IETF-Announce List
New RFCs
New and Revived Drafts
- AutoAdd - Automatic Bootstrapping of IoT Devices (draft-autoadd-auto-bootstrapping-iot-devices)
By Anoop Pandey, 2019-02-01 TXT HTML PDF
Abstract: IoT devices are fast getting embedded into our lives, and when put together they have the potential to generate a precise and detailed history of our lives and store them forever. Their networking and communicational power can be unleashed for malicious and sabotage purposes, by a motivated attacker sitting in the far corner of the world. Attacks on Industrial IoT systems can cause greater disasters. It is therefore essential to inculcate the security aspect, right from design to development to operations. The first operation of an IoT device is to bootstrap itself, and due importance should be placed to ensure that this operation is carried out securely and with due diligence. However, it's easier said than done, and this paper outlines several approaches for secure automated bootstrapping and also proposes a new method, which is compared against the existing mechanisms for several qualitative factors.
- The Applicability of Reliable Server Pooling (RSerPool) for Virtual Network Function Resource Pooling (VNFPOOL) (draft-dreibholz-vnfpool-rserpool-applic)
By Thomas Dreibholz, Michael Tuexen, Melinda Shore, Ning Zong, 2019-01-31 TXT HTML PDF
Abstract: This draft describes the application of Reliable Server Pooling (RSerPool) for Virtual Network Function Resource Pooling (VNFPOOL).
- Reaction of Stateless Address Autoconfiguration (SLAAC) to Renumbering Events (draft-gont-6man-slaac-renum)
By Fernando Gont, Jan Zorz, 2019-01-31 TXT HTML PDF
Abstract: A very common IPv6 deployment scenario is that in which a CPE employs DHCPv6 Prefix Delegation to obtain an IPv6 prefix, and at least one prefix from within the leased prefix is advertised on a local network via SLAAC. In scenarios where e.g. the CPE crashes and reboots, nodes on the local network continue using outdated prefixes which result in connectivity problems. This document analyzes this problem scenario, and proposes workarounds.
- RDAP Mirroring Protocol (RMP) (draft-harrison-regext-rdap-mirroring)
By Tom Harrison, George Michaelson, Andrew Newton, 2019-02-01 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) is used by Regional Internet Registries (RIRs) and Domain Name Registries (DNRs) to provide access to their resource registration information. While most clients can retrieve the information they need on an ad hoc basis from the public services maintained by each registry, there are instances where local copies of those remote data sources need to be maintained, for various reasons (e.g. performance requirements). This document defines a protocol for transferring bulk RDAP response data and for keeping a local copy of that data up to date.
- Network Slice Provision Models (draft-homma-slice-provision-models)
By Shunsuke Homma, Hidetaka Nishihara, Takuya Miyasaka, A. Galis, Vishnu OV, Diego Lopez, Luis Contreras, Jose Ordonez-Lucena, Pedro Martinez-Julia, Li Qiang, Reza Rokui, Laurent Ciavaglia, Xavier de Foy, 2019-02-01 TXT HTML PDF
Abstract: Network slicing is an approach to provide separate virtual network based on service requirements. It's a fundamental concept of the 5G, and the architecture and specification is under standardization in several organizations. However, the definitions and scopes of network slicing vary to some degree from one organization to another. This document provides classification of provisioning models of network slice for clarifying the differences on the definitions and scopes.
- Transmission of IPv6 Packets over PLC Networks (draft-ietf-6lo-plc)
By Jianqiang Hou, Bing Liu, Yong-Geun Hong, Xiaojun Tang, Charles Perkins, 2019-02-03 TXT HTML PDF
Abstract: Power Line Communication (PLC), namely using the electric-power lines for indoor and outdoor communications, has been widely applied to support Advanced Metering Infrastructure (AMI), especially smart meters for electricity. The inherent advantage of existing electricity infrastructure facilitates the expansion of PLC deployments, and moreover, a wide variety of accessible devices raises the potential demand of IPv6 for future applications. This document describes how IPv6 packets are transported over constrained PLC networks, such as ITU-T G.9903, IEEE 1901.1 and IEEE 1901.2.
- Login Security Extension for the Extensible Provisioning Protocol (EPP) (draft-ietf-regext-login-security)
By James Gould, Matthew Pozun, 2019-02-01 TXT HTML PDF
Abstract: The Extensible Provisioning Protocol (EPP) includes a client authentication scheme that is based on a user identifier and password. The structure of the password field is defined by an XML Schema data type that specifies minimum and maximum password length values, but there are no other provisions for password management other than changing the password. This document describes an EPP extension that allows longer passwords to be created and adds additional security features to the EPP login command and response.
