Current Internet-Drafts This summary sheet provides a short synopsis of each Internet-Draft available within the "internet-drafts" directory at the shadow sites directory. These drafts are listed alphabetically by working group acronym and start date. Generated 2019-12-14 20:07:56 UTC. IPv6 over Networks of Resource-constrained Nodes (6lo) ------------------------------------------------------ "Transmission of IPv6 Packets over Near Field Communication", Younghwan Choi, Yong-Geun Hong, Joo-Sang Youn, Dongkyun Kim, JinHyeock Choi, 2019-07-08, Near field communication (NFC) is a set of standards for smartphones and portable devices to establish radio communication with each other by touching them together or bringing them into proximity, usually no more than 10 cm apart. NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa. The standards include ISO/IEC 18092 and those defined by the NFC Forum. The NFC technology has been widely implemented and available in mobile phones, laptop computers, and many other devices. This document describes how IPv6 is transmitted over NFC using 6LoWPAN techniques. "IPv6 Backbone Router", Pascal Thubert, Charles Perkins, Eric Levy-Abegnoli, 2019-09-26, This document updates RFC 6775 and RFC 8505 in order to enable proxy services for IPv6 Neighbor Discovery by Routing Registrars called Backbone Routers. Backbone Routers are placed along the wireless edge of a Backbone, and federate multiple wireless links to form a single MultiLink Subnet. "IPv6 Mesh over BLUETOOTH(R) Low Energy using IPSP", Carles Gomez, Seyed Darroudi, Teemu Savolainen, Michael Spoerk, 2019-12-14, RFC 7668 describes the adaptation of 6LoWPAN techniques to enable IPv6 over Bluetooth low energy networks that follow the star topology. However, recent Bluetooth specifications allow the formation of extended topologies as well. This document specifies mechanisms that are needed to enable IPv6 mesh over Bluetooth Low Energy links established by using the Bluetooth Internet Protocol Support Profile. This document does not specify the routing protocol to be used in an IPv6 mesh over Bluetooth LE links. "Address Protected Neighbor Discovery for Low-power and Lossy Networks", Pascal Thubert, Behcet Sarikaya, Mohit Sethi, Rene Struik, 2019-04-10, This document specifies an extension to 6LoWPAN Neighbor Discovery (ND) protocol defined in RFC6775 and updated in RFC8505. The new extension is called Address Protected Neighbor Discovery (AP-ND) and it protects the owner of an address against address theft and impersonation attacks in a low-power and lossy network (LLN). Nodes supporting this extension compute a cryptographic identifier (Crypto- ID) and use it with one or more of their Registered Addresses. The Crypto-ID identifies the owner of the Registered Address and can be used to provide proof of ownership of the Registered Addresses. Once an address is registered with the Crypto-ID and a proof-of-ownership is provided, only the owner of that address can modify the registration information, thereby enforcing Source Address Validation. "IPv6 over Constrained Node Networks (6lo) Applicability & Use cases", Yong-Geun Hong, Carles Gomez, Abdur Sangi, Take Aanstoot, Samita Chakrabarti, 2019-11-04, This document describes the applicability of IPv6 over constrained node networks (6lo) and provides practical deployment examples. In addition to IEEE 802.15.4, various link layer technologies such as ITU-T G.9959 (Z-Wave), BLE, DECT-ULE, MS/TP, NFC, and PLC (IEEE 1901.2) are used as examples. The document targets an audience who like to understand and evaluate running end-to-end IPv6 over the constrained node networks connecting devices to each other or to other devices on the Internet (e.g. cloud infrastructure). "Packet Delivery Deadline time in 6LoWPAN Routing Header", Lijo Thomas, Satish Anamalamudi, S.V.R Anand, Malati Hegde, Charles Perkins, 2019-07-08, This document specifies a new type for the 6LoWPAN routing header containing the deadline time for data packets, designed for use over constrained networks. The deadline time enables forwarding and scheduling decisions for time critical IoT machine to machine (M2M) applications that operate within time-synchronized networks that agree on the meaning of the time representations used for the deadline time values. "6LoWPAN Selective Fragment Recovery", Pascal Thubert, 2019-11-28, This draft updates RFC 4944 with a simple protocol to recover individual fragments across a route-over mesh network, with a minimal flow control to protect the network against bloat. "On Forwarding 6LoWPAN Fragments over a Multihop IPv6 Network", Thomas Watteyne, Pascal Thubert, Carsten Bormann, 2019-11-28, This document introduces the capability to forward 6LoWPAN fragments. This method reduces the latency and increases end-to-end reliability in route-over forwarding. It is the companion to using virtual reassembly buffers which is a pure implementation technique. "Transmission of IPv6 Packets over PLC Networks", Jianqiang Hou, Bing Liu, Yong-Geun Hong, Xiaojun Tang, Charles Perkins, 2019-11-03, Power Line Communication (PLC), namely using the electric-power lines for indoor and outdoor communications, has been widely applied to support Advanced Metering Infrastructure (AMI), especially smart meters for electricity. The inherent advantage of existing electricity infrastructure facilitates the expansion of PLC deployments, and moreover, a wide variety of accessible devices raises the potential demand of IPv6 for future applications. This