation Element communications Protocol (PCEP) for communications between a Path Computation Client (PCC) and a Path Computation Element (PCE), or between two PCEs in support for Segment Routing in IPv6. The data model includes configuration data and state data (status information and counters for the collection of statistics).
- BGP Extension for SDWAN Overlay Networks (draft-dunbar-idr-bgp-sdwan-overlay-ext)
By Linda Dunbar, Haibo Wang, Hao Weiguo, 2018-10-21 TXT HTML PDF
Abstract: The document defines a new BGP SAFI with a new NLRI in order to advertise a SD-WAN edge node's capabilities in establishing SD-WAN overlay tunnels with other SD-WAN nodes through third party networks. The goal is for SD-WAN network to scale, enabling SD-WAN overlay tunnels among large number of SD-WAN nodes to be established with few provisioning needed.
- Checksum Compensation Options for UDP Options (draft-fairhurst-udp-options-cco)
By Gorry Fairhurst, Tom Jones, Raffaele Zullo, 2018-10-19 TXT HTML PDF
Abstract: This document describes a robust method for calculating checksums for use with UDP Options. The new method proposes an alternative checksum calculation for coverage of the option space. This is based on the IP checksum calculation, but uses an updated pseudoheader. The new method only checks the option portion of a UDP packet, but creates a checksum that compensates for the range of IP and UDP chekcsum validation methods that have been deployed, in this way the new method enhances the proability of NAPT traversal for packets that carry UDP-Options.
- Extended Security Considerations for the Automatic Certificate Management Environment (ESecACME) (draft-fiebig-acme-esecacme)
By Tobias Fiebig, Kevin Borgolte, 2018-10-21 TXT HTML PDF
Abstract: By now, most Public Key Infrastructure X.509 (PKIX) certificates are issued via the ACME protocol. Recently, several attacks against domain validation (DV) have been published, including IP-use-after- free, (forced) on-path attacks, and attacks on protocols used for validation. In general, these attacks can be mitigated by (selectively) requirering additional challenges, e.g., DNS validation, proof of prior-key-ownership, or in severe cases even extended validation (EV) instead of DV. This document provides a list of critical cases and describes which mitigations can be used to reduce the threat of issuing a certificate to an unauthorized party.
- Fifty Years of RFCs (draft-flanagan-fiftyyears)
By Heather Flanagan, 2018-10-20 TXT HTML PDF
Abstract: This RFC marks the fiftieth anniversary for the RFC Series. It includes both retrospective material from individuals involved at key inflection points, as well as a review of the current state of affairs. It concludes with thoughts on possibilities for the next fifty years for the Series.
- BRSKI over IEEE 802.11 (draft-friel-anima-brski-over-802dot11)
By Owen Friel, Eliot Lear, Jerome Henry, Michael Richardson, 2018-10-18 TXT HTML PDF
Abstract: This document outlines the challenges associated with implementing Bootstrapping Remote Secure Key Infrastructures over IEEE 802.11 and IEEE 802.1x networks. Multiple options are presented for discovering and authenticating to the correct IEEE 802.11 SSID. This draft is a discussion document and no final recommendations are made on the recommended approaches to take. However, the advantages and downsides of each possible method are evaluated.
- Invalid TLV Handling in IS-IS (draft-ginsberg-lsr-isis-invalid-tlv)
By Les Ginsberg, Paul Wells, 2018-10-19 TXT HTML PDF
Abstract: Key to the extensibility of the Intermediate System to Intermediate System (IS-IS) protocol has been the handling of unsupported and/or invalid Type/Length/Value (TLV) tuples. Although there are explicit statements in existing specifications, in some cases the expected behavior is "well known" but not explicitly stated.
- LLN Minimal Fragment Forwarding (draft-ietf-6lo-minimal-fragment)
By Thomas Watteyne, Carsten Bormann, Pascal Thubert, 2018-10-18 TXT HTML PDF
Abstract: This document gives an overview of LLN Minimal Fragment Forwarding. When employing adaptation layer fragmentation in 6LoWPAN, it may be beneficial for a forwarder not to have to reassemble each packet in its entirety before forwarding it. This has been always possible with the original fragmentation design of RFC4944. This document is a companion document to [I-D.ietf-lwig-6lowpan-virtual-reassembly], which details the virtual Reassembly Buffer (VRB) implementation technique which reduces the latency and increases end-to-end reliability in route-over forwarding.
- Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME) (draft-ietf-acme-star)
By Yaron Sheffer, Diego Lopez, Oscar de Dios, Antonio Pastor, Thomas Fossati, 2018-10-19 TXT HTML PDF
Abstract: Public-key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating this sequence upon compromise. This memo proposes an ACME extension to enable the issuance of short-term and automatically renewed (STAR) X.509 certificates.
- Propagation of IPv6 Neighbor Advertisement Flags in EVPN (draft-ietf-bess-evpn-na-flags)
By Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, 2018-10-19 TXT HTML PDF
Abstract: The MAC/IP Advertisement route specified in [RFC7432] can optionally carry IPv4 and IPv6 addresses associated with a MAC address. Remote PEs can use this information to reply locally (act as proxy) to IPv4 ARP requests and IPv6 Neighbor Solicitation messages and reduce/suppress the flooding produced by the Address Resolution procedure. However, if the Neighbor information is learnt via EVPN, the PE would not know if a particular IPv6->MAC pair belongs to a host, a router or a host with an anycast address as this information is not carried in the MAC/IP route advertisements. This document proposes an OPTIONAL advertisement of the Flags defined in [RFC4861] along with the EVPN MAC/IP Advertisement routes, so that an EVPN PE implementing a proxy-ND function can reply to Neighbor Solicitations with the correct Flag information in Neighbor Advertisements.
- BIER Ping and Trace (draft-ietf-bier-ping)
By Nagendra Kumar, Carlos Pignataro, Nobo Akiya, Lianshu Zheng, Mach Chen, Gregory Mirsky, 2018-10-21 TXT HTML PDF
Abstract: Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast related per- flow state. BIER also does not require any explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. The BIER header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by setting the bits that correspond to those routers in the BIER header.
- Address-specific DNS aliases (ANAME) (draft-ietf-dnsop-aname)
By Tony Finch, Evan Hunt, Peter van Dijk, Anthony Eden, 2018-10-19 TXT HTML PDF
Abstract: This document defines the "ANAME" DNS RR type, to provide similar functionality to CNAME, but only for type A and AAAA queries. Unlike CNAME, an ANAME can coexist with other record types. The ANAME RR allows zone owners to make an apex domain name into an alias in a standards compliant manner.
- I2NSF Registration Interface Data Model (draft-ietf-i2nsf-registration-interface-dm)
By Sangwon Hyun, Jaehoon Jeong, TaeKyun Roh, Sarang Wi, J., PARK, 2018-10-20 TXT HTML PDF
Abstract: This document defines an information model and a YANG data model for Interface to Network Security Functions (I2NSF) Registration Interface between Security Controller and Developer's Management System (DMS). The objective of these information and data models is to support NSF search, instantiation and registration according to required security capabilities via I2NSF Registration Interface.
- IETF Working Group Guidelines and Procedures (draft-ietf-iasa2-rfc2418bis)
By Scott Bradner, Rich Salz, 2018-10-20 TXT HTML PDF
Abstract: The Internet Engineering Task Force (IETF) has responsibility for developing and reviewing specifications intended as Internet Standards. IETF activities are organized into working groups (WGs). This document describes the guidelines and procedures for formation and operation of IETF working groups. It also describes the formal relationship between IETF participants WG and the Internet Engineering Steering Group (IESG) and the basic duties of IETF participants, including WG Chairs, WG participants, and IETF Area Directors.
- BGP-LS Extension for Inter-AS Topology Retrieval (draft-ietf-idr-bgpls-inter-as-topology-ext)
By Aijun Wang, Huaimo Chen, 2018-10-21 TXT HTML PDF
Abstract: This document describes the process to build BGP-LS key parameters in Native IP multi-domain scenario and defines some new inter-AS TE related TLVs for BGP-LS to let SDN controller retrieve the network topology automatically under various environments.
- Alternative Elliptic Curve Representations (draft-ietf-lwig-curve-representations)
By Rene Struik, 2018-10-18 TXT HTML PDF
Abstract: This document specifies how to represent Montgomery curves and (twisted) Edwards curves as curves in short-Weierstrass form and illustrates how this can be used to implement elliptic curve computations using existing implementations that already implement, e.g., ECDSA and ECDH using NIST prime curves.
- Distributed OAuth (draft-ietf-oauth-distributed)
By Dick Hardt, Brian Campbell, Nat Sakimura, 2018-10-19 TXT HTML PDF
Abstract: The Distributed OAuth profile enables an OAuth client to discover what authorization server or servers may be used to obtain access tokens for a given resource, and what parameter values to provide in the access token request.
- PIM reserved bits and type space extension (draft-ietf-pim-reserved-bits)
By Stig Venaas, Alvaro Retana, 2018-10-18 TXT HTML PDF
Abstract: The currently defined PIM version 2 messages share a common message header format. The common header definition contains eight reserved bits. This document specifies how these bits may be used by individual message types, and creates a registry containing the per message type usage. This document also extends the PIM type space by defining three new message types. For each of the new types, four of the previously reserved bits are used to form an extended type range.
- Retransmission Timeout Requirements (draft-ietf-tcpm-rto-consider)
By Mark Allman, 2018-10-19 TXT HTML PDF
Abstract: Ensuring reliable communication often manifests in a timeout and retry mechanism. Each implementation of a retransmission timeout mechanism represents a balance between correctness and timeliness and therefore no implementation suits all situations. This document provides high-level requirements for retransmission timeout schemes appropriate for general use in the Internet. Within the requirements, implementations have latitude to define particulars that best address each situation.
- The Use Cases for Path Computation Element (PCE) as a Central Controller (PCECC). (draft-ietf-teas-pcecc-use-cases)
By Quintin Zhao, Zhenbin Li, Boris Khasanov, Dhruv Dhody, Zekung Ke, Luyuan Fang, Chao Zhou, Telus Communications, Artem Rachitskiy, Anton Gulida, 2018-10-18 TXT HTML PDF
Abstract: The Path Computation Element (PCE) is a core component of Software- Defined Networking (SDN) systems. It can compute optimal paths for traffic across a network and can also update the paths to reflect changes in the network or traffic demands. PCE was developed to derive paths for MPLS Label Switched Paths (LSPs), which are supplied to the head end of the LSP using the Path Computation Element Communication Protocol (PCEP).
- A YANG Data Model for RSVP-TE (draft-ietf-teas-yang-rsvp-te)
By Vishnu Beeram, Tarek Saad, Rakesh Gandhi, Xufeng Liu, Igor Bryskin, Himanshu Shah, 2018-10-20 TXT HTML PDF
Abstract: This document defines a YANG data model for the configuration and management of RSVP (Resource Reservation Protocol) to establish Traffic-Engineered (TE) Label-Switched Paths (LSPs) for MPLS (Multi- Protocol Label Switching) and other technologies.
