The Use of maxLength in the Resource Public Key Infrastructure
RFC 9319, “The Use of maxLength in the Resource Public Key Infrastructure”, is a Best Current Practice document published in October 2022 by Y. Gilad, S. Goldberg, K. Sriram, J. Snijders, B. Maddison. The canonical text is published by the RFC Editor.
Abstract
This document recommends ways to reduce the forged-origin hijack attack surface by prudently limiting the set of IP prefixes that are included in a Route Origin Authorization (ROA). One recommendation is to avoid using the maxLength attribute in ROAs except in some specific cases. The recommendations complement and extend those in RFC 7115. This document also discusses the creation of ROAs for facilitating the use of Distributed Denial of Service (DDoS) mitigation services. Considerations related to ROAs and RPKI-based Route Origin Validation (RPKI-ROV) in the context of destination-based Remotely Triggered Discard Route (RTDR) (elsewhere referred to as "Remotely Triggered Black Hole") filtering are also highlighted.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 9319 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9318 IAB Workshop Report: Measuring Network Quality for End-Users
- RFC 9320 Deterministic Networking Bounded Latency
- RFC 9317 Operational Considerations for Streaming Media
- RFC 9321 Signature Validation Token
- RFC 9316 Intent Classification
- RFC 9322 In Situ Operations, Administration, and Maintenance Loopback and Active Flags
- RFC 9315 Intent-Based Networking - Concepts and Definitions
- RFC 9323 A Profile for RPKI Signed Checklists