IETF-Announce List
![[Feed]](feedicon16.png) New RFCs
New and Revived Drafts
- PIM Backup Designated Router Procedure (draft-mankamana-pim-bdr)
By Mankamana Mishra, Sridhar Santhanam, Aravind Paramasivam, Joseph Goh, Gyan Mishra, 2021-04-08 TXT HTML PDF
Abstract: On a multi-access network, one of the PIM routers is elected as a Designated Router (DR). On the last hop LAN, the PIM DR is responsible for tracking local multicast listeners and forwarding traffic to these listeners if the group is operating in PIM-SM. In this document, we propose a mechanism to elect backup DR on a shared LAN. A backup DR on LAN would be useful for faster convergence. This draft introduces the concept of a Backup Designated Router (BDR) and the procedure to implement it.
Updated Drafts
- Automated Certificate Management Environment (ACME) Extension for Single Sign On Challenges (draft-biggs-acme-sso)
By Andrew Biggs, Richard Barnes, Rory Moynihan, 2021-04-08 TXT HTML PDF
Abstract: This document specifies an extension to the ACME protocol [RFC8555] to enable ACME servers to validate a client's control of an email identifier using single sign-on (SSO) technologies. An extension to the CAA [RFC8659] resource record specification is also defined to provide domain owners a means to declare a set of SSO providers that ACME servers may rely upon when employing SSO for identifier validation on their domain.
- Operational Aspects of Proxy-ARP/ND in Ethernet Virtual Private Networks (draft-ietf-bess-evpn-proxy-arp-nd)
By Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Greg Hankins, Thomas King, 2021-04-08 TXT HTML PDF
Abstract: This document describes the Ethernet Virtual Private Networks (EVPN) Proxy-ARP/ND function, augmented by the capability of the ARP/ND Extended Community. From that perspective this document updates the EVPN specification to provide more comprehensive documentation of the operation of the Proxy-ARP/ND function. The EVPN Proxy-ARP/ND function and the ARP/ND Extended Community help operators of Internet Exchange Points, Data Centers, and other networks deal with IPv4 and IPv6 address resolution issues associated with large Broadcast Domains by reducing and even suppressing the flooding produced by address resolution in the EVPN network.
- Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) (draft-ietf-lamps-crmf-update-algs)
By Russ Housley, 2021-04-08 TXT HTML PDF
Abstract: This document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) specified in RFC 4211.
- IS-IS Extension to Support Segment Routing over IPv6 Dataplane (draft-ietf-lsr-isis-srv6-extensions)
By Peter Psenak, Clarence Filsfils, Ahmed Bashandy, Bruno Decraene, Zhibo Hu, 2021-04-08 TXT HTML PDF
Abstract: The Segment Routing (SR) allows for a flexible definition of end-to- end paths by encoding paths as sequences of topological sub-paths, called "segments". Segment routing architecture can be implemented over an MPLS data plane as well as an IPv6 data plane. This document describes the IS-IS extensions required to support Segment Routing over an IPv6 data plane.
- NTP Interleaved Modes (draft-ietf-ntp-interleaved-modes)
By Miroslav Lichvar, Aanchal Malhotra, 2021-04-08 TXT HTML PDF
Abstract: This document extends the specification of Network Time Protocol (NTP) version 4 in RFC 5905 with special modes called the NTP interleaved modes, that enable NTP servers to provide their clients and peers with more accurate transmit timestamps that are available only after transmitting NTP packets. More specifically, this document describes three modes: interleaved client/server, interleaved symmetric, and interleaved broadcast.
- The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) (draft-ietf-oauth-jwsreq)
By Nat Sakimura, John Bradley, Michael Jones, 2021-04-08 TXT HTML PDF
Abstract: The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that Authorization Request parameters are encoded in the URI of the request and sent through user agents such as web browsers. While it is easy to implement, it means that (a) the communication through the user agents is not integrity protected and thus the parameters can be tainted, (b) the source of the communication is not authenticated, and (c) the communication through the user agents can be monitored. Because of these weaknesses, several attacks to the protocol have now been put forward.
- A YANG Module for TACACS+ (draft-ietf-opsawg-tacacs-yang)
By Bo Wu, Guangying Zheng, Zitao Wang, 2021-04-08 TXT HTML PDF
Abstract: This document defines a Terminal Access Controller Access-Control System Plus (TACACS+) client YANG module, that augments the System Management data model, defined in RFC 7317, to allow devices to make use of TACACS+ servers for centralized Authentication, Authorization and Accounting (AAA).
- A Layer 2/3 VPN Common YANG Model (draft-ietf-opsawg-vpn-common)
By samier barguil, Oscar de Dios, Mohamed Boucadair, Qin WU, 2021-04-08 TXT HTML PDF
Abstract: This document defines a common YANG module that is meant to be reused by various VPN-related modules such as Layer 3 VPN and Layer 2 VPN network models.
- A Yang Data Model for IGMP/MLD Proxy (draft-ietf-pim-igmp-mld-proxy-yang)
By Hongji Zhao, Xufeng Liu, Yisong Liu, Mani Panchanathan, Mahesh Sivakumar, 2021-04-08 TXT HTML PDF
Abstract: This document defines a YANG data model that can be used to configure and manage Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) proxy devices. The YANG module in this document conforms to Network Management Datastore Architecture (NMDA).