- DNS Reverse IP AMT Discovery (draft-jholland-mboned-driad-amt-discovery)
By Jake Holland, 2018-10-19 TXT HTML PDF
Abstract: This document defines a new DNS resource record (RR) used to advertise addresses for Automatic Multicast Tunneling (AMT) relays capable of receiving multicast traffic from the owner of the RR. The new AMTRELAY RR makes possible a source-specific method for AMT gateways to discover appropriate AMT relays, in order to ingest traffic for source-specific multicast channels into multicast-capable receiving networks when no multicast connectivity is directly available between the sending and receiving networks.
- Advertising Entanglement Capabilities in Quantum Networks (draft-kaws-qirg-advent)
By Kireeti Kompella, Melchior Aelmans, Stephanie Wehner, Cristian Sirbu, 2018-10-21 TXT HTML PDF
Abstract: This document describes the use of link-state routing protocols on classical links in Quantum Networks. It contains proposals for additions to the IS-IS and OSPF protocols in order for them to transport relevant information for a Quantum Network, specifically, for the creation and manipulation of entangled pairs. The document will describe some of the necessary attributes and some suggestions of how this information may be used.
- Inband Flow Analyzer (draft-kumar-ippm-ifa)
By Jai Kumar, Surendra Anubolu, John Lemon, Hugh Holbrook, Anoop Ghanwani, Dezhong Cai, Heidi Ou, Li Yizhou, 2018-10-18 TXT HTML PDF
Abstract: Inband Flow Analyzer (IFA) records flow specific information from an end station and/or switches across a network. This document discusses the method to collect data on a per hop basis across a network and perform localized or end to end analytics operations on the data. This document also describes a transport-agnostic header definition that may be used for tunneled and non-tunneled flows alike.
- Proof of Possession to Devices for Onboarding (draft-lear-brski-pop)
By Eliot Lear, Owen Friel, 2018-10-20 TXT HTML PDF
Abstract: This memo specifies a RESTful interface for local deployments to demonstrate proof of possession to a device or to a manufacturer authorized signing authority (MASA). This covers the case where a MASA would not otherwise have knowledge of where a device is deployed, or when a MASA may not be required. Such knowledge is important to onboard certain classes of devices, such as those on IEEE 802.11 networks.
- Network QoS Expectations Extensions for MUD (draft-lear-opsawg-mud-bw-profile)
By Eliot Lear, Owen Friel, 2018-10-20 TXT HTML PDF
Abstract: Manufacturer Usage Descriptions (MUD) are a means by which devices can establish expectations about how they are intended to behave, and how the network should treat them. Earlier work focused on access control. This draft specifies a means by which manufacturers can express to deployments what form of bandwidth profile devices are expected to have with respect to specific services.
- Abstract (draft-lee-teas-actn-vpn-poi)
By Young Lee, Qin Wu, Italo Busi, Jeff Tantsura, 2018-10-19 TXT HTML PDF
Abstract: This document outlines the applicability of Abstraction and Control of Traffic Engineered Networks (ACTN) to VPN with the integration of Packet and Optical Networks (POI). It also identifies a number of scenarios where the integration of packet and optical networks is necessary to support VPN service requirements. The role of optical underlay tunnels in the POI is to support certain applications that require a hard isolation with strict deterministic latency and guaranteed constant bandwidth.
- Dynamic Flooding on Dense Graphs (draft-li-lsr-dynamic-flooding)
By Tony Li, Peter Psenak, Les Ginsberg, Tony Przygienda, 2018-10-21 TXT HTML PDF
Abstract: Routing with link state protocols in dense network topologies can result in sub-optimal convergence times due to the overhead associated with flooding. This can be addressed by decreasing the flooding topology so that it is less dense.
- YANG Data Model for Babel (draft-mahesh-babel-yang-model)
By Mahesh Jethanandani, Barbara Stark, 2018-10-21 TXT HTML PDF
Abstract: This document defines a data model for the Babel routing protocol. The data model is defined using the YANG data modeling language.
- Considerations for protecting Email header with S/MIME (draft-melnikov-lamps-header-protection)
By Alexey Melnikov, 2018-10-18 TXT HTML PDF
Abstract: This document describes best practices for handling of Email header protected by S/MIME. Procedures described in this document are also applicable to OpenPGP.
- A profile for Resource Tagged Attestations (RTAs) (draft-michaelson-rpki-rta)
By George Michaelson, Geoff Huston, Tim Bruijnzeels, Martin Hoffmann, 2018-10-19 TXT HTML PDF
Abstract: This document defines a Cryptographic Message Syntax (CMS) profile for a general purpose Resource Tagged Attestation (RTA), for use with the Resource Public Key Infrastructure (RPKI). The objective is to allow an attestation, in the form of an arbitrary digital object, to be signed "with resources", and for validation to provide an outcome of "valid with resources". The profile is intended to provide for the signing of an attestion with an arbitrary set of resources.
- Operations, Administration, and Maintenance for MPLS-SR over IP (draft-mirsky-mpls-oam-mpls-sr-ip)
By Gregory Mirsky, 2018-10-18 TXT HTML PDF
Abstract: Segment routing uses source routing paradigm to traffic engineering by specifying segments a packet traverses through the network. MPLS Segment Routing applies that paradigm to an MPLS data plane-based networks. SR-MPLS over IP uses MPLS label stack as a source routing instruction set and uses IP encapsulation/tunneling such as MPLS-in- UDP as defined in RFC 7510 to realize a source routing mechanism across MPLS, IPv4, and IPv6 data planes. This document describes Operations, Administration, and Maintenance operations in SR-MPLS over IP environment.
- EVPN Vendor-Specific Route Type (draft-rabadan-bess-vendor-evpn-route)
By Jorge Rabadan, Martin Vigoureux, Mallika Gautam, Siddhesh Dindorkar, 2018-10-19 TXT HTML PDF
Abstract: RFC7432 defines Ethernet VPN as a BGP address family that makes use of Typed NLRIs. IANA has a registry called "EVPN Route Types" that allocates values to Route Types. The purpose of this document is to solicit IANA the registration of a route type value for a vendor specific usage, as well as the definition of the EVPN NLRI for that route.
- An ACME Profile for Generating Delegated STAR Certificates (draft-sheffer-acme-star-delegation)
By Yaron Sheffer, Diego Lopez, Antonio Pastor, Thomas Fossati, 2018-10-19 TXT HTML PDF
Abstract: This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem.
- Carrying Binding Label/Segment-ID in PCE-based Networks. (draft-sivabalan-pce-binding-label-sid)
By Siva Sivabalan, Clarence Filsfils, Jeff Tantsura, Jonathan Hardwick, Stefano Previdi, Dhruv Dhody, 2018-10-19 TXT HTML PDF
Abstract: In order to provide greater scalability, network opacity, and service independence, SR utilizes a Binding Segment Identifier (BSID). It is possible to associate a BSID to RSVP-TE signaled Traffic Engineering Label Switching Path or binding Segment-ID (SID) to Segment Routed (SR) Traffic Engineering path. Such a binding label/SID can be used by an upstream node for steering traffic into the appropriate TE path to enforce SR policies. This document proposes an approach for reporting binding label/SID to Path Computation Element (PCE) for supporting PCE-based Traffic Engineering policies.
- Export User Flow Telemetry Data by Postcard Packets (draft-song-ippm-postcard-based-telemetry)
By Haoyu Song, Tianran Zhou, Zhenbin Li, 2018-10-20 TXT HTML PDF
Abstract: This document describes a proposal which allows network OAM applications to collect telemetry data about any user packet. Unlike similar techniques such as INT and in-situ OAM, the Postcard-Based Telemetry (PBT) does not require inserting telemetry data into user packets, but directly exports the telemetry data to a collector through separated OAM packets called postcards. Two variations of PBT are described in this document: one requires inserting an instruction header to user packets to guide the data collection and the other only marks the user packets to invoke the data collection. Each has its own pros and cons. Either way, the postcards for a single user packet are from multiple devices and need to be correlated at the collector, which is a unique issue pertaining to PBT. Whereas, PBT provides an alternative to INT and address several implementation and deployment challenges of the INT-based solutions.
- Security Classes For Software Updates for IoT (draft-urien-suit-security-classes)
By Pascal Urien, 2018-10-19 TXT HTML PDF
Abstract: This draft attempts to define security classes for devices targeted by SUIT protocols. A device security is characterized by five Boolean security attributes: firmware loader (FLD), one time programmable memory (OTP), secure firmware loader (FLD-SEC), tamper resistant key (TRT-KEY) and diversified key (DIV-KEY). This classification creates 18 device classes.
- Deployment of Reconsidered Validation in the Resource Public Key Infrastructure (RPKI) (draft-va-sidrops-deploy-reconsidered)
By George Michaelson, Tim Bruijnzeels, 2018-10-19 TXT HTML PDF
Abstract: This document defines a deployment model for reconsidered validation [RFC8360] in the Resource Public Key Infrastructure (RPKI).
- Diameter Messages in Kerberos5 AuthorizationData (draft-vanrein-krb5-authzdata-diameter)
By Rick van Rein, 2018-10-20 TXT HTML PDF
Abstract: The Kerberos5 infrastructure is concerned with authentication, but it can also carry AuthorizationData in a variety of formats. Diameter is an extensible standard for the expression of authorisation information. This specification defines an embedding of Diameter data in the AuthorizationData fields of Kerberos5.
- OSPF Extension for Prefix Originator (draft-wang-lsr-ospf-prefix-originator-ext)
By Aijun Wang, Acee Lindem, Jie Dong, Ketan Talaulikar, Peter Psenak, 2018-10-18 TXT HTML PDF
Abstract: This document describes method to transfer the source router id of inter-area prefixes for OSPFv2 [RFC7684]and OSPFv3 [RFC8362], which is needed in several use cases in OSPF inter-area scenario.
- POF-ICN based multihoming transmission framework (draft-wang-multihoming-icn)
By Lei Wang, 2018-10-20 TXT HTML PDF
Abstract: This document presents a POF-ICN based multihoming transmission framework.POF is an SDN forwarding plane technology proposed by Huawei,we use it to enable information-centric networking (ICN). The purpose of the framework is to provide an overall picture of the multihoming transmission system.we first describe the relationships among the various components of mobile networks and the newly added entities, such as Mobility management and Session management.Then we describe the Multihoming transmission operation flow to to outline what each components needs to accomplish and to how these components and mechanisms fit together.
- Factory default Setting (draft-wu-netmod-factory-default)
By Qin Wu, Balazs Lengyel, Ye Niu, 2018-10-19 TXT HTML PDF
Abstract: This document defines a method to reset a YANG datastore to its factory-default content. The reset operation may be used e.g. during initial zero-touch configuration or when the existing configuration has major errors, so re-starting the configuration process from scratch is the best option.
- DetNet QoS Policy (draft-xiong-detnet-qos-policy)
By Quan Xiong, Yu jinghai, 2018-10-18 TXT HTML PDF
Abstract: This document proposes a Quality of Service (QoS) policy to apply Differentiated Services (DiffServ) model for Deterministic Networking (DetNet) and defines a DetNet DiffServ mechanism including DetNet IP and MPLS encapsulation.
- DetNet QoS Yang (draft-xiong-detnet-qos-yang)
By Quan Xiong, Yufang Han, 2018-10-19 TXT HTML PDF
Abstract: This document defines a YANG data model for Deterministic Networking (DetNet) Quality of Service (QoS) based on the Differentiated Services (DiffServ) model.