- Federated Authentication for the Registration Data Access Protocol (RDAP) using OpenID Connect (draft-ietf-regext-rdap-openid)
By Scott Hollenbeck, 2019-02-01 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) provides "RESTful" web services to retrieve registration metadata from domain name and regional internet registries. RDAP allows a server to make access control decisions based on client identity, and as such it includes support for client identification features provided by the Hypertext Transfer Protocol (HTTP). Identification methods that require clients to obtain and manage credentials from every RDAP server operator present management challenges for both clients and servers, whereas a federated authentication system would make it easier to operate and use RDAP without the need to maintain server-specific client credentials. This document describes a federated authentication system for RDAP based on OpenID Connect.
- Registration Data Access Protocol (RDAP) Partial Response (draft-ietf-regext-rdap-partial-response)
By Mario Loffredo, Maurizio Martinelli, 2019-02-01 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) does not include capabilities to request partial responses. In fact, according to the user authorization, the server can only return full responses. Partial responses capability, especially in the case of search queries, could bring benefits to both clients and servers. This document describes a RDAP query extension that allows clients to specify their preference for obtaining a partial response.
- Registration Data Access Protocol (RDAP) Reverse search capabilities (draft-ietf-regext-rdap-reverse-search)
By Mario Loffredo, Maurizio Martinelli, 2019-02-01 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) does not include query capabilities to find the list of domains related to a set of entities matching a given search pattern. Even if such capabilities, commonly referred as reverse search, respond to some needs not yet readily fulfilled by the current Whois protocol, they have raised concerns from two perspectives: server processing impact and data privacy. Anyway, the impact of the reverse queries on RDAP servers processing is the same as the standard searches and it can be reduced by implementing policies to deal with large result sets, while data privacy risks can be prevented by RDAP access control functionalities. This document describes RDAP query extensions that allow clients to request a reverse search based on the domains- entities relationship.
- Registration Data Access Protocol (RDAP) Query Parameters for Result Sorting and Paging (draft-ietf-regext-rdap-sorting-and-paging)
By Mario Loffredo, Maurizio Martinelli, Scott Hollenbeck, 2019-02-01 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) does not include core functionality for clients to provide sorting and paging parameters for control of large result sets. This omission can lead to unpredictable server processing of queries and client processing of responses. This unpredictability can be greatly reduced if clients can provide servers with their preferences for managing response values. This document describes RDAP query extensions that allow clients to specify their preferences for sorting and paging result sets.
- Problem Statement of BIER IPv6 Encapsulation (draft-mcbride-bier-ipv6-problem-statement)
By Mike McBride, Jingrong Xie, 2019-01-31 TXT HTML PDF
Abstract: The BIER WG has a charter item to work on mechanisms which use BIER natively in IPv6. This document is intended to help the WG with this effort by describing the problem space of transporting packets, with Bit Index Explicit Replication (BIER) headers, in an IPv6 environment. There will be a need to send IPv6 payloads, to multiple IPv6 destinations, using BIER. There have been several proposed solutions in this area. But there hasn't been a document which describes the problem and why this may be necessary. The goal of this document is to describe the BIER IPv6 problem space, basic use cases, why new solutions may be needed and briefly summarize some of the proposed solutions.
- Probing IP Interfaces By Virtual Function Index (draft-nayak-intarea-probe-by-vfi)
By Manoj Nayak, Ron Bonica, Rafik Puttur, 2019-01-31 TXT HTML PDF
Abstract: This document enhances the PROBE diagnostic tool so that it can identify the probed interface by Virtual Function Index. In order to achieve that goal, this document also extends the Interface Identification Object. The Interface Identification Object is an ICMP Extension Object class.
- Manufacturer Usuage Description for quarantined access to firmware (draft-richardson-shg-mud-quarantined-access)
By Michael Richardson, 2019-01-31 TXT HTML PDF
Abstract: The Manufacturer Usage Description is a tool to describe the limited access that a single function device such as an Internet of Things device might need.
- Interoperability Profile for Relay User Equipment (draft-rosen-rue)
By Brian Rosen, Jim Malloy, Brett Henderson, 2019-02-01 TXT HTML PDF
Abstract: This document identifies a minimum set of standards and requirements that must be supported by a Video Relay Service (VRS) Video Access Technology Reference Platform (VATRP)-compliant client and United States Telecommunications Relay Service providers required to be VATRP compliant. This Relay User Equipment specification only specifies a minimum set of requirements. It does not prohibit VRS providers or endpoint developers from developing or deploying additional capabilities, provided that doing so will not prevent compliance with the requirements specified here.
- Design Discussion of Route Leaks Solution Methods (draft-sriram-idr-route-leak-solution-discussion)
By Kotikalapudi Sriram, 2019-01-31 TXT HTML PDF
Abstract: This document captures the design rationale of the route leaks solution document [draft-ietf-idr-route-leak-detection-mitigation]. The designers needed to balance many competing factors, and this document provides insights into the design questions and their resolution.
Updated Drafts
- Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth) (draft-ietf-ace-oauth-authz)
By Ludwig Seitz, Goeran Selander, Erik Wahlstroem, Samuel Erdtman, Hannes Tschofenig, 2019-01-31 TXT HTML PDF
Abstract: This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE- OAuth. The framework is based on a set of building blocks including OAuth 2.0 and CoAP, thus making a well-known and widely used authorization solution suitable for IoT devices. Existing specifications are used where possible, but where the constraints of IoT devices require it, extensions are added and profiles are defined.