document describes how IPv6 packets are transported over constrained PLC networks, such as ITU-T G.9903, IEEE 1901.1 and IEEE 1901.2. IPv6 Maintenance (6man) ----------------------- "IPv6 Segment Routing Header (SRH)", Clarence Filsfils, Darren Dukes, Stefano Previdi, John Leddy, Satoru Matsushima, Daniel Voyer, 2019-10-22, Segment Routing can be applied to the IPv6 data plane using a new type of Routing Extension Header called the Segment Routing Header. This document describes the Segment Routing Header and how it is used by Segment Routing capable nodes. "ICMPv6 errors for discarding packets due to processing limits", Tom Herbert, 2019-09-30, Network nodes may discard packets if they are unable to process protocol headers of packets due to processing constraints or limits. When such packets are dropped, the sender receives no indication so it cannot take action to address the cause of discarded packets. This specification defines several new ICMPv6 errors that can be sent by a node that discards packets because it is unable to process the protocol headers. A node that receives such an ICMPv6 error may be able to modify what it sends in future packets to avoid subsequent packet discards. "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", Fernando Gont, Suresh Krishnan, Thomas Narten, Richard Draves, 2019-12-10, Nodes use IPv6 stateless address autoconfiguration to generate addresses using a combination of locally available information and information advertised by routers. Addresses are formed by combining network prefixes with an interface identifier. This document describes an extension that causes nodes to generate global scope addresses with randomized interface identifiers that change over time. Changing global scope addresses over time makes it more difficult for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node. This document formally obsoletes RFC4941. "Discovering PREF64 in Router Advertisements", Lorenzo Colitti, Jen Linkova, 2019-11-27, This document specifies a Neighbor Discovery option to be used in Router Advertisements to communicate NAT64 prefixes to hosts. "Operations, Administration, and Maintenance (OAM) in Segment Routing Networks with IPv6 Data plane (SRv6)", Zafar Ali, Clarence Filsfils, Satoru Matsushima, Daniel Voyer, Mach Chen, 2019-11-20, This document defines building blocks for Operations, Administration, and Maintenance (OAM) in Segment Routing Networks with IPv6 Dataplane (SRv6). The document also describes some SRv6 OAM mechanisms. "IPv6 Minimum Path MTU Hop-by-Hop Option", Robert Hinden, Gorry Fairhurst, 2019-09-13, This document specifies a new Hop-by-Hop IPv6 option that is used to record the minimum Path MTU along the forward path between a source host to a destination host. This collects a minimum recorded MTU along the path to the destination. The value can then be communicated back to the source using the return Path MTU field in the option. This Hop-by-Hop option is intended to be used in environments like Data Centers and on paths between Data Centers, to allow them to better take advantage of paths able to support a large Path MTU. IPv6 over the TSCH mode of IEEE 802.15.4e (6tisch) -------------------------------------------------- "An Architecture for IPv6 over the TSCH mode of IEEE 802.15.4", Pascal Thubert, 2019-10-29, This document describes a network architecture that provides low- latency, low-jitter and high-reliability packet delivery. It combines a high-speed powered backbone and subnetworks using IEEE 802.15.4 time-slotted channel hopping (TSCH) to meet the requirements of LowPower wireless deterministic applications. "Constrained Join Protocol (CoJP) for 6TiSCH", Malisa Vucinic, Jonathan Simon, Kris Pister, Michael Richardson, 2019-12-10, This document describes the minimal framework required for a new device, called "pledge", to securely join a 6TiSCH (IPv6 over the TSCH mode of IEEE 802.15.4e) network. The framework requires that the pledge and the JRC (join registrar/coordinator, a central entity), share a symmetric key. How this key is provisioned is out of scope of this document. Through a single CoAP (Constrained Application Protocol) request-response exchange secured by OSCORE (Object Security for Constrained RESTful Environments), the pledge requests admission into the network and the JRC configures it with link-layer keying material and other parameters. The JRC may at any time update the parameters through another request-response exchange secured by OSCORE. This specification defines the Constrained Join Protocol and its CBOR (Concise Binary Object Representation) data structures, and describes how to configure the rest of the 6TiSCH communication stack for this join process to occur in a secure manner. Additional security mechanisms may be added on top of this minimal framework. "6tisch Zero-Touch Secure Join protocol", Michael Richardson, 2019-07-08, This document describes a Zero-touch Secure Join (ZSJ) mechanism to enroll a new device (the "pledge") into a IEEE802.15.4 TSCH network using the 6tisch signaling mechanisms. The resulting device will obtain a domain specific credential that can be used with either 802.15.9 per-host pair keying protocols, or to obtain the network- wide key from a coordinator. The mechanism describe here is an augmentation to the one-touch mechanism described in [I-D.ietf-6tisch-minimal-security], and is a profile of the constrained voucher mechanism [I-D.ietf-anima-constrained-voucher]. "IEEE 802.15.4 Information Element encapsulation of 