- BATS Coding Scheme for Multi-hop Data Transport (draft-yang-nwcrg-bats)
By Shenghao Yang, Xuan Huang, Raymond Yeung, John Zao, 2018-10-21 TXT HTML PDF
Abstract: This document describe a BATS coding scheme for communication through a multi-hop network. BATS code is a class of efficient linear network coding scheme with a matrix generalization of fountain codes as the outer code, and batch-based linear network coding as the inner code.
- draft-yang-nwcrg-bats-code
No title available; expired document? TXT HTML PDF
- Observations on Deploying New DNSSEC Cryptographic Algorithms (draft-york-dnsop-deploying-dnssec-crypto-algs)
By Dan York, Ondrej Sury, Paul Wouters, Olafur Gudmundsson, 2018-10-21 TXT HTML PDF
Abstract: As new cryptographic algorithms are developed for use in DNSSEC signing and validation, this document captures the steps needed for new algorithms to be deployed and enter general usage. The intent is to ensure a common understanding of the typical deployment process and potentially identify opportunities for improvement of operations.
- Tethering A BIER Router To A BIER-incapable Router (draft-zzhang-bier-tether)
By Zhaohui Zhang, Nils Warnke, IJsbrand Wijnands, 2018-10-21 TXT HTML PDF
Abstract: This document specifies optional procedures to optimize the handling of Bit Index Explicit Replication (BIER) [RFC8279] incapable routers, by tethering a BIER router to a BIER incapable router.
Updated Drafts
- Link-Layer Addresses Assignment Mechanism for DHCPv6 (draft-bvtm-dhc-mac-assign)
By Bernie Volz, Tomek Mrugalski, Carlos Bernardos, 2018-10-20 TXT HTML PDF
Abstract: In certain environments, e.g. large scale virtualization deployments, new devices are created in an automated manner. Such devices typically have their link-layer (MAC) addresses randomized. With sufficient scale, the likelihood of collision is not acceptable. Therefore an allocation mechanism is required. This draft proposes an extension to DHCPv6 that allows a scalable approach to link-layer address assignments.
- Securing Session Initiation Protocol (SIP) based Messaging with S/MIME (draft-campbell-sip-messaging-smime)
By Ben Campbell, Russell Housley, 2018-10-18 TXT HTML PDF
Abstract: Mobile messaging applications used with the Session Initiation Protocol (SIP) commonly use some combination of the SIP MESSAGE method and the Message Session Relay Protocol (MSRP). While these provide mechanisms for hop-by-hop security, neither natively provides end-to-end protection. This document offers guidance on how to provide end-to-end authentication, integrity protection, and confidentiality using the Secure/Multipurpose Internet Mail Extensions (S/MIME). It updates and provides clarifications for RFC 3261, RFC 3428, and RFC 4975.
- TLS 1.3 Authentication and Integrity only Ciphersuites (draft-camwinget-tls-ts13-macciphersuites)
By Nancy Cam-Winget, Jack Visoky, 2018-10-19 TXT HTML PDF
Abstract: There are use cases, specifically in Internet of Things (IoT) and constrained environments that do not require confidentiality, though mutual authentication during tunnel establishment and message integrity is still mandated. This document defines the use of HMAC only as ciphersuites in TLS 1.3.
- Path Segment in MPLS Based Segment Routing Network (draft-cheng-spring-mpls-path-segment)
By Weiqiang Cheng, Lei Wang, Han Li, Mach Chen, Rakesh Gandhi, Royi Zigler, Shuangping Zhan, 2018-10-18 TXT HTML PDF
Abstract: A Segment Routing (SR) path is identified by an SR segment list, one or partial segments of the list cannot uniquely identify the SR path. Path identification is a pre-requisite for various use-cases such as performance measurement (PM) of an SR path.
- Gap Analysis of Interconnecting Underlay with Cloud Overlay (draft-dm-net2cloud-gap-analysis)
By Linda Dunbar, Andrew Malis, Christian Jacquenet, 2018-10-19 TXT HTML PDF
Abstract: This document analyzes the technological gaps when using SD-WAN to interconnect workloads & apps hosted in various locations, especially cloud data centers when the network service providers do not have or have limited physical infrastructure to reach the locations [Net2Cloud-problem].
- Seamless Interconnect Underlay to Cloud Overlay Problem Statement (draft-dm-net2cloud-problem-statement)
By Linda Dunbar, Andrew Malis, Christian Jacquenet, Mehmet Toy, 2018-10-21 TXT HTML PDF
Abstract: This document describes the problems of enterprises face today in connecting their branch offices to dynamic workloads in third party data centers (a.k.a. Cloud DCs).
- Explicit Congestion Notification (ECN) and Congestion Feedback Using the Network Service Header (NSH) (draft-eastlake-sfc-nsh-ecn-support)
By Donald Eastlake, Bob Briscoe, Andrew Malis, 2018-10-21 TXT HTML PDF
Abstract: Explicit congestion notification (ECN) allows a forwarding element to notify downstream devices of the onset of congestion without having to drop packets. Coupled with a means to feed back information about congestion to upstream nodes, this can improve network efficiency through better congestion control, frequently without packet drops. This document specifies ECN and congestion feedback support through use of the Network Service Header (NSH, RFC 8300) and IP Flow Information Export (IPFIX, draft-ietf-tsvwg-tunnel-congestion- feedback).
- Automated IoT Security (draft-garciamorchon-t2trg-automated-iot-security)
By Oscar Garcia-Morchon, Thorsten Dahm, 2018-10-19 TXT HTML PDF
Abstract: The Internet of Things (IoT) concept refers to the usage of standard Internet protocols to allow for human-to-thing and thing-to-thing communication. The security needs are well-recognized but the design space of IoT applications and systems is complex and exposed to multiple types of threats. In particular, threats keep evolving at a fast pace while many IoT systems are rarely updated and still remain operational for decades.
- DetNet Configuration YANG Model (draft-geng-detnet-conf-yang)
By Xuesong Geng, Mach Chen, Zhenqiang Li, Reshad Rahman, 2018-10-21 TXT HTML PDF
Abstract: This document defines a YANG data model for Deterministic Networking (DetNet), which includes the DetNet topology YANG module, DetNet flow configuration YANG module and DetNet Transport QoS YANG Module.
- Resource Reservation Protocol for IP Transport QoS (draft-han-tsvwg-ip-transport-qos)
By Lin Han, Yingzhen Qu, Lijun Dong, Renwei Li, Thomas Nadeau, Kevin Smith, Jeff Tantsura, 2018-10-19 TXT HTML PDF
Abstract: IP is designed for use in Best Effort Networks, which are networks that provide no guarantee that data is delivered, or that delivery meets any specified quality of service parameters. However there are new applications requiring IP to provide deterministic services in terms of bandwidth and latency, such as network based AR/VR (Augmented Reality and Virtual Reality), industrial internet. This document proposes a solution in IPv6 that can be used by transport layer protocols to guarantee certain level of service quality. This new service is fined-grained and could apply to individual or aggregated TCP/UDP flow(s).
- Co-existence of 3GPP 5GS and Identifier-Locator Separation Architecture (draft-homma-dmm-5gs-id-loc-coexistence)
By Shunsuke Homma, Kenta Kawakami, Arashmid Akhavain, Alberto Rodriguez-Natal, Ravi Shekhar, 2018-10-21 TXT HTML PDF
Abstract: This document describes an approach to introduce Identifier Locator Separation architecture into 3GPP 5GS with low-impact on its specifications, and shows the features and considerations of this approach.
- The "xml2rfc" version 3 Vocabulary (draft-iab-rfc7991bis)
By Paul Hoffman, 2018-10-19 TXT HTML PDF
Abstract: This document defines the "xml2rfc" version 3 vocabulary: an XML- based language used for writing RFCs and Internet-Drafts. It is heavily derived from the version 2 vocabulary that is also under discussion. This document obsoletes the earlier v3 grammar described in RFC 7991, which in turn obsoleted the v2 grammar in RFC 7749.
- Address Protected Neighbor Discovery for Low-power and Lossy Networks (draft-ietf-6lo-ap-nd)
By Pascal Thubert, Behcet Sarikaya, Mohit Sethi, Rene Struik, 2018-10-18 TXT HTML PDF
Abstract: This document specifies an extension to 6LoWPAN Neighbor Discovery (ND) defined in RFC6775 and updated in [I-D.ietf-6lo-rfc6775-update]. The new extension is called Address Protected Neighbor Discovery (AP- ND) and it protects the owner of an address against address theft and impersonation attacks in a low-power and lossy network (LLN). Nodes supporting this extension compute a cryptographic identifier (Crypto- ID) and use it with one or more of their Registered Addresses. The Crypto-ID identifies the owner of the Registered Address and can be used to provide proof of ownership of the Registered Addresses. Once an address is registered with the Crypto-ID and a proof-of-ownership is provided, only the owner of that address can modify the registration information, thereby enforcing Source Address Validation.
- Extensions to Automatic Certificate Management Environment for end user S/MIME certificates (draft-ietf-acme-email-smime)
By Alexey Melnikov, 2018-10-19 TXT HTML PDF
Abstract: This document specifies identifiers and challenges required to enable the Automated Certificate Management Environment (ACME) to issue certificates for use by email users that want to use S/MIME.
- ALTO Performance Cost Metrics (draft-ietf-alto-performance-metrics)
By Qin Wu, Yang Yang, Young Lee, Dhruv Dhody, Sabine Randriamasy, 2018-10-21 TXT HTML PDF
Abstract: Cost Metric is a basic concept in Application-Layer Traffic Optimization (ALTO). It is used in both the Cost Map Service and the Endpoint Cost Service.
- Framework for EVPN Designated Forwarder Election Extensibility (draft-ietf-bess-evpn-df-election-framework)
By Jorge Rabadan, satyamoh@cisco.com, Ali Sajassi, John Drake, Kiran Nagaraj, Senthil Sathappan, 2018-10-20 TXT HTML PDF
Abstract: The Designated Forwarder (DF) in EVPN networks is the Provider Edge (PE) router responsible for sending broadcast, unknown unicast and multicast (BUM) traffic to a multi-homed Customer Equipment (CE) device, on a given VLAN on a particular Ethernet Segment (ES). The DF is selected out of a list of candidate PEs that advertise the same Ethernet Segment Identifier (ESI) to the EVPN network. By default, EVPN uses a DF Election algorithm referred to as "Service Carving" and it is based on a modulus function (V mod N) that takes the number of PEs in the ES (N) and the VLAN value (V) as input. This default DF Election algorithm has some inefficiencies that this document addresses by defining a new DF Election algorithm and a capability to influence the DF Election result for a VLAN, depending on the state of the associated Attachment Circuit (AC). In addition, this document creates a registry with IANA, for future DF Election Algorithms and Capabilities. It also presents a formal definition and clarification of the DF Election Finite State Machine.