- (PBB-)EVPN Seamless Integration with (PBB-)VPLS (draft-ietf-bess-evpn-vpls-seamless-integ)
By Ali Sajassi, Samer Salam, Nick Regno, Jorge Rabadan, 2019-02-01 TXT HTML PDF
Abstract: This document specifies mechanisms for backward compatibility of Ethernet VPN (EVPN) and Provider Backbone Bridge Ethernet VPN (PBB- EVPN) solutions with Virtual Private LAN Service (VPLS) and Provider Backbone Bridge VPLS (PBB-VPLS) solutions. It also provides mechanisms for seamless integration of these two technologies in the same MPLS/IP network on a per-VPN-instance basis. Implementation of this document enables service providers to introduce EVPN/PBB-EVPN PEs in their brown-field deployments of VPLS/PBB-VPLS networks. This document specifies control-plane and forwarding behavior needed for auto-discovery of a VPN instance, multicast and unicast operation, as well as MAC-mobility operation in order to enable seamless integration between EVPN and VPLS PEs as well as between PBB-VPLS and PBB-EVPN PEs.
- BIER Use Cases (draft-ietf-bier-use-cases)
By Nagendra Kumar, Rajiv Asati, Mach Chen, Xiaohu Xu, Andrew Dolganow, Tony Przygienda, Arkadiy Gulko, Dom Robinson, Vishal Arya, Caitlin Bestler, 2019-01-31 TXT HTML PDF
Abstract: Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast related per- flow state. BIER also does not require any explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. The BIER header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by setting the bits that correspond to those routers in the BIER header.
- Distributed Denial of Service (DDoS) Open Threat Signaling Requirements (draft-ietf-dots-requirements)
By Andrew Mortensen, Robert Moskowitz, Reddy K, 2019-01-30 TXT HTML PDF
Abstract: This document defines the requirements for the Distributed Denial of Service (DDoS) Open Threat Signaling (DOTS) protocols enabling coordinated response to DDoS attacks.
- Bundle-in-Bundle Encapsulation (draft-ietf-dtn-bibect)
By Scott Burleigh, 2019-01-31 TXT HTML PDF
Abstract: This document describes Bundle-in-Bundle Encapsulation (BIBE), a Delay-Tolerant Networking (DTN) Bundle Protocol (BP) "convergence layer" protocol that tunnels BP "bundles" through encapsulating bundles. The services provided by the BIBE convergence-layer protocol adapter encapsulate an outbound BP "bundle" in a BIBE convergence-layer protocol data unit for transmission as the payload of a bundle. Security measures applied to the encapsulating bundle may augment those applied to the encapsulated bundle. The protocol includes a mechanism for recovery from loss of an encapsulating bundle, called "custody transfer". This mechanism is adapted from the custody transfer procedures described in the experimental Bundle Protocol specification developed by the Delay-Tolerant Networking Research group of the Internet Research Task Force and documented in RFC 5050.
- Consolidated IASA 2.0 Updates of IETF Administrative Terminology (draft-ietf-iasa2-consolidated-upd)
By John Klensin, 2019-01-31 TXT HTML PDF
Abstract: In 2018, the IETF began the transition to a new administrative structure and updated its IETF Administrative Support Activity (IASA) to a new "IASA 2.0" structure. In addition to more substantive changes that are described in other documents, the transition to the 2018 IETF Administrative Support structure changes several position titles and organizational relationships that are referenced elsewhere. Rather than reissue those referencing documents individually, this specification provides updates to them and deprecates some now-obsolete documents to ensure that there is no confusion due to these changes.
- Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) (draft-ietf-lamps-cms-shakes)
By Panos Kampanakis, Quynh Dang, 2019-01-31 TXT HTML PDF
Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS) as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms, as message digests and message authentication codes. The conventions for the associated signer public keys in CMS are also described.
- Hash Of Root Key Certificate Extension (draft-ietf-lamps-hash-of-root-key-cert-extn)
By Russ Housley, 2019-01-31 TXT HTML PDF
Abstract: This document specifies the Hash Of Root Key certificate extension. This certificate extension is carried in the self-signed certificate for a trust anchor, which is often called a Root Certification Authority (CA) certificate. This certificate extension unambiguously identifies the next public key that will be used at some point in the future as the next Root CA certificate, eventually replacing the current one.
- Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs (draft-ietf-lamps-pkix-shake)
By Panos Kampanakis, Quynh Dang, 2019-01-31 TXT HTML PDF
Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs (Certificate Revocation Lists). This document describes the conventions for using the SHAKE function family in Internet X.509 certificates and CRLs as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described.