- Operational Implications of IPv6 Packets with Extension Headers (draft-ietf-v6ops-ipv6-ehs-packet-drops)
By Fernando Gont, Nick Hilliard, Gert Doering, Warren Kumari, Geoff Huston, Will LIU, 2021-04-08 TXT HTML PDF
Abstract: This document summarizes the operational implications of IPv6 extension headers specified in the IPv6 protocol specification (RFC8200), and attempts to analyze reasons why packets with IPv6 extension headers are often dropped in the public Internet.
Expired Drafts
- ACME End User Client and Code Signing Certificates (draft-ietf-acme-client)
By Kathleen Moriarty, 2020-10-05 TXT HTML PDF
Abstract: Automated Certificate Management Environment (ACME) core protocol addresses the use case of web server certificates for TLS. This document extends the ACME protocol to support end user client, device client, and code signing certificates.
- The ristretto255 and decaf448 Groups (draft-irtf-cfrg-ristretto255-decaf448)
By Henry de Valence, Jack Grigg, George Tankersley, Filippo Valsorda, Isis Lovecruft, Mike Hamburg, 2020-10-05 TXT HTML PDF
Abstract: This memo specifies two prime-order groups, ristretto255 and decaf448, suitable for safely implementing higher-level and complex cryptographic protocols. The ristretto255 group can be implemented using Curve25519, allowing existing Curve25519 implementations to be reused and extended to provide a prime-order group. Likewise, the decaf448 group can be implemented using edwards448.
|
Drafts Sent to IESG
IESG Progress
- An ACME Profile for Generating Delegated Certificates (draft-ietf-acme-star-delegation): IESG Evaluation » ::Revised I-D Needed
By Yaron Sheffer, Diego Lopez, Antonio Pastor, Thomas Fossati, 2021-03-26 TXT HTML PDF
Abstract: This memo defines a profile of the Automatic Certificate Management Environment (ACME) protocol by which the owner of an identifier (e.g., a domain name) can allow a third party to obtain an X.509 certificate such that the certificate subject is the delegated identifier while the certified public key corresponds to a private key controlled by the third party. A primary use case is that of a Content Delivery Network (CDN, the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time. A key property of this mechanism is it does not require any modification to the deployed TLS ecosystem.
- RTP-mixer formatting of multi-party Real-time text (draft-ietf-avtcore-multi-party-rtt-mix): AD Evaluation » ::Revised I-D Needed
By Gunnar Hellstrom, 2021-02-10 TXT HTML PDF
Abstract: Real-time text mixers for multi-party sessions need to identify the source of each transmitted group of text so that the text can be presented by endpoints in suitable grouping with other text from the same source, while new text from other sources is also presented in readable grouping as received interleaved in real-time.
- YANG Data Model for Babel (draft-ietf-babel-yang-model): AD Evaluation::AD Followup » In Last Call
By Mahesh Jethanandani, Barbara Stark, 2021-03-14 TXT HTML PDF
Abstract: This document defines a data model for the Babel routing protocol. The data model is defined using the YANG data modeling language.
- EVPN Operations, Administration and Maintenance Requirements and Framework (draft-ietf-bess-evpn-oam-req-frmwk): IESG Evaluation » ::Revised I-D Needed
By Samer Salam, Ali Sajassi, Sam Aldrin, John Drake, Donald Eastlake, 2021-04-06 TXT HTML PDF
Abstract: This document specifies the requirements and reference framework for Ethernet VPN (EVPN) Operations, Administration and Maintenance (OAM). The requirements cover the OAM aspects of EVPN and PBB-EVPN (Provider Backbone Bridge EVPN). The framework defines the layered OAM model encompassing the EVPN service layer, network layer, underlying Packet Switched Network (PSN) transport layer, and link layer but focuses on the service and network layers.
- Concise Binary Object Representation (CBOR) Tags for Object Identifiers (draft-ietf-cbor-tags-oid): IESG Evaluation » ::Revised I-D Needed
By Carsten Bormann, 2021-03-30 TXT HTML PDF
Abstract: The Concise Binary Object Representation (CBOR, RFC 8949) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.
- Support for Local RIB in BGP Monitoring Protocol (BMP) (draft-ietf-grow-bmp-local-rib): IESG Evaluation » ::Revised I-D Needed
By Tim Evens, Serpil Bayraktar, Manish Bhardwaj, Paolo Lucente, 2021-03-08 TXT HTML PDF
Abstract: The BGP Monitoring Protocol (BMP) defines access to various Routing Information Bases (RIBs). This document updates BMP (RFC 7854) by adding access to the Local Routing Information Base (Loc-RIB), as defined in RFC 4271. The Loc-RIB contains the routes that have been selected by the local BGP speaker's Decision Process.
- Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) (draft-ietf-lamps-crmf-update-algs): IESG Evaluation » Approved-announcement to be sent::AD Followup
By Russ Housley, 2021-04-08 TXT HTML PDF
Abstract: This document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) specified in RFC 4211.