- Optimized Ingress Replication solution for EVPN (draft-ietf-bess-evpn-optimized-ir)
By Jorge Rabadan, Senthil Sathappan, Wen Lin, Mukul Katiyar, Ali Sajassi, 2018-10-19 TXT HTML PDF
Abstract: Network Virtualization Overlay (NVO) networks using EVPN as control plane may use Ingress Replication (IR) or PIM (Protocol Independent Multicast) based trees to convey the overlay BUM traffic. PIM provides an efficient solution to avoid sending multiple copies of the same packet over the same physical link, however it may not always be deployed in the NVO core network. IR avoids the dependency on PIM in the NVO network core. While IR provides a simple multicast transport, some NVO networks with demanding multicast applications require a more efficient solution without PIM in the core. This document describes a solution to optimize the efficiency of IR in NVO networks.
- Yang Data Model for BGP/MPLS L3 VPNs (draft-ietf-bess-l3vpn-yang)
By Dhanendra Jain, Keyur Patel, Patrice Brissette, Zhenbin Li, Shunwan Zhuang, Xufeng Liu, Jeffrey Haas, Santosh Esale, Bin Wen, 2018-10-19 TXT HTML PDF
Abstract: This document defines a YANG data model that can be used to configure and manage BGP Layer 3 VPNs.
- Event Publishing Extensions to iCalendar (draft-ietf-calext-eventpub-extensions)
By Michael Douglass, 2018-10-19 TXT HTML PDF
Abstract: This specification updates RFC5545 by introducing a number of new iCalendar properties and components which are of particular use for event publishers and in social networking.
- Ethernet Traffic Parameters with Availability Information (draft-ietf-ccamp-rsvp-te-bandwidth-availability)
By Hao Long, Min Ye, Gregory Mirsky, Alessandro D'Alessandro, Himanshu Shah, 2018-10-21 TXT HTML PDF
Abstract: A packet switching network may contain links with variable bandwidth, e.g., copper, radio, etc. The bandwidth of such links is sensitive to external environment. Availability is typically used for describing the link during network planning. This document introduces an optional Availability TLV in Resource ReSerVation Protocol - Traffic Engineer (RSVP-TE) signaling. This extension can be used to set up a Generalized Multi-Protocol Label Switching (GMPLS) Label Switched Path (LSP) using the Ethernet SENDER_TSPEC object.
- A Yang Data Model for WSON Tunnel (draft-ietf-ccamp-wson-tunnel-model)
By Young Lee, Dhruv Dhody, Aihua Guo, Victor Lopezalvarez, Daniel King, Bin-Yeong Yoon, Ricard Vilata, 2018-10-18 TXT HTML PDF
Abstract: This document provides a YANG data model for WSON TE tunnel.
- A Yang Data Model for WSON Optical Networks (draft-ietf-ccamp-wson-yang)
By Young Lee, Dhruv Dhody, Aihua Guo, Victor Lopezalvarez, Daniel King, Bin-Yeong Yoon, Ricard Vilata, 2018-10-18 TXT HTML PDF
Abstract: This document provides a YANG data model for the routing and wavelength assignment (RWA) TE topology in wavelength switched optical networks (WSONs).
- Proxy Mobile IPv6 extensions for Distributed Mobility Management (draft-ietf-dmm-pmipv6-dlif)
By Carlos Bernardos, Antonio de la Oliva, Fabio Giust, Juan Zuniga, Alain Mourad, 2018-10-20 TXT HTML PDF
Abstract: Distributed Mobility Management solutions allow for setting up networks so that traffic is distributed in an optimal way and does not rely on centrally deployed anchors to provide IP mobility support.
- A Root Key Trust Anchor Sentinel for DNSSEC (draft-ietf-dnsop-kskroll-sentinel)
By Geoff Huston, Joao Damas, Warren Kumari, 2018-10-21 TXT HTML PDF
Abstract: The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key.
- Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA') (draft-ietf-emu-rfc5448bis)
By Jari Arkko, Vesa Lehtovirta, Vesa Torvinen, Pasi Eronen, 2018-10-19 TXT HTML PDF
Abstract: This specification defines an EAP method, EAP-AKA', a small revision of the EAP-AKA method. EAP-AKA' provides a key derivation function that binds the keys derived within the method to the name of the access network. The key derivation mechanism has been defined in the 3rd Generation Partnership Project (3GPP). This specification allows its use in EAP in an interoperable manner. In addition, EAP-AKA' employs SHA-256 instead of SHA-1.
- INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev2 (draft-ietf-extra-imap4rev2)
By Alexey Melnikov, Barry Leiba, 2018-10-19 TXT HTML PDF
Abstract: The Internet Message Access Protocol, Version 4rev2 (IMAP4rev2) allows a client to access and manipulate electronic mail messages on a server. IMAP4rev2 permits manipulation of mailboxes (remote message folders) in a way that is functionally equivalent to local folders. IMAP4rev2 also provides the capability for an offline client to resynchronize with the server.
- IAB, IESG, and IETF LLC Selection, Confirmation, and Recall Process: Operation of the IETF Nominating and Recall Committees (draft-ietf-iasa2-rfc7437bis)
By Murray Kucherawy, Robert Hinden, Jason Livingood, 2018-10-19 TXT HTML PDF
Abstract: The process by which the members of the IAB and IESG, some Trustees of the IETF Trust, and some Directors of the IETF LLC are selected, confirmed, and recalled is specified in this document. This document based on RFC3777 and RFC7437 and has been updated to reflect the changes introduced by IASA 2.0.
- BGP Link-State extensions for Segment Routing (draft-ietf-idr-bgp-ls-segment-routing-ext)
By Stefano Previdi, Ketan Talaulikar, Clarence Filsfils, Hannes Gredler, Mach Chen, 2018-10-19 TXT HTML PDF
Abstract: Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of topological sub-paths, called "segments". These segments are advertised by routing protocols e.g. by the link state routing protocols (IS-IS, OSPFv2 and OSPFv3) within IGP topologies.
- BGP-LS extensions for Segment Routing BGP Egress Peer Engineering (draft-ietf-idr-bgpls-segment-routing-epe)
By Stefano Previdi, Ketan Talaulikar, Clarence Filsfils, Keyur Patel, Saikat Ray, Jie Dong, 2018-10-19 TXT HTML PDF
Abstract: Segment Routing (SR) leverages source routing. A node steers a packet through a controlled set of instructions, called segments, by prepending the packet with an SR header. A segment can represent any instruction, topological or service-based. SR segments allow steering a flow through any topological path and service chain while maintaining per-flow state only at the ingress node of the SR domain.
- BGP-LS Advertisement of IGP Traffic Engineering Performance Metric Extensions (draft-ietf-idr-te-pm-bgp)
By Les Ginsberg, Stefano Previdi, Qin Wu, Jeff Tantsura, Clarence Filsfils, 2018-10-21 TXT HTML PDF
Abstract: This document defines new BGP-LS TLVs in order to carry the IGP Traffic Engineering Extensions defined in IS-IS and OSPF protocols.
- IP Fragmentation Considered Fragile (draft-ietf-intarea-frag-fragile)
By Ron Bonica, Fred Baker, Geoff Huston, Robert Hinden, Ole Troan, Fernando Gont, 2018-10-18 TXT HTML PDF
Abstract: This document describes IP fragmentation and explains how it reduces the reliability of Internet communication.
- Discovering Provisioning Domain Names and Data (draft-ietf-intarea-provisioning-domains)
By Pierre Pfister, Eric Vyncke, Tommy Pauly, David Schinazi, Wenqin Shao, 2018-10-19 TXT HTML PDF
Abstract: An increasing number of hosts access the Internet via multiple interfaces or, in IPv6 multi-homed networks, via multiple IPv6 prefix configurations context.
- Data Fields for In-situ OAM (draft-ietf-ippm-ioam-data)
By Frank Brockners, Shwetha Bhandari, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, David Mozes, Petr Lapukhov, Remy Chang, daniel.bernier@bell.ca, John Lemon, 2018-10-20 TXT HTML PDF
Abstract: In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document discusses the data fields and associated data types for in-situ OAM. In-situ OAM data fields can be embedded into a variety of transports such as NSH, Segment Routing, Geneve, native IPv6 (via extension header), or IPv4. In-situ OAM can be used to complement OAM mechanisms based on e.g. ICMP or other types of probe packets.
- Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs as Hash Functions (draft-ietf-lamps-pkix-shake)
By Panos Kampanakis, Quynh Dang, 2018-10-19 TXT HTML PDF
Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs (Certificate Revocation Lists). This document describes the conventions for using the SHAKE family of hash functions in the Internet X.509 as one-way hash functions with the RSA Probabilistic Signature Scheme and ECDSA signature algorithms. The conventions for the associated subject public keys are also described.
- The Locator/ID Separation Protocol (LISP) (draft-ietf-lisp-rfc6830bis)
By Dino Farinacci, Vince Fuller, David Meyer, Darrel Lewis, Albert Cabellos-Aparicio, 2018-10-21 TXT HTML PDF
Abstract: This document describes the Data-Plane protocol for the Locator/ID Separation Protocol (LISP). LISP defines two namespaces, End-point Identifiers (EIDs) that identify end-hosts and Routing Locators (RLOCs) that identify network attachment points. With this, LISP effectively separates control from data, and allows routers to create overlay networks. LISP-capable routers exchange encapsulated packets according to EID-to-RLOC mappings stored in a local Map-Cache.
- Locator/ID Separation Protocol (LISP) Control-Plane (draft-ietf-lisp-rfc6833bis)
By Vince Fuller, Dino Farinacci, Albert Cabellos-Aparicio, 2018-10-21 TXT HTML PDF
Abstract: This document describes the Control-Plane and Mapping Service for the Locator/ID Separation Protocol (LISP), implemented by two new types of LISP-speaking devices -- the LISP Map-Resolver and LISP Map-Server -- that provides a simplified "front end" for one or more Endpoint ID to Routing Locator mapping databases.
- LISP-Security (LISP-SEC) (draft-ietf-lisp-sec)
By Fabio Maino, Vina Ermagan, Albert Cabellos-Aparicio, Damien Saucez, 2018-10-18 TXT HTML PDF
Abstract: This memo specifies LISP-SEC, a set of security mechanisms that provides origin authentication, integrity and anti-replay protection to LISP's EID-to-RLOC mapping data conveyed via mapping lookup process. LISP-SEC also enables verification of authorization on EID- prefix claims in Map-Reply messages.
- LISP YANG Model (draft-ietf-lisp-yang)
By Vina Ermagan, Alberto Rodriguez-Natal, Florin Coras, Carl Moberg, Reshad Rahman, Albert Cabellos-Aparicio, Fabio Maino, 2018-10-18 TXT HTML PDF
Abstract: This document describes a YANG data model to use with the Locator/ID Separation Protocol (LISP).
- Using XMPP for Security Information Exchange (draft-ietf-mile-xmpp-grid)
By Nancy Cam-Winget, Syam Appala, Scott Pope, Peter Saint-Andre, 2018-10-18 TXT HTML PDF
Abstract: This document describes how to use the Extensible Messaging and Presence Protocol (XMPP) to collect and distribute security-relevant information between network-connected devices. To illustrate the principles involved, this document describes such a usage for the Incident Object Description Exchange Format (IODEF).