6TiSCH Join and Enrollment Information", Diego Dujovne, Michael Richardson, 2019-11-04, In TSCH mode of IEEE STD 802.15.4, opportunities for broadcasts are limited to specific times and specific channels. Nodes in a TSCH network typically frequently send Enhanced Beacon (EB) frames to announce the presence of the network. This document provides a mechanism by which small details critical for new nodes (pledges) and long sleeping nodes may be carried within the Enhanced Beacon. "6TiSCH Minimal Scheduling Function (MSF)", Tengfei Chang, Malisa Vucinic, Xavier Vilajosana, Simon Duquennoy, Diego Dujovne, 2019-12-13, This specification defines the 6TiSCH Minimal Scheduling Function (MSF). This Scheduling Function describes both the behavior of a node when joining the network, and how the communication schedule is managed in a distributed fashion. MSF is built upon the 6TiSCH Operation Sublayer Protocol (6P) and the Minimal Security Framework for 6TiSCH. Authentication and Authorization for Constrained Environments (ace) ------------------------------------------------------------------- "Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth)", Ludwig Seitz, Goeran Selander, Erik Wahlstroem, Samuel Erdtman, Hannes Tschofenig, 2019-12-14, This specification defines a framework for authentication and authorization in Internet of Things (IoT) environments called ACE- OAuth. The framework is based on a set of building blocks including OAuth 2.0 and the Constrained Application Protocol (CoAP), thus transforming a well-known and widely used authorization solution into a form suitable for IoT devices. Existing specifications are used where possible, but extensions are added and profiles are defined to better serve the IoT use cases. "Datagram Transport Layer Security (DTLS) Profile for Authentication and Authorization for Constrained Environments (ACE)", Stefanie Gerdes, Olaf Bergmann, Carsten Bormann, Goeran Selander, Ludwig Seitz, 2019-04-12, This specification defines a profile of the ACE framework that allows constrained servers to delegate client authentication and authorization. The protocol relies on DTLS for communication security between entities in a constrained network using either raw public keys or pre-shared keys. A resource-constrained server can use this protocol to delegate management of authorization information to a trusted host with less severe limitations regarding processing power and memory. "Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)", Michael Jones, Ludwig Seitz, Goeran Selander, Samuel Erdtman, Hannes Tschofenig, 2019-10-31, This specification describes how to declare in a CBOR Web Token (CWT) (which is defined by RFC 8392) that the presenter of the CWT possesses a particular proof-of-possession key. Being able to prove possession of a key is also sometimes described as being the holder- of-key. This specification provides equivalent functionality to "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)" (RFC 7800) but using Concise Binary Object Representation (CBOR) and CWTs rather than JavaScript Object Notation (JSON) and JSON Web Tokens (JWTs). "OSCORE profile of the Authentication and Authorization for Constrained Environments Framework", Francesca Palombini, Ludwig Seitz, Goeran Selander, Martin Gunnarsson, 2019-07-08, This memo specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. It utilizes Object Security for Constrained RESTful Environments (OSCORE) to provide communication security, server authentication, and proof-of-possession for a key owned by the client and bound to an OAuth 2.0 access token. "EST over secure CoAP (EST-coaps)", Peter van der Stok, Panos Kampanakis, Michael Richardson, Shahid Raza, 2019-12-05, Enrollment over Secure Transport (EST) is used as a certificate provisioning protocol over HTTPS. Low-resource devices often use the lightweight Constrained Application Protocol (CoAP) for message exchanges. This document defines how to transport EST payloads over secure CoAP (EST-coaps), which allows constrained devices to use existing EST functionality for provisioning certificates. "Additional OAuth Parameters for Authorization in Constrained Environments (ACE)", Ludwig Seitz, 2019-11-16, This specification defines new parameters for the OAuth 2.0 token and introspection endpoints when used with the framework for authentication and authorization for constrained environments (ACE). These are used to express the proof-of-possession key the client whishes to use, the proof-of-possession key that the AS has selected, and the key the RS should use to authenticate to the client. "Key Provisioning for Group Communication using ACE", Francesca Palombini, Marco Tiloca, 2019-11-04, This document defines message formats and procedures for requesting and distributing group keying material using the ACE framework, to protect communications between group members. "Key Management for OSCORE Groups in ACE", Marco Tiloca, Jiye Park, Francesca Palombini, 2019-11-04, This document describes a method to request and provision keying material in group communication scenarios where the group communication is based on CoAP and secured with Object Security for Constrained RESTful Environments (OSCORE). The proposed method delegates the authentication and authorization of new client nodes that join an OSCORE group through a Group Manager server. This approach builds on the ACE framework for Authentication and Authorization, and leverages protocol-specific transport profiles of ACE to achieve communication