- Signaling RSVP-TE tunnels on a shared MPLS forwarding plane (draft-ietf-mpls-rsvp-shared-labels)
By Harish Sitaraman, Vishnu Beeram, Tejal Parikh, Tarek Saad, 2019-01-31 TXT HTML PDF
Abstract: As the scale of MPLS RSVP-TE networks has grown, so the number of Label Switched Paths (LSPs) supported by individual network elements has increased. Various implementation recommendations have been proposed to manage the resulting increase in control plane state.
- NFS version 4.0 Trunking Update (draft-ietf-nfsv4-mv0-trunking-update)
By Chuck Lever, David Noveck, 2019-02-01 TXT HTML PDF
Abstract: The file system location-related attribute in NFS version 4.0, fs_locations, informs clients about alternate locations of file systems. An NFS version 4.0 client can use this information to handle migration and replication of server filesystems. This document describes how an NFS version 4.0 client can additionally use this information to discover an NFS version 4.0 server's trunking capabilities. This document updates RFC 7530.
- Security Considerations for WebRTC (draft-ietf-rtcweb-security)
By Eric Rescorla, 2019-02-01 TXT HTML PDF
Abstract: WebRTC is a protocol suite for use with real-time applications that can be deployed in browsers - "real time communication on the Web". This document defines the WebRTC threat model and analyzes the security threats of WebRTC in that model.
- WebRTC Security Architecture (draft-ietf-rtcweb-security-arch)
By Eric Rescorla, 2019-02-01 TXT HTML PDF
Abstract: This document defines the security architecture for WebRTC, a protocol suite intended for use with real-time applications that can be deployed in browsers - "real time communication on the Web".
- Best Practices for Securing RTP Media Signaled with SIP (draft-ietf-sipbrandy-rtpsec)
By Jon Peterson, Richard Barnes, Russ Housley, 2019-02-01 TXT HTML PDF
Abstract: Although the Session Initiation Protocol (SIP) includes a suite of security services that has been expanded by numerous specifications over the years, there is no single place that explains how to use SIP to establish confidential media sessions. Additionally, existing mechanisms have some feature gaps that need to be identified and resolved in order for them to address the pervasive monitoring threat model. This specification describes best practices for negotiating confidential media with SIP, including both comprehensive protection solutions which bind the media to SIP-layer identities as well as opportunistic security solutions.
- PASSporT SHAKEN Extension (SHAKEN) (draft-ietf-stir-passport-shaken)
By Chris Wendt, Mary Barnes, 2019-01-31 TXT HTML PDF
Abstract: This document extends PASSporT, which is a token object that conveys cryptographically-signed information about the participants involved in communications. The extension is defined, corresponding to the SHAKEN specification, to provide both a specific set of levels-of- confidence in the correctness of the originating identity for a SIP based Communication Service Provider (CSP) telephone network originated call as well as an identifier that allows the CSP to uniquely identify the origin of the call within its network.
- Traffic Engineering Common YANG Types (draft-ietf-teas-yang-te-types)
By Tarek Saad, Rakesh Gandhi, Xufeng Liu, Vishnu Beeram, Igor Bryskin, 2019-01-31 TXT HTML PDF
Abstract: This document defines a collection of common data types and groupings in YANG data modeling language. These derived common types and groupings are intended to be imported by modules that model Traffic Engineering (TE) configuration and state capabilities.
- Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) Schemes for FECFRAME (draft-ietf-tsvwg-rlc-fec-scheme)
By Vincent Roca, Belkacem Teibi, 2019-02-01 TXT HTML PDF
Abstract: This document describes two fully-specified Forward Erasure Correction (FEC) Schemes for Sliding Window Random Linear Codes (RLC), one for RLC over the Galois Field (A.K.A. Finite Field) GF(2), a second one for RLC over the Galois Field GF(2^^8), each time with the possibility of controlling the code density. They can protect arbitrary media streams along the lines defined by FECFRAME extended to sliding window FEC codes, as defined in [fecframe-ext]. These sliding window FEC codes rely on an encoding window that slides over the source symbols, generating new repair symbols whenever needed. Compared to block FEC codes, these sliding window FEC codes offer key advantages with real-time flows in terms of reduced FEC- related latency while often providing improved packet erasure recovery capabilities.
- Collaborative Automated Course of Action Operations (CACAO) for Cyber Security (draft-jordan-cacao-charter)
By Bret Jordan, Allan Thomson, Jyoti Verma, 2019-01-31 TXT HTML PDF
Abstract: This is the charter for the Working Group: Collaborative Automated Course of Action Operations (CACAO) for Cyber Security
- Registration Data Access Protocol (RDAP) Partial Response (draft-loffredo-regext-rdap-partial-response)
By Mario Loffredo, Maurizio Martinelli, 2019-02-01 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) does not include capabilities to request partial responses. In fact, according to the user authorization, the server can only return full responses. Partial responses capability, especially in the case of search queries, could bring benefits to both clients and servers. This document describes a RDAP query extension that allows clients to specify their preference for obtaining a partial response.