- MPLS Egress Protection Framework (draft-ietf-mpls-egress-protection-framework)
By Yimin Shen, Jeyananth Jeganathan, Bruno Decraene, Hannes Gredler, Carsten Michel, Huaimo Chen, Yuanlong Jiang, 2018-10-20 TXT HTML PDF
Abstract: This document specifies a fast reroute framework for protecting IP/ MPLS services and MPLS transport tunnels against egress node and egress link failures. In this framework, the penultimate-hop router of an MPLS tunnel acts as the point of local repair (PLR) for an egress node failure, and the egress router of the MPLS tunnel acts as the PLR for an egress link failure. Each of them pre-establishes a bypass tunnel to a protector. Upon an egress node or link failure, the corresponding PLR performs local failure detection and local repair, by rerouting packets over the corresponding bypass tunnel. The protector in turn performs context label switching or context IP forwarding to send the packets to the ultimate service destination(s). This mechanism can be used to reduce traffic loss before global repair reacts to the failure and control plane protocols converge on the topology changes due to the failure. The framework is applicable to all types of IP/MPLS services and MPLS tunnels. Under the framework, service protocol extensions may be further specified to support service label distribution from an egress router to a protector.
- SR-MPLS over IP (draft-ietf-mpls-sr-over-ip)
By Xiaohu Xu, Stewart Bryant, Adrian Farrel, Syed Hassan, Wim Henderickx, Zhenbin Li, 2018-10-18 TXT HTML PDF
Abstract: MPLS Segment Routing (SR-MPLS) is an MPLS data plane-based source routing paradigm in which the sender of a packet is allowed to partially or completely specify the route the packet takes through the network by imposing stacked MPLS labels on the packet. SR-MPLS could be leveraged to realize a source routing mechanism across MPLS, IPv4, and IPv6 data planes by using an MPLS label stack as a source routing instruction set while preserving backward compatibility with SR-MPLS.
- Dynamic subscription to YANG Events and Datastores over RESTCONF (draft-ietf-netconf-restconf-notif)
By Eric Voit, Reshad Rahman, Einar Nilsen-Nygaard, Alexander Clemm, Andy Bierman, 2018-10-19 TXT HTML PDF
Abstract: This document provides a RESTCONF binding to the dynamic subscription capability of both subscribed notifications and YANG-Push.
- UDP based Publication Channel for Streaming Telemetry (draft-ietf-netconf-udp-pub-channel)
By Guangying Zheng, Tianran Zhou, Alexander Clemm, 2018-10-19 TXT HTML PDF
Abstract: This document describes a UDP-based publication channel for streaming telemetry use to collect data from devices. A new shim header is proposed to facilitate the distributed data collection mechanism which directly pushes data from line cards to the collector. Because of the lightweight UDP encapsulation, higher frequency and better transit performance can be achieved.
- NFS Version 4.1 Update for Multi-Server Namespace (draft-ietf-nfsv4-mv1-msns-update)
By David Noveck, Chuck Lever, 2018-10-21 TXT HTML PDF
Abstract: This document presents necessary clarifications and corrections concerning features related to the use of location-related attributes in NFSv4.1. These include migration, which transfers responsibility for a file system from one server to another, and facilities to support trunking by allowing discovery of the set of network addresses to use to access a file system. This document updates RFC5661.
- OAuth 2.0 Device Flow for Browserless and Input Constrained Devices (draft-ietf-oauth-device-flow)
By William Denniss, John Bradley, Michael Jones, Hannes Tschofenig, 2018-10-19 TXT HTML PDF
Abstract: This OAuth 2.0 authorization flow is designed for devices that either lack a browser to perform a user-agent based OAuth flow, or are input-constrained to the extent that requiring the user to input a lot of text (like their credentials to authenticate with the authorization server) is impractical. It enables OAuth clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorization to access protected resources without using an on-device user-agent, provided that they have an Internet connection.
- The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) (draft-ietf-oauth-jwsreq)
By Nat Sakimura, John Bradley, 2018-10-21 TXT HTML PDF
Abstract: The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that Authorization Request parameters are encoded in the URI of the request and sent through user agents such as web browsers. While it is easy to implement, it means that (a) the communication through the user agents are not integrity protected and thus the parameters can be tainted, and (b) the source of the communication is not authenticated. Because of these weaknesses, several attacks to the protocol have now been put forward.
- OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (draft-ietf-oauth-mtls)
By Brian Campbell, John Bradley, Nat Sakimura, Torsten Lodderstedt, 2018-10-18 TXT HTML PDF
Abstract: This document describes OAuth client authentication and certificate bound access tokens using mutual Transport Layer Security (TLS) authentication with X.509 certificates. OAuth clients are provided a mechanism for authentication to the authorization server using mutual TLS, based on either self-signed certificates or public key infrastructure (PKI). OAuth authorization servers are provided a mechanism for binding access tokens to a client's mutual TLS certificate, and OAuth protected resources are provided a method for ensuring that such an access token presented to it was issued to the client presenting the token.
- Reciprocal OAuth (draft-ietf-oauth-reciprocal)
By Dick Hardt, 2018-10-19 TXT HTML PDF
Abstract: There are times when a user has a pair of protected resources that would like to request access to each other. While OAuth flows typically enable the user to grant a client access to a protected resource, granting the inverse access requires an additional flow. Reciprocal OAuth enables a more seamless experience for the user to grant access to a pair of protected resources.
- Resource Indicators for OAuth 2.0 (draft-ietf-oauth-resource-indicators)
By Brian Campbell, John Bradley, Hannes Tschofenig, 2018-10-19 TXT HTML PDF
Abstract: An extension to the OAuth 2.0 Authorization Framework defining request parameters that enable a client to explicitly signal to an authorization server about the location of the protected resource(s) to which it is requesting access.
- OAuth 2.0 Token Binding (draft-ietf-oauth-token-binding)
By Michael Jones, Brian Campbell, John Bradley, William Denniss, 2018-10-19 TXT HTML PDF
Abstract: This specification enables OAuth 2.0 implementations to apply Token Binding to Access Tokens, Authorization Codes, Refresh Tokens, JWT Authorization Grants, and JWT Client Authentication. This cryptographically binds these tokens to a client's Token Binding key pair, possession of which is proven on the TLS connections over which the tokens are intended to be used. This use of Token Binding protects these tokens from man-in-the-middle and token export and replay attacks.
- OAuth 2.0 Token Exchange (draft-ietf-oauth-token-exchange)
By Michael Jones, Anthony Nadalin, Brian Campbell, John Bradley, Chuck Mortimore, 2018-10-19 TXT HTML PDF
Abstract: This specification defines a protocol for an HTTP- and JSON- based Security Token Service (STS) by defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.
- Export BGP community information in IP Flow Information Export (IPFIX) (draft-ietf-opsawg-ipfix-bgp-community)
By Zhenqiang Li, Rong Gu, Jie Dong, 2018-10-19 TXT HTML PDF
Abstract: By introducing new Information Elements (IEs), this draft extends the existing BGP related IEs to enable IPFIX [RFC7011] to export the BGP community information, including the information of BGP standard community [RFC1997], BGP extended community [RFC4360], and BGP large community [RFC8092]. Network traffic information can then be accumulated and analysed at the BGP community granularity, which represents the traffic of different kinds of customers, services, or geographical regions according to the network operator's BGP community planning. Network traffic information at the BGP community granularity is useful for network traffic analysis and engineering.
- Enhanced Feasible-Path Unicast Reverse Path Filtering (draft-ietf-opsec-urpf-improvements)
By Kotikalapudi Sriram, Doug Montgomery, Jeffrey Haas, 2018-10-21 TXT HTML PDF
Abstract: This document identifies a need for improvement of the unicast Reverse Path Filtering techniques (uRPF) [BCP84] for source address validation (SAV) [BCP38]. The strict uRPF is inflexible about directionality, the loose uRPF is oblivious to directionality, and the current feasible-path uRPF attempts to strike a balance between the two [BCP84]. However, as shown in this draft, the existing feasible-path uRPF still has short comings. This document describes an enhanced feasible-path uRPF technique, which aims to be more flexible (in a meaningful way) about directionality than the feasible-path uRPF. It can potentially alleviate ISPs' concerns about the possibility of disrupting service for their customers, and encourage greater deployment of uRPF techniques.
- OSPFv3 Extensions for Segment Routing (draft-ietf-ospf-ospfv3-segment-routing-extensions)
By Peter Psenak, Stefano Previdi, 2018-10-21 TXT HTML PDF
Abstract: Segment Routing (SR) allows a flexible definition of end-to-end paths within IGP topologies by encoding paths as sequences of topological sub-paths, called "segments". These segments are advertised by the link-state routing protocols (IS-IS and OSPF).
- Signaling MSD (Maximum SID Depth) using OSPF (draft-ietf-ospf-segment-routing-msd)
By Jeff Tantsura, Uma Chunduri, Sam Aldrin, Peter Psenak, 2018-10-18 TXT HTML PDF
Abstract: This document defines a way for an Open Shortest Path First (OSPF) Router to advertise multiple types of supported Maximum SID(Segment Identifier) Depths (MSDs) at node and/or link granularity. Such advertisements allow entities (e.g., centralized controllers) to determine whether a particular SID stack can be supported in a given network. This document defines only one type of MSD, but defines an encoding that can support other MSD types. Here the term OSPF means both OSPFv2 and OSPFv3.
- DTLS Tunnel between a Media Distributor and Key Distributor to Facilitate Key Exchange (draft-ietf-perc-dtls-tunnel)
By Paul Jones, Paul Ellenbogen, Nils Ohlmeier, 2018-10-20 TXT HTML PDF
Abstract: This document defines a DTLS tunneling protocol for use in multimedia conferences that enables a Media Distributor to facilitate key exchange between an endpoint in a conference and the Key Distributor. The protocol is designed to ensure that the keying material used for hop-by-hop encryption and authentication is accessible to the media distributor, while the keying material used for end-to-end encryption and authentication is inaccessible to the media distributor.
- A YANG data model for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) (draft-ietf-pim-igmp-mld-yang)
By Xufeng Liu, Feng Guo, Mahesh Sivakumar, Pete McAllister, Anish Peter, 2018-10-19 TXT HTML PDF
Abstract: This document defines a YANG data model that can be used to configure and manage Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) devices.
- RIFT: Routing in Fat Trees (draft-ietf-rift-rift)
By The Team, 2018-10-19 TXT HTML PDF
Abstract: This document outlines a specialized, dynamic routing protocol for Clos and fat-tree network topologies. The protocol (1) deals with fully automatied construction of fat-tree topologies based on detection of links, (2) minimizes the amount of routing state held at each level, (3) automatically prunes and load balances topology flooding exchanges over a sufficient subset of links, (4) supports automatic disaggregation of prefixes on link and node failures to prevent black-holing and suboptimal routing, (5) allows traffic steering and re-routing policies, (6) allows loop-free non-ECMP forwarding, (7) automatically re-balances traffic towards the spines based on bandwidth available and finally (8) provides mechanisms to synchronize a limited key-value data-store that can be used after protocol convergence to e.g. bootstrap higher levels of functionality on nodes.
- Asymmetric AODV-P2P-RPL in Low-Power and Lossy Networks (LLNs) (draft-ietf-roll-aodv-rpl)
By Satish Anamalamudi, Mingui Zhang, Charles Perkins, S.V.R Anand, Bing Liu, 2018-10-18 TXT HTML PDF
Abstract: Route discovery for symmetric and asymmetric Point-to-Point (P2P) traffic flows is a desirable feature in Low power and Lossy Networks (LLNs). For that purpose, this document specifies a reactive P2P route discovery mechanism for both hop-by-hop routing and source routing: Ad Hoc On-demand Distance Vector Routing (AODV) based RPL protocol. Paired Instances are used to construct directional paths, in case some of the links between source and target node are asymmetric.