security, proof-of-possession and server authentication. "MQTT-TLS profile of ACE", Cigdem Sengul, Anthony Kirby, Paul Fremantle, 2019-11-03, This document specifies a profile for the ACE (Authentication and Authorization for Constrained Environments) framework to enable authorization in an MQTT-based publish-subscribe messaging system. Proof-of-possession keys, bound to OAuth2.0 access tokens, are used to authenticate and authorize MQTT Clients. The protocol relies on TLS for confidentiality and server authentication. Automated Certificate Management Environment (acme) --------------------------------------------------- "Support for Short-Term, Automatically-Renewed (STAR) Certificates in Automated Certificate Management Environment (ACME)", Yaron Sheffer, Diego Lopez, Oscar de Dios, Antonio Pastor, Thomas Fossati, 2019-10-24, Public-key certificates need to be revoked when they are compromised, that is, when the associated private key is exposed to an unauthorized entity. However the revocation process is often unreliable. An alternative to revocation is issuing a sequence of certificates, each with a short validity period, and terminating this sequence upon compromise. This memo proposes an ACME extension to enable the issuance of short-term and automatically renewed (STAR) X.509 certificates. [RFC Editor: please remove before publication] While the draft is being developed, the editor's version can be found at https://github.com/yaronf/I-D/tree/master/STAR. "Extensions to Automatic Certificate Management Environment for end user S/MIME certificates", Alexey Melnikov, 2019-11-01, This document specifies identifiers and challenges required to enable the Automated Certificate Management Environment (ACME) to issue certificates for use by email users that want to use S/MIME. "ACME IP Identifier Validation Extension", Roland Shoemaker, 2019-10-01, This document specifies identifiers and challenges required to enable the Automated Certificate Management Environment (ACME) to issue certificates for IP addresses. "ACME TLS ALPN Challenge Extension", Roland Shoemaker, 2019-10-01, This document specifies a new challenge for the Automated Certificate Management Environment (ACME) protocol that allows for domain control validation using TLS. "TNAuthList profile of ACME Authority Token", Chris Wendt, David Hancock, Mary Barnes, Jon Peterson, 2019-11-04, This document defines a profile of the Automated Certificate Management Environment (ACME) Authority Token for the automated and authorized creation of certificates for VoIP Telephone Providers to support Secure Telephony Identity (STI) using the TNAuthList defined by STI certificates. "ACME Challenges Using an Authority Token", Jon Peterson, Mary Barnes, David Hancock, Chris Wendt, 2019-11-04, Some proposed extensions to the Automated Certificate Management Environment (ACME) rely on proving eligibility for certificates through consulting an external authority that issues a token according to a particular policy. This document specifies a generic Authority Token challenge for ACME which supports subtype claims for different identifiers or namespaces that can be defined separately for specific applications. "An ACME Profile for Generating Delegated STAR Certificates", Yaron Sheffer, Diego Lopez, Antonio Pastor, Thomas Fossati, 2019-08-26, This memo proposes a profile of the ACME protocol that allows the owner of an identifier (e.g., a domain name) to delegate to a third party access to a certificate associated with said identifier. A primary use case is that of a CDN (the third party) terminating TLS sessions on behalf of a content provider (the owner of a domain name). The presented mechanism allows the owner of the identifier to retain control over the delegation and revoke it at any time by cancelling the associated STAR certificate renewal with the ACME CA. Another key property of this mechanism is it does not require any modification to the deployed TLS ecosystem. Application-Layer Traffic Optimization (alto) --------------------------------------------- "ALTO Incremental Updates Using Server-Sent Events (SSE)", Wendy Roome, Y. Yang, 2019-07-23, The Application-Layer Traffic Optimization (ALTO) [RFC7285] protocol provides network related information, called network information resources, to client applications so that clients can make informed decisions in utilizing network resources. For example, an ALTO server can provide network and cost maps so that an ALTO client can use the maps to determine the costs between network endpoints when choosing communicating endpoints. However, the ALTO protocol does not define a mechanism to allow an ALTO client to obtain updates to the information resources, other than by periodically re-fetching them. Because some information resources (e.g., the aforementioned maps) may be large (potentially tens of megabytes), and because only parts of the information resources may change frequently (e.g., only some entries in a cost map), complete re-fetching can be extremely inefficient. This document presents a mechanism to allow an ALTO server to push updates to ALTO clients, to achieve two benefits: (1) updates can be immediate, in that the ALTO server can send updates as soon as they are available; and (2) updates can be incremental, in that if only a small section of an information resource changes, the ALTO server can send just the changes. "ALTO Cost Calendar", Sabine Randriamasy, Y. Yang, Qin WU, Deng Lingli, Nico Schwan, 2019-10-31, This document is an extension to the base