- Registration Data Access Protocol (RDAP) Reverse search capabilities (draft-loffredo-regext-rdap-reverse-search)
By Mario Loffredo, Maurizio Martinelli, 2019-01-31 TXT HTML PDF
Abstract: The Registration Data Access Protocol (RDAP) does not include query capabilities to find the list of domains related to a set of entities matching a given search pattern. Even if such capabilities, commonly referred as reverse search, respond to some needs not yet readily fulfilled by the current Whois protocol, they have raised concerns from two perspectives: server processing impact and data privacy. Anyway, the impact of the reverse queries on RDAP servers processing is the same as the standard searches and it can be reduced by implementing policies to deal with large result sets, while data privacy risks can be prevented by RDAP access control functionalities. This document describes RDAP query extensions that allow clients to request a reverse search based on the domains- entities relationship.
- Extended Socket APIs to control subflow priority in Multipath TCP (draft-samar-mptcp-socketapi)
By Samar Shailendra, Hemant Rath, Arpan Pal, Abhijit Mondal, 2019-01-31 TXT HTML PDF
Abstract: This document provides the extended Socket APIs to control subflow priority for Multipath TCP. It also describes an additional data structure for MPTCP to make the subflow priority persistent across subflow disconnection.
- IPv4+ The Extended Protocol Based On IPv4 (draft-tang-ipv4plus)
By ZiQiang Tang, 2019-02-03 TXT HTML PDF
Abstract: This document specifies version 4+ of the Internet Protocol (IPv4+). IPv4 is very successful,simple and elegant. continuation and expansion of the IPv4 is necessary. Existing systems, devices only need to upgrade the software to support IPv4+, without the need to update new hardwares,saving investment costs. Ipv4+ is also an interstellar Protocol, so the Internet will evolve into a star Internet.
- Name-Based Service Function Forwarder (nSFF) component within SFC framework (draft-trossen-sfc-name-based-sff)
By Dirk Trossen, Debashish Purkayastha, Akbar Rahman, 2019-01-31 TXT HTML PDF
Abstract: Many stringent requirements are imposed on today's network, such as low latency, high availability and reliability in order to support several use cases such as IoT, Gaming, Content distribution, Robotics etc. Adoption of cloud and fog technology at the edge of the network allows operator to deploy a single "Service Function" to multiple "Execution locations". The decision to steer traffic to a specific location may change frequently based on load, proximity etc. Under the current SFC framework, steering traffic dynamically to the different execution end points require a specific 're-chaining', i.e., a change in the service function path reflecting the different IP endpoints to be used for the new execution points. This procedure maybe complex and take time. In order to simplify re-chaining and reduce the time to complete the procedure, we discuss separating the logical Service Function Path from the specific execution end points. This can be done by identifying the Service Functions using a name rather than a routable IP endpoint (or Layer 2 address). This draft describes the necessary extensions, additional functions and protocol details in SFF (Service Function Forwarder) to handle name based relationships.
- Need for associating Internet Unique names to device address and phone numbers and emails ability to send messages using sms and email (draft-xplorer-device-association)
By pradeep xplorer, 2019-02-02 TXT HTML PDF
Abstract: This document describes the need for associating Internet Unique names to device address and phone numbers and ability to send messages using sms and email
Expired Drafts
- DLEP IEEE 802.1Q Aware Credit Window Extension (draft-berger-manet-dlep-ether-credit-extension)
By David Wiggins, Lou Berger, 2018-08-02 TXT HTML PDF
Abstract: This document defines an extension to the DLEP protocol that enables a Ethernet IEEE 802.1Q aware credit-window scheme for destination- specific and shared flow control.
- Stateless Client Identifier for OAuth 2 (draft-bradley-oauth-stateless-client-id)
By John Bradley, Justin Richer, 2018-08-02 TXT HTML PDF
Abstract: This draft provides a method for communicating information about an OAuth client through its client identifier allowing for fully stateless operation.
- Application-Layer TLS (draft-friel-tls-atls)
By Owen Friel, Richard Barnes, Max Pritikin, Hannes Tschofenig, Mark Baugher, 2018-07-31 TXT HTML PDF
Abstract: This document specifies how TLS sessions can be established at the application layer over untrusted transport between clients and services for the purposes of establishing secure end-to-end encrypted communications channels. Transport layer encodings for application layer TLS records are specified for HTTP and CoAP transport. Explicit identification of application layer TLS packets enables middleboxes to provide transport services and enforce suitable transport policies for these payloads, without requiring access to the unencrypted payload content. Multiple scenarios are presented identifying the need for end-to-end application layer encryption between clients and services, and the benefits of reusing the well- defined TLS protocol, and a standard TLS stack, to accomplish this are described. Application software architectures for building, and network architectures for deploying application layer TLS are outlined.
- Seamless OAuth 2.0 Client Assertion Grant (draft-hevroni-oauth-seamless-flow)
By Omer Hevroni, 2018-08-02 TXT HTML PDF
Abstract: This specification defines the use of a One Time Password, encoded as JSON Web Token (JWS) Bearer Token, as a means for requesting an OAuth 2.0 access token as well as for client authentication.