- A YANG Data Model for Routing Policy Management (draft-ietf-rtgwg-policy-model)
By Yingzhen Qu, Jeff Tantsura, Acee Lindem, Xufeng Liu, 2018-10-19 TXT HTML PDF
Abstract: This document defines a YANG data model for configuring and managing routing policies in a vendor-neutral way and based on actual operational practice. The model provides a generic policy framework which can be augmented with protocol-specific policy configuration.
- Push-Based Security Event Token (SET) Delivery Using HTTP (draft-ietf-secevent-http-push)
By Annabelle Backman, Michael Jones, Marius Scurtescu, Morteza Ansari, Anthony Nadalin, 2018-10-20 TXT HTML PDF
Abstract: This specification defines how a Security Event Token (SET) may be delivered to an intended recipient using HTTP POST. The SET is transmitted in the body of an HTTP POST reqest to an endpoint operated by the recipient, and the recipient indicates successful or failed transmission via the HTTP response.
- RPKI Signed Object for Trust Anchor Keys (draft-ietf-sidrops-signed-tal)
By Tim Bruijnzeels, Carlos Martinez, Rob Austein, 2018-10-19 TXT HTML PDF
Abstract: Trust Anchor Locators (TALs) [I-D.ietf-sidrops-https-tal] are used by Relying Parties in the RPKI to locate and validate Trust Anchor certificates used in RPKI validation. This document defines an RPKI signed object for Trust Anchor Keys (TAK), that can be used by Trust Anchors to signal their set of current keys and the location(s) of the accompanying CA certiifcates to Relying Parties, as well as changes to this set in the form of revoked keys and new keys, in order to support both planned and unplanned key rolls without impacting RPKI validation.
- Push Notification with the Session Initiation Protocol (SIP) (draft-ietf-sipcore-sip-push)
By Christer Holmberg, Michael Arnold, 2018-10-19 TXT HTML PDF
Abstract: This document describes how a Push Notification Service (PNS) can be used to wake suspended Session Initiation Protocol (SIP) User Agents (UAs), using push notifications, for the UA to be able to send binding refresh REGISTER requests and to receive receive incoming SIP requests. The document defines new SIP URI parameters and new feature-capability indicators that can be used in SIP messages to indicate support of the mechanism defined in this document, to exchange PNS information between the SIP User Agent (UA) and the SIP entity that will request push notifications towards the UA, and to trigger such push notification requests.
- 0-RTT TCP Convert Protocol (draft-ietf-tcpm-converters)
By Olivier Bonaventure, Mohamed Boucadair, Sri Gundavelli, SungHoon Seo, 2018-10-18 TXT HTML PDF
Abstract: This document specifies an application proxy, called Transport Converter, to assist the deployment of TCP extensions such as Multipath TCP. This proxy is designed to avoid inducing extra delay when involved in a network-assisted connection (that is, 0-RTT). This specification assumes an explicit model, where the proxy is explicitly configured on hosts.
- A YANG Data Model for Traffic Engineering Tunnels and Interfaces (draft-ietf-teas-yang-te)
By Tarek Saad, Rakesh Gandhi, Xufeng Liu, Vishnu Beeram, Himanshu Shah, Igor Bryskin, 2018-10-20 TXT HTML PDF
Abstract: This document defines a YANG data model for the configuration and management of Traffic Engineering (TE) interfaces, tunnels and Label Switched Paths (LSPs). The model is divided into YANG modules that classify data into generic, device-specific, technology agnostic, and technology-specific elements.
- Exported Authenticators in TLS (draft-ietf-tls-exported-authenticator)
By Nick Sullivan, 2018-10-18 TXT HTML PDF
Abstract: This document describes a mechanism in Transport Layer Security (TLS) to provide an exportable proof of ownership of a certificate that can be transmitted out of band and verified by the other party.
- HTTPS Token Binding with TLS Terminating Reverse Proxies (draft-ietf-tokbind-ttrp)
By Brian Campbell, 2018-10-19 TXT HTML PDF
Abstract: This document defines HTTP header fields that enable a TLS terminating reverse proxy to convey information to a backend server about the validated Token Binding Message received from a client, which enables that backend server to bind, or verify the binding of, cookies and other security tokens to the client's Token Binding key. This facilitates the reverse proxy and backend server functioning together as though they are a single logical server side deployment of HTTPS Token Binding.
- In-situ OAM IPv6 Options (draft-ioametal-ippm-6man-ioam-ipv6-options)
By Shwetha Bhandari, Frank Brockners, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, Aviv Kfir, Barak Gafni, Petr Lapukhov, Mickey Spiegel, Suresh Krishnan, 2018-10-20 TXT HTML PDF
Abstract: In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document outlines how IOAM data fields are encapsulated in IPv6.
- Randomness Improvements for Security Protocols (draft-irtf-cfrg-randomness-improvements)
By Cas Cremers, Luke Garratt, Stanislav Smyshlyaev, Nick Sullivan, Christopher Wood, 2018-10-21 TXT HTML PDF
Abstract: Randomness is a crucial ingredient for TLS and related security protocols. Weak or predictable "cryptographically-strong" pseudorandom number generators (CSPRNGs) can be abused or exploited for malicious purposes. The Dual EC random number backdoor and Debian bugs are relevant examples of this problem. An initial entropy source that seeds a CSPRNG might be weak or broken as well, which can also lead to critical and systemic security problems. This document describes a way for security protocol participants to augment their CSPRNGs using long-term private keys. This improves randomness from broken or otherwise subverted CSPRNGs.
- Bootstrapping Key Infrastructure over EAP (draft-lear-eap-teap-brski)
By Eliot Lear, Owen Friel, Nancy Cam-Winget, 2018-10-18 TXT HTML PDF
Abstract: In certain environments, in order for a device to establish any layer three communications, it is necessary for that device to be properly credentialed. This is a relatively easy problem to solve when a device is associated with a human being and has both input and display functions. It is less easy when the human, input, and display functions are not present. To address this case, this memo specifies extensions to the Tunnel Extensible Authentication Protocol (TEAP) method that leverages Bootstrapping Remote Secure Key Infrastructures (BRSKI) in order to provide a credential to a device at layer two. The basis of this work is that a manufacturer will introduce the device and the local deployment through cryptographic means. In this sense the same trust model as BRSKI is used.
- YANG Based Instance Data Files Format (draft-lengyel-netmod-yang-instance-data)
By Balazs Lengyel, Benoit Claise, 2018-10-19 TXT HTML PDF
Abstract: There is a need to document data defined in YANG models without the need to fetch it from a live YANG server. Data is often needed already in design time or needed by groups that do not have a live running YANG server available. This document specifies a standard file format for YANG Based Instance data, that is data that could be stored in a datastore and whose syntax and semantics is defined by YANG models. Most important use cases foreseen include documenting server capabilities, factory-default settings, or vendor provided default configurations.
- Minimal ESP (draft-mglt-lwig-minimal-esp)
By Daniel Migault, Tobias Guggemos, 2018-10-21 TXT HTML PDF
Abstract: This document describes a minimal implementation of the IP Encapsulation Security Payload (ESP) defined in RFC 4303. Its purpose is to enable implementation of ESP with a minimal set of options to remain compatible with ESP as described in RFC 4303. A minimal version of ESP is not intended to become a replacement of the RFC 4303 ESP, but instead to enable a limited implementation to interoperate with implementations of RFC 4303 ESP.
- PCEP Extensions for Segment Routing leveraging the IPv6 data plane (draft-negi-pce-segment-routing-ipv6)
By Mahendra Negi, Dhruv Dhody, Siva Sivabalan, Prejeeth Kaladharan, 2018-10-19 TXT HTML PDF
Abstract: The Source Packet Routing in Networking (SPRING) architecture describes how Segment Routing (SR) can be used to steer packets through an IPv6 or MPLS network using the source routing paradigm. Segment Routing (SR) enables any head-end node to select any path without relying on a hop-by-hop signaling technique (e.g., LDP or RSVP-TE).
- Applicability of BIER Multicast Overlay for Adaptive Streaming Services (draft-purkayastha-bier-multicast-http-response)
By Debashish Purkayastha, Akbar Rahman, Dirk Trossen, Toerless Eckert, 2018-10-18 TXT HTML PDF
Abstract: HTTP Level multicast, using BIER, is described as a use case in BIER Use cases document. HTTP Level Multicast is used in today's video streaming and delivery services such as HLS, AR/VR etc., generally realized over IP Multicast. A realization of "HTTP Multicast" over "IP Multicast" is described. IP multicast is commonly used for IPTV services. DVB and BBF is also developing a reference architecture for IP Multicast service. Few problems with IPMC, such as waste of transmission bandwidth, increase in signaling when there are few users are described. Realization over BIER, through a BIER Multicast Overlay Layer, is described. How BIER Multicast Overlay operation improves over IP Multicast, such as reduction in signaling, dynamic creation of multicast groups to reduce signaling and bandwidth wastage is described. We conclude with few next steps.
- Multilinear Galois Mode (MGM) (draft-smyshlyaev-mgm)
By Stanislav Smyshlyaev, Vladislav Nozdrunov, Vasily Shishkin, 2018-10-19 TXT HTML PDF
Abstract: Multilinear Galois Mode (MGM) is an authenticated encryption with associated data block cipher mode based on EtM principle. MGM is defined for use with 64-bit and 128-bit block ciphers.
- GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.2 (draft-smyshlyaev-tls12-gost-suites)
By Stanislav Smyshlyaev, Dmitry Belyavsky, Markku-Juhani Saarinen, 2018-10-19 TXT HTML PDF
Abstract: This document specifies a set of cipher suites for the Transport Layer Security (TLS) protocol Version 1.2 to support the Russian cryptographic standard algorithms.
- Design Discussion and Comparison of Protection Mechanisms for Replay Attack and Withdrawal Suppression in BGPsec (draft-sriram-replay-protection-design-discussion)
By Kotikalapudi Sriram, Doug Montgomery, 2018-10-18 TXT HTML PDF
Abstract: In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefix withdrawal with the intension of continuing to attract traffic for that prefix based on a previous (signed and valid) BGPsec announcement that was earlier propagated. Subsequently if the adversary AS had a BGPsec session reset with a neighboring BGPsec speaker and when the session is restored, the AS replays said previous BGPsec announcement (even though it was withdrawn), then such a replay action is called a replay attack. The BGPsec protocol should incorporate a method for protection from Replay Attack and Withdrawal Suppression (RAWS), at least to control the window of exposure. This informational document provides design discussion and comparison of multiple alternative RAWS protection mechanisms weighing their pros and cons. This is meant to be a companion document to the standards track draft-ietf-sidrops-bgpsec- rollover that will specify a method to be used with BGPsec for RAWS protection.