Application-Layer Traffic Optimization (ALTO) protocol. It extends the ALTO cost information service so that applications decide not only 'where' to connect, but also 'when'. This is useful for applications that need to perform bulk data transfer and would like to schedule these transfers during an off-peak hour, for example. This extension introduces ALTO Cost Calendar, with which an ALTO Server exposes ALTO cost values in JSON arrays where each value corresponds to a given time interval. The time intervals as well as other Calendar attributes, are specified in the Information Resources Directory and ALTO Server responses. "ALTO Performance Cost Metrics", Qin WU, Y. Yang, Young Lee, Dhruv Dhody, Sabine Randriamasy, 2019-11-04, Cost metric is a basic concept in Application-Layer Traffic Optimization (ALTO), and is used in basic services including both the cost map service and the endpoint cost service. Different applications may use different cost metrics, but the ALTO base protocol documents only one single cost metric, i.e., the generic "routingcost" metric; see Sec. 14.2 of ALTO base specification [RFC7285]. Hence, if the resource consumer of an application prefers a resource provider that offers low-delay delivery to the resource consumer, the base protocol does not define the cost metric to be used. ALTO cost metrics can be generic metrics and this document focuses on network performance metrics, including network delay, jitter, packet loss, hop count, and bandwidth. Additional cost metrics may be documented in other documents. When using an ALTO performance metric, applications need additional information beyond the metric. In particular, its "cost-source", such as it being an estimation or an SLA, is key to define the meaning of a performance metric. Hence, each ALTO performance metric should include the "cost-source" of the metric. To report an estimated value of a performance metric, the ALTO server may derive and aggregate from routing protocols with different granularity and scope, such as BGP-LS, OSPF-TE and ISIS-TE, or from end-to-end traffic management tools. These metrics may then be exposed by an ALTO Server to allow applications to determine "where" to connect based on network performance criteria. "Application Layer Traffic Optimization (ALTO) Cross-Domain Server Discovery", Sebastian Kiesel, Martin Stiemerling, 2019-08-20, The goal of Application-Layer Traffic Optimization (ALTO) is to provide guidance to applications that have to select one or several hosts from a set of candidates capable of providing a desired resource. ALTO is realized by a client-server protocol. Before an ALTO client can ask for guidance it needs to discover one or more ALTO servers that can provide suitable guidance. In some deployment scenarios, in particular if the information about the network topology is partitioned and distributed over several ALTO servers, it may be needed to discover an ALTO server outside of the own network domain, in order to get appropriate guidance. This document details applicable scenarios, itemizes requirements, and specifies a procedure for ALTO cross-domain server discovery. Technically, the procedure specified in this document takes one IP address or prefix and a U-NAPTR Service Parameter (typically, "ALTO:https") as parameters. It performs DNS lookups (for NAPTR resource records in the in-addr.arpa. or ip6.arpa. tree) and returns one or more URI(s) of information resources related to that IP address or prefix. "ALTO Extension: Path Vector", Kai Gao, Young Lee, Sabine Randriamasy, Y. Yang, J. Zhang, 2019-11-03, This document defines an ALTO extension that allows an ALTO information resource to provide not only preferences but also correlations of the paths between different PIDs or endpoints. The extended information, including aggregations of network components on the paths and their properties, can be used to improve the robustness and performance for applications in some new usage scenarios, such as high-speed data transfers and traffic optimization using in-network storage and computation. This document reuses the mechanisms of the ALTO base protocol and the Unified Property extension, such as Information Resource Directory (IRD) capabilities and entity domains, to negotiate and exchange path correlation information. Meanwhile, it uses an extended compound message to fully represent the path correlation information, for better server scalability and message modularity. Specifically, the extension 1) introduces abstract network element (ANE) as an abstraction for an aggregation of network components and encodes a network path as a "path vector", i.e., an array of ANEs traversed from the source to the destination, 2) encodes properties of abstract network elements in a unified property map, and 3) encapsulates the two types of information in a multipart message. "Content Delivery Network Interconnection (CDNI) Request Routing: CDNI Footprint and Capabilities Advertisement using ALTO", Jan Seedorf, Y. Yang, Kevin Ma, Jon Peterson, Xiao Lin, Jingxuan Zhang, 2019-11-04, The Content Delivery Networks Interconnection (CDNI) framework [RFC6707] defines a set of protocols to interconnect CDNs, to achieve multiple goals such as extending the reach of a given CDN to areas that are not covered by that particular CDN. One component that is needed to achieve the goal of CDNI described in [RFC7336] is the CDNI Request Routing Footprint & Capabilities Advertisement interface (FCI). [RFC8008] defines precisely the semantics of FCI