- YANG Data Model for IS-IS SRv6 (draft-hu-isis-srv6-yang)
By Zhibo Hu, Dan Ye, Yingzhen Qu, Jiajia Dong, 2018-07-31 TXT HTML PDF
Abstract: This document defines a YANG data model that can be used to configure and manage IS-IS SRv6 [I-D.bashandy-isis-srv6-extensions].
- DLEP Credit-Based Flow Control Messages and Data Items (draft-ietf-manet-dlep-credit-flow-control)
By Bow-Nan Cheng, David Wiggins, Lou Berger, Stan Ratliff, 2018-08-02 TXT HTML PDF
Abstract: This document defines new DLEP protocol Data Items that are used to support credit-based flow control. Credit window control is used to regulate when data may be sent to an associated virtual or physical queue. The Data Items are defined in an extensible and reusable fashion. Their use will be mandated in other documents defining specific DLEP extensions.
- DLEP DiffServ Aware Credit Window Extension (draft-ietf-manet-dlep-da-credit-extension)
By Bow-Nan Cheng, David Wiggins, Lou Berger, 2018-08-02 TXT HTML PDF
Abstract: This document defines an extension to the DLEP protocol that enables a DiffServ aware credit-window scheme for destination-specific and shared flow control.
- Multicast YANG Data Model (draft-ietf-mboned-multicast-yang-model)
By Zheng(Sandy) Zhang, Cui(Linda) Wang, Ying Cheng, Xufeng Liu, Mahesh Sivakumar, 2018-08-01 TXT HTML PDF
Abstract: This document intents to provide a general and all-round multicast YANG data model, which tries to stand at a high level to take full advantages of existed multicast protocol models to control the multicast network, and guides the deployment of multicast service. And also, there will define several possible RPCs about how to interact between multicast YANG data model and multicast protocol models. This multicast YANG data model is mainly used by the management tools run by the network operators in order to manage, monitor and debug the network resources used to deliver multicast service, as well as gathering some data from the network.
- Enterprise Profile for the Precision Time Protocol With Mixed Multicast and Unicast Messages (draft-ietf-tictoc-ptp-enterprise-profile)
By Doug Arnold, Heiko Gerstung, 2018-07-31 TXT HTML PDF
Abstract: This document describes a profile for the use of the Precision Time Protocol in an IPV4 or IPv6 Enterprise information system environment. The profile uses the End to End Delay Measurement Mechanism, allows both multicast and unicast Delay Request and Delay Response Messages.
- Dynamic DNS Update Leases (draft-sekar-dns-ul)
By Stuart Cheshire, Ted Lemon, 2018-08-02 TXT HTML PDF
Abstract: This document proposes a method of extending Dynamic DNS Update to contain an update lease lifetime, allowing a server to garbage collect stale resource records.
- Loop Protection in EVPN networks (draft-snr-bess-evpn-loop-protect)
By Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Julio Bueno, Jose Crespo, 2018-08-02 TXT HTML PDF
Abstract: Ethernet Virtual Private Networks (EVPN) is becoming the de-facto standard-based control plane solution for Data Center and layer-2 Service Provider applications. The risk of loops caused by backdoor paths accidentally created within the same broadcast domain, is a general common concern, especially among Service Providers in large Layer-2 networks. While other layer-2 Ethernet technologies use Spanning Tree based Protocols (xSTP) to provide a network-wide loop protection, EVPN has the right tools to detect and protect the network against loops in an efficient and effective way. This document describes a mechanism to provide global loop protection in EVPN networks.
- ATR: Additional Truncation Response for Large DNS Response (draft-song-atr-large-resp)
By Linjian Song, 2018-08-02 TXT HTML PDF
Abstract: As the increasing use of DNSSEC and IPv6, there are more public evidence and concerns on IPv6 fragmentation issues due to larger DNS payloads over IPv6. This memo introduces an simple improvement on DNS server by replying an additional truncated response just after the normal fragmented response. It can be used to relieve users suffering on DNS latency and failures due to large DNS response. An ATR Experiment was done to show how well it works and some operational issues are discussed in this memo as well.
|
Drafts Sent to IESG
- Extensible Provisioning Protocol (EPP) Domain Name Mapping Extension for Strict Bundling Registration (draft-ietf-regext-bundling-registration): Active » Publication Requested
By Ning Kong, Jiankang Yao, Linlin Zhou, Wil Tan, Jiagui Xie, 2019-01-29 TXT HTML PDF
Abstract: This document describes an extension of Extensible Provisioning Protocol (EPP) domain name mapping for the provisioning and management of strict bundling registration of domain names. Specified in XML, this mapping extends the EPP domain name mapping to provide additional features required for the provisioning of bundled domain names.
- Exported Authenticators in TLS (draft-ietf-tls-exported-authenticator): Active » Publication Requested
By Nick Sullivan, 2018-10-18 TXT HTML PDF
Abstract: This document describes a mechanism in Transport Layer Security (TLS) to provide an exportable proof of ownership of a certificate that can be transmitted out of band and verified by the other party.