- Enabling Network Access for IoT devices from the Cloud (draft-st-t2trg-nw-access)
By Mohit Sethi, 2018-10-18 TXT HTML PDF
Abstract: This document describes a method for enabling and configuring network access for IoT devices that are first authenticated at a server. This server may be run by the manufacturer of the IoT device as an online cloud service. This specification is intended for off-the- shelf IoT devices that have just been purchased by the user. Many of these devices have only limited user interfaces that can be used for configuring network access credentials. The device configuration is also made more challenging by the fact that these devices may exist in large numbers.
- YANG Module Versioning Requirements (draft-verdt-netmod-yang-versioning-reqs)
By Joe Clarke, 2018-10-20 TXT HTML PDF
Abstract: This document describes the problems that can arise because of the YANG language module update rules, that require all updates to YANG module preserve strict backwards compatibility. It also defines the requirements on any solution designed to solve the stated problems. This document does not consider possible solutions, nor endorse any particular solution.
- Use of BIER Entropy for Data Center CLOS Networks (draft-xie-bier-entropy-staged-dc-clos)
By Jingrong Xie, Xiaohu Xu, Gang Yan, Mike McBride, 2018-10-19 TXT HTML PDF
Abstract: Bit Index Explicit Replication (BIER) introduces a new multicast- specific BIER Header. BIER can be applied to the Multi Protocol Label Switching (MPLS) data plane or Non-MPLS data plane. Entropy is a technique used in BIER to support load-balancing. This document examines and describes how BIER Entropy is to be applied to Data Center CLOS networks for path selection.
- Segmented MVPN Using IP Lookup for BIER (draft-xie-bier-mvpn-segmented)
By Jingrong Xie, Liang Geng, Lei Wang, Mike McBride, Gang Yan, 2018-10-20 TXT HTML PDF
Abstract: This document specifies an alternative of the control plane and data plane procedures that allow segmented MVPN using the more efficient LIR-pF explicit-tracking when BIER is used as the upstream or downstream or both segments. It requires a segmentation point BFR doing an IP header lookup, which is common for the forwarding procedure on BFER, or the forwarding procedure on ABR with local VPN CEs connected. This document updates [I-D.ietf-bier-mvpn].
- IS-IS Flooding Reduction in MSDC (draft-xu-lsr-isis-flooding-reduction-in-msdc)
By Xiaohu Xu, Luyuan Fang, Jeff Tantsura, Shaowen Ma, 2018-10-18 TXT HTML PDF
Abstract: IS-IS is commonly used as an underlay routing protocol for MSDC (Massively Scalable Data Center) networks. For a given IS-IS router within the CLOS topology, it would receive multiple copies of exactly the same LSP from multiple IS-IS neighbors. In addition, two IS-IS neighbors may send each other the same LSP simultaneously. The unneccessary link-state information flooding wastes the precious process resource of IS-IS routers greatly due to the fact that there are too many IS-IS neighbors for each IS-IS router within the CLOS topology. This document proposes some extensions to IS-IS so as to reduce the IS-IS flooding within MSDC networks greatly. The reduction of the IS-IS flooding is much beneficial to improve the scalability of MSDC networks.
- OSPF Flooding Reduction in MSDC (draft-xu-lsr-ospf-flooding-reduction-in-msdc)
By Xiaohu Xu, Luyuan Fang, Jeff Tantsura, Shaowen Ma, 2018-10-18 TXT HTML PDF
Abstract: OSPF is commonly used as an underlay routing protocol for MSDC (Massively Scalable Data Center) networks. For a given OSPF router within the CLOS topology, it would receive multiple copies of exactly the same LSA from multiple OSPF neighbors. In addition, two OSPF neighbors may send each other the same LSA simultaneously. The unneccessary link-state information flooding wastes the precious process resource of OSPF routers greatly due to the fact that there are too many OSPF neighbors for each OSPF router within the CLOS topology. This document proposes some extensions to OSPF so as to reduce the OSPF flooding within MSDC networks greatly. The reduction of the OSPF flooding is much beneficial to improve the scalability of MSDC networks. These modifications are applicable to both OSPFv2 and OSPFv3.
- A YANG Data Model for Microwave Topology (draft-ye-ccamp-mw-topo-yang)
By Min Ye, Aihua Guo, Jonas Ahlberg, Xi Li, Daniela Spreafico, 2018-10-21 TXT HTML PDF
Abstract: This document defines a YANG data model to describe the topologies of microwave/millimeter.
- BIER in IPv6 (draft-zhang-bier-bierin6)
By Zheng(Sandy) Zhang, Tony Przygienda, 2018-10-21 TXT HTML PDF
Abstract: BIER is a new architecture for the forwarding of multicast data packets. This document defines native IPv6 encapsulation for BIER hop-by-hop forwarding or BIERin6 for short.
- Interworking of GMPLS Control and Centralized Controller System (draft-zheng-teas-gmpls-controller-inter-work)
By Haomian Zheng, Xianlong Luo, Yang Zhao, Yunbin Xu, Sergio Belotti, Dieter Beller, 2018-10-21 TXT HTML PDF
Abstract: Generalized Multi-Protocol Label Switching (GMPLS) control allows each network element (NE) to perform local resource discovery (e.g., LMP), routing (e.g., OSPF-TE) and signaling (e.g., RSVP-TE) in a distributed manner.
- User-Plane Protocols for Multiple Access Management Service (draft-zhu-intarea-mams-user-protocol)
By Jing Zhu, SungHoon Seo, Satish Kanugovi, Shuping Peng, 2018-10-19 TXT HTML PDF
Abstract: Today, a device can be simultaneously connected to multiple communication networks based on different technology implementations and network architectures like WiFi, LTE, and DSL. In such multi- connectivity scenario, it is desirable to combine multiple access networks or select the best one to improve quality of experience for a user and improve overall network utilization and efficiency. This document presents the u-plane protocols for a multi access management services (MAMS) framework that can be used to flexibly select the combination of uplink and downlink access and core network paths having the optimal performance, and user plane treatment for improving network utilization and efficiency and enhanced quality of experience for user applications.
Expired Drafts
- Integrity Protection for vObject, vCard and iCalendar (draft-calconnect-vobject-integrity)
By Ronald Tse, Peter Tam, 2018-04-19 TXT HTML PDF
Abstract: This document specifies an integrity checking mechanism and related properties for:
- Multiple Algorithm support for IS-IS Prefixes (draft-chunduri-lsr-isis-prefix-multi-algo)
By Uma Chunduri, Yingzhen Qu, 2018-04-17 TXT HTML PDF
Abstract: This document specifies an extension to Intermediate System to Intermediate System (IS-IS) protocol by adding an Algorithm support for prefixes advertised. This allows multiple independent algorithm usage for computing the reachability of nodes and prefixes as opposed to only one algorithm.
- IASA 2.0 Design Team Recommendations (draft-haberman-iasa20dt-recs)
By Brian Haberman, Jari Arkko, Leslie Daigle, Jason Livingood, Joseph Hall, Eric Rescorla, 2018-04-18 TXT HTML PDF
Abstract: The arrangements relating to administrative support for the IETF were created more than ten years ago. Since then, there has been considerable change in the tasks and in our own expectations. The IETF community has discussed these changes and the problems they cause. The community has some sense of the properties they expect from future arrangements, including those related to structure, organization, personnel, and transparency.
- Multiple Ethernet - IPv6 mapped IPv6 address (ME6A) (draft-matsuhira-me6a)
By Naoki Matsuhira, 2018-04-19 TXT HTML PDF
Abstract: This document specifies Multiple Ethernet - IPv6 mapped IPv6 address(ME6A) spefification. ME6A is Ethernet mapped IPv6 address with plane ID. Unique allocation of plane id value enable duplicated MAC address unique in IPv6 address space. This address may use Ethernet over IPv6 encapsulation.
- Multiple Ethernet - IPv6 address mapping encapsulation - fixed prefix (draft-matsuhira-me6e-fp)
By Naoki Matsuhira, 2018-04-19 TXT HTML PDF
Abstract: This document specifies Multiple Ethernet - IPv6 address mapping encapsulation - fixed prefix (ME6E-FP) base specification. ME6E-FP makes expantion ethernet network over IPv6 backbone network with encapsuation technoogy. And also, E6ME-FP can stack multiple Ethernet networks. ME6E-FP work on own routing domain.
- Multiple Ethernet - IPv6 address mapping encapsulation - prefix resolution (draft-matsuhira-me6e-pr)
By Naoki Matsuhira, 2018-04-19 TXT HTML PDF
Abstract: This document specifies Multiple Ethernet - IPv6 address mapping encapsulation - Prefix Resolution (ME6E-PR) specification. ME6E-PR makes expantion ethernet network over IPv6 backbone network with encapsuation technoogy. And also, E6ME-PR can stack multiple Ethernet networks. ME6E-PR work on non own routing domain.
- PASETO: Platform-Agnostic SEcurity TOkens (draft-paragon-paseto-rfc)
By Scott Arciszewski, Steven Haussmann, 2018-04-19 TXT HTML PDF
Abstract: Platform-Agnostic SEcurity TOkens (PASETOs) provide a cryptographically secure, compact, and URL-safe representation of claims that may be transferred between two parties. The claims are encoded in JavaScript Object Notation (JSON), version-tagged, and either encrypted using shared-key cryptography or signed using public-key cryptography.
- Control In-situ OAM Overhead with Segment IOAM (draft-song-ippm-segment-ioam)
By Haoyu Song, Tianran Zhou, 2018-04-17 TXT HTML PDF
Abstract: This document describes a proposal which partitions an in-situ OAM (iOAM) domain into multiple segments in order to control the iOAM data overhead, adapt to the path MTU limitations, and enable new applications. We discuss several use cases to motivate our proposal and base the necessary modifications on the current in-situ OAM header format specification.
- OSPF Flooding Reduction in MSDC (draft-xu-lsr-flooding-reduction-in-msdc)
By Xiaohu Xu, Luyuan Fang, Jeff Tantsura, Shaowen Ma, 2018-04-17 TXT HTML PDF
Abstract: OSPF is commonly used as an underlay routing protocol for MSDC (Massively Scalable Data Center) networks. For a given OSPF router within the CLOS topology, it would receive multiple copies of exactly the same LSA from multiple OSPF neighbors. In addition, two OSPF neighbors may send each other the same LSA simultaneously. The unneccessary link-state information flooding wastes the precious process resource of OSPF routers greatly due to the fact that there are too many OSPF neighbors for each OSPF router within the CLOS topology. This document proposes some extensions to OSPF so as to reduce the OSPF flooding within MSDC networks greatly. The reduction of the OSPF flooding is much beneficial to improve the scalability of MSDC networks. These modifications are applicable to both OSPFv2 and OSPFv3.
|
Drafts Sent to IESG
- Event Publishing Extensions to iCalendar (draft-ietf-calext-eventpub-extensions): Active » Publication Requested
By Michael Douglass, 2018-10-19 TXT HTML PDF
Abstract: This specification updates RFC5545 by introducing a number of new iCalendar properties and components which are of particular use for event publishers and in social networking.
- NFS version 4.0 Trunking Update (draft-ietf-nfsv4-mv0-trunking-update): Active » Publication Requested
By Chuck Lever, David Noveck, 2018-07-16 TXT HTML PDF
Abstract: The location-related attribute in NFS version 4.0, fs_locations, informs clients about alternate locations of file systems. An NFS version 4.0 client can use this information to handle migration and replication of server filesystems. This document describes how an NFS version 4.0 client can additionally use this information to discover an NFS version 4.0 server's trunking capabilities. This document updates RFC 7530.