and provides guidelines on the FCI protocol, but the exact protocol is explicitly outside the scope of that document. In this document, we follow the guidelines to define an FCI protocol using the Application-Layer Traffic Optimization (ALTO) protocol. "Unified Properties for the ALTO Protocol", Wendy Roome, Sabine Randriamasy, Y. Yang, J. Zhang, Kai Gao, 2019-11-04, This document extends the Application-Layer Traffic Optimization (ALTO) Protocol [RFC7285] by generalizing the concept of "endpoint properties" to generic types of entities, and by presenting those properties as maps, similar to the network and cost maps in [RFC7285]. Autonomic Networking Integrated Model and Approach (anima) ---------------------------------------------------------- "A Generic Autonomic Signaling Protocol (GRASP)", Carsten Bormann, Brian Carpenter, Bing Liu, 2017-07-13, This document specifies the GeneRic Autonomic Signaling Protocol (GRASP), which enables autonomic nodes and autonomic service agents to dynamically discover peers, to synchronize state with each other, and to negotiate parameter settings with each other. GRASP depends on an external security environment that is described elsewhere. The technical objectives and parameters for specific application scenarios are to be described in separate documents. Appendices briefly discuss requirements for the protocol and existing protocols with comparable features. "An Autonomic Control Plane (ACP)", Toerless Eckert, Michael Behringer, Steinthor Bjarnason, 2019-11-03, Autonomic functions need a control plane to communicate, which depends on some addressing and routing. This Autonomic Management and Control Plane should ideally be self-managing, and as independent as possible of configuration. This document defines such a plane and calls it the "Autonomic Control Plane", with the primary use as a control plane for autonomic functions. It also serves as a "virtual out-of-band channel" for Operations Administration and Management (OAM) communications over a network that provides automatically configured hop-by-hop authenticated and encrypted communications via automatically configured IPv6 even when the network is not configured, or misconfigured. "Bootstrapping Remote Secure Key Infrastructures (BRSKI)", Max Pritikin, Michael Richardson, Toerless Eckert, Michael Behringer, Kent Watsen, 2019-11-17, This document specifies automated bootstrapping of an Autonomic Control Plane. To do this a Secure Key Infrastructure is bootstrapped. This is done using manufacturer-installed X.509 certificates, in combination with a manufacturer's authorizing service, both online and offline. We call this process the Bootstrapping Remote Secure Key Infrastructure (BRSKI) protocol. Bootstrapping a new device can occur using a routable address and a cloud service, or using only link-local connectivity, or on limited/ disconnected networks. Support for deployment models with less stringent security requirements is included. Bootstrapping is complete when the cryptographic identity of the new key infrastructure is successfully deployed to the device. The established secure connection can be used to deploy a locally issued certificate to the device as well. "A Reference Model for Autonomic Networking", Michael Behringer, Brian Carpenter, Toerless Eckert, Laurent Ciavaglia, Jeferson Nobre, 2018-11-22, This document describes a reference model for Autonomic Networking for managed networks. It defines the behaviour of an autonomic node, how the various elements in an autonomic context work together, and how autonomic services can use the infrastructure. "Autonomic IPv6 Edge Prefix Management in Large-scale Networks", Sheng Jiang, Zongpeng Du, Brian Carpenter, Qiong Sun, 2017-12-18, This document defines two autonomic technical objectives for IPv6 prefix management at the edge of large-scale ISP networks, with an extension to support IPv4 prefixes. An important purpose of the document is to use it for validation of the design of various components of the autonomic networking infrastructure. "Generic Autonomic Signaling Protocol Application Program Interface (GRASP API)", Brian Carpenter, Bing Liu, Wendong Wang, Xiangyang Gong, 2019-10-06, This document is a conceptual outline of an application programming interface (API) for the Generic Autonomic Signaling Protocol (GRASP). Such an API is needed for Autonomic Service Agents (ASA) calling the GRASP protocol module to exchange autonomic network messages with other ASAs. Since GRASP is designed to support asynchronous operations, the API will need to be adapted to the support for asynchronicity in various languages and operating systems. "Constrained Voucher Artifacts for Bootstrapping Protocols", Michael Richardson, Peter van der Stok, Panos Kampanakis, 2019-07-08, This document defines a strategy to securely assign a pledge to an owner, using an artifact signed, directly or indirectly, by the pledge's manufacturer. This artifact is known as a "voucher". This document builds upon the work in [RFC8366], encoding the resulting artifact in CBOR. Use with two signature technologies are described. Additionally, this document explains how constrained vouchers may be transported as an extension to the [I-D.ietf-ace-coap-est] protocol. Applications and Real-Time Area (art) ------------------------------------- "Lightweight Directory Access Protocol (LDAP) Registrations for PKCS #9", Sean Leonard, 2017-11-13, PKCS #9 includes several useful definitions that are not yet reflected in the LDAP IANA registry. This