- Issues and Requirements for SNI Encryption in TLS (draft-ietf-tls-sni-encryption): Active » Publication Requested
By Christian Huitema, Eric Rescorla, 2018-11-22 TXT HTML PDF
Abstract: This draft describes the general problem of encryption of the Server Name Identification (SNI) parameter. The proposed solutions hide a Hidden Service behind a Fronting Service, only disclosing the SNI of the Fronting Service to external observers. The draft lists known attacks against SNI encryption, discusses the current "co-tenancy fronting" solution, and presents requirements for future TLS layer solutions.
IESG Progress
- Ethernet Traffic Parameters with Availability Information (draft-ietf-ccamp-rsvp-te-bandwidth-availability): In Last Call » Waiting for Writeup
By Hao Long, Min Ye, Gregory Mirsky, Alessandro D'Alessandro, Himanshu Shah, 2019-01-17 TXT HTML PDF
Abstract: A packet switching network may contain links with variable bandwidth, e.g., copper, radio, etc. The bandwidth of such links is sensitive to external environment (e.g., climate). Availability is typically used for describing these links when during network planning. This document introduces an optional Availability TLV in Resource ReSerVation Protocol - Traffic Engineer (RSVP-TE) signaling. This extension can be used to set up a Generalized Multi- Protocol Label Switching (GMPLS) Label Switched Path (LSP) using the Ethernet SENDER_TSPEC object.
- SDP: Session Description Protocol (draft-ietf-mmusic-rfc4566bis): Publication Requested » AD Evaluation
By Ali Begen, Paul Kyzivat, Colin Perkins, Mark Handley, 2018-12-18 TXT HTML PDF
Abstract: This memo defines the Session Description Protocol (SDP). SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. This document obsoletes RFC 4566.
- An MPLS-Based Forwarding Plane for Service Function Chaining (draft-ietf-mpls-sfc): In Last Call » Waiting for Writeup
By Adrian Farrel, Stewart Bryant, John Drake, 2018-11-20 TXT HTML PDF
Abstract: Service Function Chaining (SFC) is the process of directing packets through a network so that they can be acted on by an ordered set of abstract service functions before being delivered to the intended destination. An architecture for SFC is defined in RFC7665.
- NFS Version 4.1 Update for Multi-Server Namespace (draft-ietf-nfsv4-mv1-msns-update): AD Evaluation » ::Revised I-D Needed
By David Noveck, Chuck Lever, 2018-11-13 TXT HTML PDF
Abstract: This document presents necessary clarifications and corrections concerning features related to the use of attributes in NFSv4.1 related to file system location. These features include migration, which transfers responsibility for a file system from one server to another, and facilities to support trunking by allowing discovery of the set of network addresses to use to access a file system. This document updates RFC5661.
- RTP Payload Format for Flexible Forward Error Correction (FEC) (draft-ietf-payload-flexible-fec-scheme): In Last Call » Waiting for AD Go-Ahead
By Mo Zanaty, Varun Singh, Ali Begen, Giridhar Mandyam, 2019-01-17 TXT HTML PDF
Abstract: This document defines new RTP payload formats for the Forward Error Correction (FEC) packets that are generated by the non-interleaved and interleaved parity codes from source media encapsulated in RTP. These parity codes are systematic codes, where a number of FEC repair packets are generated from a set of source packets from one or more source RTP streams. These FEC repair packets are sent in a redundancy RTP stream separate from the source RTP stream(s) that carries the source packets. RTP source packets that were lost in transmission can be reconstructed using the source and repair packets that were received. The non-interleaved and interleaved parity codes which are defined in this specification offer a good protection against random and bursty packet losses, respectively, at a cost of complexity. The RTP payload formats that are defined in this document address scalability issues experienced with the earlier specifications, and offer several improvements. Due to these changes, the new payload formats are not backward compatible with earlier specifications, but endpoints that do not implement this specification can still work by simply ignoring the FEC repair packets.
- WebRTC Forward Error Correction Requirements (draft-ietf-rtcweb-fec): In Last Call » Waiting for Writeup
By Justin Uberti, 2018-03-02 TXT HTML PDF
Abstract: This document provides information and requirements for how Forward Error Correction (FEC) should be used by WebRTC implementations.
- WebRTC IP Address Handling Requirements (draft-ietf-rtcweb-ip-handling): Waiting for AD Go-Ahead::External Party » In Last Call
By Justin Uberti, 2018-11-03 TXT HTML PDF
Abstract: This document provides information and requirements for how IP addresses should be handled by WebRTC implementations.
- Security Considerations for WebRTC (draft-ietf-rtcweb-security): AD Evaluation::Revised I-D Needed » In Last Call
By Eric Rescorla, 2019-02-01 TXT HTML PDF
Abstract: WebRTC is a protocol suite for use with real-time applications that can be deployed in browsers - "real time communication on the Web". This document defines the WebRTC threat model and analyzes the security threats of WebRTC in that model.