- JSON Web Token Best Current Practices (draft-ietf-oauth-jwt-bcp): Active » Publication Requested
By Yaron Sheffer, Dick Hardt, Michael Jones, 2018-05-07 TXT HTML PDF
Abstract: JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity, and in other application areas. The goal of this Best Current Practices document is to provide actionable guidance leading to secure implementation and deployment of JWTs.
- Registry Fee Extension for the Extensible Provisioning Protocol (EPP) (draft-ietf-regext-epp-fees): Active » Publication Requested
By Roger Carney, Gavin Brown, Jothan Frakes, 2018-10-12 TXT HTML PDF
Abstract: This document describes an Extensible Provisioning Protocol (EPP) extension mapping for registry fees.
- PASSporT SHAKEN Extension (SHAKEN) (draft-ietf-stir-passport-shaken): Active » In Last Call
By Chris Wendt, Mary Barnes, 2018-10-17 TXT HTML PDF
Abstract: This document extends PASSporT, which is a token object that conveys cryptographically-signed information about the participants involved in communications, to include information defined as part of the SHAKEN specification from ATIS (Alliance for Telecommunications Industry Solutions) and the SIP Forum IP-NNI Joint Task Force. These extensions provide a level of confidence in the correctness of the originating identity for a telephone network that has communications coming from both STIR participating originating communications as well as communications that does not include STIR information.
IESG Progress
- Framework for EVPN Designated Forwarder Election Extensibility (draft-ietf-bess-evpn-df-election-framework): AD Evaluation::Revised I-D Needed » ::AD Followup
By Jorge Rabadan, satyamoh@cisco.com, Ali Sajassi, John Drake, Kiran Nagaraj, Senthil Sathappan, 2018-10-20 TXT HTML PDF
Abstract: The Designated Forwarder (DF) in EVPN networks is the Provider Edge (PE) router responsible for sending broadcast, unknown unicast and multicast (BUM) traffic to a multi-homed Customer Equipment (CE) device, on a given VLAN on a particular Ethernet Segment (ES). The DF is selected out of a list of candidate PEs that advertise the same Ethernet Segment Identifier (ESI) to the EVPN network. By default, EVPN uses a DF Election algorithm referred to as "Service Carving" and it is based on a modulus function (V mod N) that takes the number of PEs in the ES (N) and the VLAN value (V) as input. This default DF Election algorithm has some inefficiencies that this document addresses by defining a new DF Election algorithm and a capability to influence the DF Election result for a VLAN, depending on the state of the associated Attachment Circuit (AC). In addition, this document creates a registry with IANA, for future DF Election Algorithms and Capabilities. It also presents a formal definition and clarification of the DF Election Finite State Machine.
- A Root Key Trust Anchor Sentinel for DNSSEC (draft-ietf-dnsop-kskroll-sentinel): IESG Evaluation::Revised I-D Needed » ::AD Followup
By Geoff Huston, Joao Damas, Warren Kumari, 2018-10-21 TXT HTML PDF
Abstract: The DNS Security Extensions (DNSSEC) were developed to provide origin authentication and integrity protection for DNS data by using digital signatures. These digital signatures can be verified by building a chain of trust starting from a trust anchor and proceeding down to a particular node in the DNS. This document specifies a mechanism that will allow an end user and third parties to determine the trusted key state for the root key of the resolvers that handle that user's DNS queries. Note that this method is only applicable for determining which keys are in the trust store for the root key.
- HTTP Random Access and Live Content (draft-ietf-httpbis-rand-access-live): IESG Evaluation » Approved-announcement to be sent::Point Raised - writeup needed
By Craig Pratt, Darshak Thakore, Barbara Stark, 2018-03-20 TXT HTML PDF
Abstract: To accommodate byte range requests for content that has data appended over time, this document defines semantics that allow a HTTP client and server to perform byte-range GET and HEAD requests that start at an arbitrary byte offset within the representation and ends at an indeterminate offset.
- Message Authentication Code for the Network Time Protocol (draft-ietf-ntp-mac): In Last Call » Waiting for Writeup
By Aanchal Malhotra, Sharon Goldberg, 2018-10-03 TXT HTML PDF
Abstract: RFC 5905 [RFC5905] states that Network Time Protocol (NTP) packets should be authenticated by appending a 128-bit key to the NTP data, and hashing the result with MD5 to obtain a 128-bit tag. This document deprecates MD5-based authentication, which is considered to be too weak, and recommends the use of AES-CMAC [RFC4493] as a replacement.
- OAuth 2.0 Device Flow for Browserless and Input Constrained Devices (draft-ietf-oauth-device-flow): IESG Evaluation::Revised I-D Needed » ::AD Followup
By William Denniss, John Bradley, Michael Jones, Hannes Tschofenig, 2018-10-19 TXT HTML PDF
Abstract: This OAuth 2.0 authorization flow is designed for devices that either lack a browser to perform a user-agent based OAuth flow, or are input-constrained to the extent that requiring the user to input a lot of text (like their credentials to authenticate with the authorization server) is impractical. It enables OAuth clients on such devices (like smart TVs, media consoles, digital picture frames, and printers) to obtain user authorization to access protected resources without using an on-device user-agent, provided that they have an Internet connection.
- OSPFv3 Extensions for Segment Routing (draft-ietf-ospf-ospfv3-segment-routing-extensions): AD Evaluation::Revised I-D Needed » ::AD Followup
By Peter Psenak, Stefano Previdi, 2018-10-21 TXT HTML PDF
Abstract: Segment Routing (SR) allows a flexible definition of end-to-end paths within IGP topologies by encoding paths as sequences of topological sub-paths, called "segments". These segments are advertised by the link-state routing protocols (IS-IS and OSPF).
- SRTP Double Encryption Procedures (draft-ietf-perc-double): Last Call Requested » In Last Call
By Cullen Jennings, Paul Jones, Richard Barnes, Adam Roach, 2018-10-17 TXT HTML PDF
Abstract: In some conferencing scenarios, it is desirable for an intermediary to be able to manipulate some parameters in Real Time Protocol (RTP) packets, while still providing strong end-to-end security guarantees. This document defines a cryptographic transform for the Secure Real Time Protocol (SRTP) that uses two separate but related cryptographic operations to provide hop-by-hop and end-to-end security guarantees. Both the end-to-end and hop-by-hop cryptographic algorithms can utilize an authenticated encryption with associated data scheme or take advantage of future SRTP transforms with different properties.
- Encrypted Key Transport for DTLS and Secure RTP (draft-ietf-perc-srtp-ekt-diet): Last Call Requested » In Last Call
By Cullen Jennings, John Mattsson, David McGrew, Dan Wing, Flemming Andreasen, 2018-10-17 TXT HTML PDF
Abstract: Encrypted Key Transport (EKT) is an extension to DTLS (Datagram Transport Layer Security) and Secure Real-time Transport Protocol (SRTP) that provides for the secure transport of SRTP master keys, rollover counters, and other information within SRTP. This facility enables SRTP for decentralized conferences by distributing a common key to all of the conference endpoints.
- A YANG data model for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) (draft-ietf-pim-igmp-mld-yang): AD Evaluation::Revised I-D Needed » Expert Review
By Xufeng Liu, Feng Guo, Mahesh Sivakumar, Pete McAllister, Anish Peter, 2018-10-19 TXT HTML PDF
Abstract: This document defines a YANG data model that can be used to configure and manage Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) devices.
- Change Poll Extension for the Extensible Provisioning Protocol (EPP) (draft-ietf-regext-change-poll): Publication Requested » AD Evaluation::Revised I-D Needed
By James Gould, Kal Feher, 2018-10-04 TXT HTML PDF
Abstract: This document describes an Extensible Provisioning Protocol (EPP) extension for notifying clients of operations on client sponsored objects that were not initiated by the client through EPP. These operations may include contractual or policy requirements including but not limited to regular batch processes, customer support actions, Uniform Domain-Name Dispute-Resolution Policy (UDRP) or Uniform Rapid Suspension (URS) actions, court directed actions, and bulk updates based on customer requests. Since the client is not directly involved or knowledgable of these operations, the extension is used along with an EPP object mapping to provide the resulting state of the post-operation object, and optionally a pre-operation object, with the operation meta-data of what, when, who, and why.
Drafts Sent to RFC Editor
Other Status Changes
- draft-friel-brski-over-802dot11: Active » Replaced by draft-friel-anima-brski-over-802dot11
No title available; expired document? TXT HTML PDF
- Report from the Internet of Things (IoT) Semantic Interoperability (IOTSI) Workshop 2016 (draft-iab-iotsi-workshop): Active » RFC 8477
rfc8477.txt
By Jaime Jimenez, Hannes Tschofenig, Dave Thaler, 2018-07-02 TXT HTML PDF
Abstract: This document provides a summary of the 'Workshop on Internet of Things (IoT) Semantic Interoperability (IOTSI)', which took place in Santa Clara, California, on March 17-18, 2016. The main goal of the workshop was to foster a discussion on the different approaches used by companies and Standards Developing Organizations (SDOs) to accomplish interoperability at the application layer. This report summarizes the discussions, and lists recommendations to the standards community. The views and positions in this report are those of the workshop participants and do not necessarily reflect those of the authors and the Internet Architecture Board (IAB), which organized the workshop.
- Yeti DNS Testbed (draft-song-yeti-testbed-experience): Active » RFC 8483
rfc8483.txt
By Linjian Song, Dong Liu, Paul Vixie, Akira Kato, Shane Kerr, 2018-07-19 TXT HTML PDF
Abstract: The Internet's Domain Name System is designed and built on a single root, known as the Root Server System.
- draft-struik-lwig-curve-representations: Active » Replaced by draft-ietf-lwig-curve-representations
No title available; expired document? TXT HTML PDF
- draft-venaas-pim-reserved-bits: Active » Replaced by draft-ietf-pim-reserved-bits
No title available; expired document? TXT HTML PDF
- draft-watteyne-6lo-minimal-fragment: Active » Replaced by draft-ietf-6lo-minimal-fragment
No title available; expired document? TXT HTML PDF
- draft-wu-idr-te-pm-bgp: Expired » Replaced by draft-ietf-idr-te-pm-bgp
No title available; expired document? TXT HTML PDF
- draft-yang-nwcrg-bats-code: » Replaced by draft-yang-nwcrg-bats
No title available; expired document? TXT HTML PDF
RFC Editor Status Changes
- Secure Password Ciphersuites for Transport Layer Security (TLS) (draft-harkins-tls-dragonfly): » AUTH48
By Dan Harkins, 2018-08-23 TXT HTML PDF
Abstract: This memo defines several new ciphersuites for the Transport Layer Security (TLS) protocol to support certificate-less, secure authentication using only a simple, low-entropy, password. The exchange is called TLS-PWD. The ciphersuites are all based on an authentication and key exchange protocol, named "dragonfly", that is resistant to off-line dictionary attack.
IPR Disclosures
IESG/IAB/IAOC/Trust Minutes
Liaison Statements
Classified Ads
|
WGs marked with an 