document adds those definitions to the IANA registry. "Internationalized Domain Names in Applications (IDNA): Registry Restrictions and Recommendations", John Klensin, Asmus Freytag, 2019-08-29, The IDNA specifications for internationalized domain names combine rules that determine the labels that are allowed in the DNS without violating the protocol itself and an assignment of responsibility, consistent with earlier specifications, for determining the labels that are allowed in particular zones. Conformance to IDNA by registries and other implementations requires both parts. Experience strongly suggests that the language describing those responsibilities was insufficiently clear to promote safe and interoperable use of the specifications and that more details and discussion of circumstances would have been helpful. Without making any substantive changes to IDNA, this specification updates two of the core IDNA documents (RFCs 5890 and 5891) and the IDNA explanatory document (RFC 5894) to provide that guidance and to correct some technical errors in the descriptions. "Resolving Multiple Time Scales in the Internet", Joseph Touch, 2019-11-19, Internet systems use a variety of time scales, which can complicate time comparisons and calculations. This document explains these various ways of indicating time and explains how they can be used together safely. This document is intended as a companion to Internet time as discussed in RFC 3339. "New protocol elements for HTTP Status Code 451", Shivan Sahib, 2018-08-01, This document recommends additional protocol elements to Hypertext Transfer Protocol (HTTP) status code 451 (defined by RFC7725). Discussion of this document was conducted on the Human Rights Protocol Considerations Research Group mailing list https://www.irtf.org/mailman/listinfo/hrpc [1], briefly on the HTTPBIS Working Group mailing list ietf-http-wg@w3.org [2] and on https://lists.ghserv.net/mailman/listinfo/statuscode451 [3]. "IDNA2008 and Unicode 11.0.0", Patrik Faltstrom, 2019-03-11, This document describes the changes between Unicode 6.3.0 and Unicode 11.0.0 in the context of IDNA2008. Some additions and changes have been made in the Unicode Standard that affect the values produced by the algorithm IDNA2008 specifies. Although IDNA2008 allows adding exceptions to the algorithm for backward compatibility; however, this document does not add any such exceptions. This document provides the necessary tables to IANA to make its database consisstent with Unicode 11.0.0. To improve understanding, this document describes systems that are being used as alternatives to those that conform to IDNA2008. TO BE REMOVED AT TIME OF PUBLICATION AS AN RFC: This document is discussed on the i18nrp@ietf.org mailing list of the IETF. "The secret-token URI Scheme", Mark Nottingham, 2018-11-06, This document registers the "secret-token" URI scheme, to aid in the identification of authentication tokens. "IDNA2008 and Unicode 12.0.0", Patrik Faltstrom, 2019-03-11, This document describes the changes between Unicode 6.3.0 and Unicode 12.0.0 in the context of IDNA2008. Some additions and changes have been made in the Unicode Standard that affect the values produced by the algorithm IDNA2008 specifies. Although IDNA2008 allows adding exceptions to the algorithm for backward compatibility; however, this document does not add any such exceptions. This document provides the necessary tables to IANA to make its database consisstent with Unicode 12.0.0. To improve understanding, this document describes systems that are being used as alternatives to those that conform to IDNA2008. TO BE REMOVED AT TIME OF PUBLICATION AS AN RFC: This document is discussed on the i18nrp@ietf.org mailing list of the IETF. "IDNA Review for New Unicode Versions", John Klensin, Patrik Faltstrom, 2019-11-03, The standards for Internationalized Domain Names in Applications (IDNA) require a review of each new version of Unicode to determine whether incompatibilities with prior versions or other issues exist and, where appropriate, to allow the IETF to decide on the trade-offs between compatibility with prior IDNA versions and compatibility with Unicode going forward. That requirement, and its relationship to tables maintained by IANA, has caused significant confusion in the past. This document makes adjustments to the review procedure based on experience and updates IDNA, specifically RFC 5892, to reflect those changes and clarify the various relationships involved. It also makes other minor adjustments to align that document with experience. "Zstandard Compression and the application/zstd Media Type", Yann Collet, Murray Kucherawy, 2019-11-17, Zstandard, or "zstd" (pronounced "zee standard"), is a data compression mechanism. This document describes the mechanism and registers a media type and content encoding to be used when transporting zstd-compressed content via Multipurpose Internet Mail Extensions (MIME). Despite use of the word "standard" as part of its name, readers are advised that this document is not an Internet Standards Track specification; it is being published for informational purposes only. "application/importmap+json MIME Type Registration", Guy Bedford, 2019-11-17, Media type registration for JSON import map definitions that control the behavior of JavaScript imports. Audio/Video Transport Core Maintenance (avtcore) ------------------------------------------------ "Sending Multiple Types of Media in a Single RTP Session", Magnus Westerlund, Colin Perkins, Jonathan Lennox, 