- WebRTC Security Architecture (draft-ietf-rtcweb-security-arch): AD Evaluation::Revised I-D Needed » In Last Call
By Eric Rescorla, 2019-02-01 TXT HTML PDF
Abstract: This document defines the security architecture for WebRTC, a protocol suite intended for use with real-time applications that can be deployed in browsers - "real time communication on the Web".
- Best Practices for Securing RTP Media Signaled with SIP (draft-ietf-sipbrandy-rtpsec): AD Evaluation::Revised I-D Needed » ::AD Followup
By Jon Peterson, Richard Barnes, Russ Housley, 2019-02-01 TXT HTML PDF
Abstract: Although the Session Initiation Protocol (SIP) includes a suite of security services that has been expanded by numerous specifications over the years, there is no single place that explains how to use SIP to establish confidential media sessions. Additionally, existing mechanisms have some feature gaps that need to be identified and resolved in order for them to address the pervasive monitoring threat model. This specification describes best practices for negotiating confidential media with SIP, including both comprehensive protection solutions which bind the media to SIP-layer identities as well as opportunistic security solutions.
- PASSporT SHAKEN Extension (SHAKEN) (draft-ietf-stir-passport-shaken): IESG Evaluation::Revised I-D Needed » ::AD Followup
By Chris Wendt, Mary Barnes, 2019-01-31 TXT HTML PDF
Abstract: This document extends PASSporT, which is a token object that conveys cryptographically-signed information about the participants involved in communications. The extension is defined, corresponding to the SHAKEN specification, to provide both a specific set of levels-of- confidence in the correctness of the originating identity for a SIP based Communication Service Provider (CSP) telephone network originated call as well as an identifier that allows the CSP to uniquely identify the origin of the call within its network.
Drafts Sent to RFC Editor
- (PBB-)EVPN Seamless Integration with (PBB-)VPLS (draft-ietf-bess-evpn-vpls-seamless-integ): IESG Evaluation::AD Followup » RFC Ed Queue
By Ali Sajassi, Samer Salam, Nick Regno, Jorge Rabadan, 2019-02-01 TXT HTML PDF
Abstract: This document specifies mechanisms for backward compatibility of Ethernet VPN (EVPN) and Provider Backbone Bridge Ethernet VPN (PBB- EVPN) solutions with Virtual Private LAN Service (VPLS) and Provider Backbone Bridge VPLS (PBB-VPLS) solutions. It also provides mechanisms for seamless integration of these two technologies in the same MPLS/IP network on a per-VPN-instance basis. Implementation of this document enables service providers to introduce EVPN/PBB-EVPN PEs in their brown-field deployments of VPLS/PBB-VPLS networks. This document specifies control-plane and forwarding behavior needed for auto-discovery of a VPN instance, multicast and unicast operation, as well as MAC-mobility operation in order to enable seamless integration between EVPN and VPLS PEs as well as between PBB-VPLS and PBB-EVPN PEs.
- NFS version 4.0 Trunking Update (draft-ietf-nfsv4-mv0-trunking-update): IESG Evaluation::Revised I-D Needed » RFC Ed Queue
By Chuck Lever, David Noveck, 2019-02-01 TXT HTML PDF
Abstract: The file system location-related attribute in NFS version 4.0, fs_locations, informs clients about alternate locations of file systems. An NFS version 4.0 client can use this information to handle migration and replication of server filesystems. This document describes how an NFS version 4.0 client can additionally use this information to discover an NFS version 4.0 server's trunking capabilities. This document updates RFC 7530.
Other Status Changes
- Transmission of IPv6 Packets over PLC Networks (draft-hou-6lo-plc): Active » Replaced by draft-ietf-6lo-plc
By Jianqiang Hou, Bing Liu, Yong-Geun Hong, Xiaojun Tang, Charles Perkins, 2018-10-21 TXT HTML PDF
Abstract: Power Line Communication (PLC), namely using the electric-power lines for indoor and outdoor communications, has been widely applied to support Advanced Metering Infrastructure (AMI), especially smart meters for electricity. The inherent advantage of existing electricity infrastructure facilitates the expansion of PLC deployments, and moreover, a wide variety of accessible devices raises the potential demand of IPv6 for future applications. This document describes how IPv6 packets are transported over constrained PLC networks, such as ITU-T G.9903, IEEE 1901.1, IEEE 1901.2 and IEEE 1901.2a.
- A JSON Meta Application Protocol (JMAP) Subprotocol for WebSocket (draft-murchison-jmap-websocket): Active » Replaced by draft-ietf-jmap-websocket
By Ken Murchison, 2018-08-03 TXT HTML PDF
Abstract: This document defines a binding for the JSON Meta Application Protocol (JMAP) over a WebSocket transport layer. A WebSocket binding for JMAP provides higher performance than the current HTTP binding for JMAP.
RFC Editor Status Changes
IPR Disclosures
IESG/IAB/IAOC/Trust Minutes
Liaison Statements
Classified Ads
|