- IS-IS Extension to Support Segment Routing over IPv6 Dataplane (draft-ietf-lsr-isis-srv6-extensions): AD Evaluation::Revised I-D Needed » ::External Party
By Peter Psenak, Clarence Filsfils, Ahmed Bashandy, Bruno Decraene, Zhibo Hu, 2021-04-08 TXT HTML PDF
Abstract: The Segment Routing (SR) allows for a flexible definition of end-to- end paths by encoding paths as sequences of topological sub-paths, called "segments". Segment routing architecture can be implemented over an MPLS data plane as well as an IPv6 data plane. This document describes the IS-IS extensions required to support Segment Routing over an IPv6 data plane.
- OSPF Prefix Originator Extensions (draft-ietf-lsr-ospf-prefix-originator): IESG Evaluation » Approved-announcement to be sent::Revised I-D Needed
By Aijun Wang, Acee Lindem, Jie Dong, Peter Psenak, Ketan Talaulikar, 2021-04-07 TXT HTML PDF
Abstract: This document defines OSPF extensions to include information associated with the node originating a prefix along with the prefix advertisement.
- JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens (draft-ietf-oauth-access-token-jwt): IESG Evaluation » Approved-announcement to be sent::Revised I-D Needed
By Vittorio Bertocci, 2021-03-17 TXT HTML PDF
Abstract: This specification defines a profile for issuing OAuth 2.0 access tokens in JSON web token (JWT) format. Authorization servers and resource servers from different vendors can leverage this profile to issue and consume access tokens in an interoperable manner.
- The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) (draft-ietf-oauth-jwsreq): IESG Evaluation » Approved-announcement to be sent
By Nat Sakimura, John Bradley, Michael Jones, 2021-04-08 TXT HTML PDF
Abstract: The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that Authorization Request parameters are encoded in the URI of the request and sent through user agents such as web browsers. While it is easy to implement, it means that (a) the communication through the user agents is not integrity protected and thus the parameters can be tainted, (b) the source of the communication is not authenticated, and (c) the communication through the user agents can be monitored. Because of these weaknesses, several attacks to the protocol have now been put forward.
- RTP Payload Format for VP9 Video (draft-ietf-payload-vp9): Publication Requested » AD Evaluation
By Justin Uberti, Stefan Holmer, Magnus Flodman, Danny Hong, Jonathan Lennox, 2021-04-01 TXT HTML PDF
Abstract: This memo describes an RTP payload format for the VP9 video codec. The payload format has wide applicability, as it supports applications from low bit-rate peer-to-peer usage, to high bit-rate video conferences. It includes provisions for temporal and spatial scalability.
- Exported Authenticators in TLS (draft-ietf-tls-exported-authenticator): IESG Evaluation » Approved-announcement to be sent::Revised I-D Needed
By Nick Sullivan, 2021-01-25 TXT HTML PDF
Abstract: This document describes a mechanism in Transport Layer Security (TLS) for peers to provide a proof of ownership of an identity, such as an X.509 certificate. This proof can be exported by one peer, transmitted out-of-band to the other peer, and verified by the receiving peer.
- Considerations around Transport Header Confidentiality, Network Operations, and the Evolution of Internet Transport Protocols (draft-ietf-tsvwg-transport-encrypt): IESG Evaluation » Approved-announcement to be sent::Revised I-D Needed
By Gorry Fairhurst, Colin Perkins, 2021-03-08 TXT HTML PDF
Abstract: To protect user data and privacy, Internet transport protocols have supported payload encryption and authentication for some time. Such encryption and authentication is now also starting to be applied to the transport protocol headers. This helps avoid transport protocol ossification by middleboxes, mitigate attacks against the transport protocol, and protect metadata about the communication. Current operational practice in some networks inspect transport header information within the network, but this is no longer possible when those transport headers are encrypted.
Drafts Sent to RFC Editor
- Propagation of ARP/ND Flags in EVPN (draft-ietf-bess-evpn-na-flags): IESG Evaluation::AD Followup » RFC Ed Queue
By Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Wen Lin, 2020-12-01 TXT HTML PDF
Abstract: This document defines an Extended Community that is advertised along with an EVPN MAC/IP Advertisement route and carries information relevant to the ARP/ND resolution, so that an EVPN PE implementing a proxy-ARP/ND or ARP/ND (on IRB interfaces) function can reply to ARP Requests or Neighbor Solicitations with the correct information.
Other Status Changes
RFC Editor Status Changes
- DetNet Data Plane: MPLS over UDP/IP (draft-ietf-detnet-mpls-over-udp-ip): » AUTH48
By Balazs Varga, Janos Farkas, Lou Berger, Andrew Malis, Stewart Bryant, 2020-12-14 TXT HTML PDF
Abstract: This document specifies the MPLS Deterministic Networking data plane operation and encapsulation over an IP network. The approach is based on the operation of MPLS-in-UDP technology.
IPR Disclosures
IESG/IAB/IAOC/Trust Minutes
Liaison Statements
Classified Ads
|
WGs marked with an 