2015-12-18, This document specifies how an RTP session can contain RTP Streams with media from multiple media types such as audio, video, and text. This has been restricted by the RTP Specification, and thus this document updates RFC 3550 and RFC 3551 to enable this behaviour for applications that satisfy the applicability for using multiple media types in a single RTP session. "Guidelines for using the Multiplexing Features of RTP to Support Multiple Media Streams", Magnus Westerlund, Bo Burman, Colin Perkins, Harald Alvestrand, Roni Even, 2019-07-22, The Real-time Transport Protocol (RTP) is a flexible protocol that can be used in a wide range of applications, networks, and system topologies. That flexibility makes for wide applicability, but can complicate the application design process. One particular design question that has received much attention is how to support multiple media streams in RTP. This memo discusses the available options and design trade-offs, and provides guidelines on how to use the multiplexing features of RTP to support multiple media streams. "Sending Multiple RTP Streams in a Single RTP Session: Grouping RTCP Reception Statistics and Other Feedback", Jonathan Lennox, Magnus Westerlund, Qin WU, Colin Perkins, 2016-03-02, RTP allows multiple RTP streams to be sent in a single session, but requires each Synchronisation Source (SSRC) to send RTCP reception quality reports for every other SSRC visible in the session. This causes the number of RTCP reception reports to grow with the number of SSRCs, rather than the number of endpoints. In many cases most of these RTCP reception reports are unnecessary, since all SSRCs of an endpoint are normally co-located and see the same reception quality. This memo defines a Reporting Group extension to RTCP to reduce the reporting overhead in such scenarios. "RTP Payload Format for VP9 Video", Justin Uberti, Stefan Holmer, Magnus Flodman, Jonathan Lennox, Danny Hong, 2019-07-24, This memo describes an RTP payload format for the VP9 video codec. The payload format has wide applicability, as it supports applications from low bit-rate peer-to-peer usage, to high bit-rate video conferences. It includes provisions for temporal and spatial scalability. "Frame Marking RTP Header Extension", Mo Zanaty, Espen Berger, Suhas Nandakumar, 2019-11-21, This document describes a Frame Marking RTP header extension used to convey information about video frames that is critical for error recovery and packet forwarding in RTP middleboxes or network nodes. It is most useful when media is encrypted, and essential when the middlebox or node has no access to the media decryption keys. It is also useful for codec-agnostic processing of encrypted or unencrypted media, while it also supports extensions for codec-specific information. "RTP Control Protocol (RTCP) Feedback for Congestion Control", Zaheduzzaman Sarker, Colin Perkins, Varun Singh, Michael Ramalho, 2019-11-04, This document describes an RTCP feedback message intended to enable congestion control for interactive real-time traffic using RTP. The feedback message is designed for use with a sender-based congestion control algorithm, in which the receiver of an RTP flow sends RTCP feedback packets to the sender containing the information the sender needs to perform congestion control. "RTP Payload Format for TSVCIS Codec", Victor Demjanenko, John Punaro, David Satterlee, 2019-10-25, This document describes the RTP payload format for the Tactical Secure Voice Cryptographic Interoperability Specification (TSVCIS) speech coder. TSVCIS is a scalable narrowband voice coder supporting varying encoder data rates and fallbacks. It is implemented as an augmentation to the Mixed Excitation Linear Prediction Enhanced (MELPe) speech coder by conveying additional speech coder parameters for enhancing voice quality. TSVCIS augmented speech data is processed in conjunction with its temporal matched MELP 2400 speech data. The RTP packetization of TSVCIS and MELPe speech coder data is described in detail. "RTP Payload Format for the TETRA Audio Codec", Andreas Reisenbauer, Udo Brandhuber, Joachim Hagedorn, Klaus-Peter Hohnsch, Stefan Wenk, 2019-07-26, This document specifies a Real-time Transport Protocol (RTP) payload format for TETRA encoded speech signals. The payload format is designed to be able to interoperate with existing TETRA transport formats on non-IP networks. A media type registration is included, specifying the use of the RTP payload format and the storage format. "RTP Payload Format for ISO/IEC 21122 (JPEG XS)", Sebastien Lugan, Gael Rouvroy, Antonin Descampe, Thomas Richter, Alexandre Willeme, 2019-10-09, This document specifies a Real-Time Transport Protocol (RTP) payload format to be used for transporting JPEG XS (ISO/IEC 21122) encoded video. JPEG XS is a low-latency, lightweight image coding system. Compared to an uncompressed video use case, it allows higher resolutions and frame rates, while offering visually lossless quality, reduced power consumption, and end-to-end latency confined to a fraction of a frame. "RTP Payload for TTML Timed Text", James Sandford, 2019-11-19, This memo describes a Real-time Transport Protocol (RTP) payload format for TTML, an XML based timed text format for live and file based workflows from W3C. This payload format is specifically targeted at live workflows using TTML. Audio/Video Transport Extensions (avtext) ----------------------------------------- "The Layer Refresh Request (LRR) RTCP Feedback Message", Jonathan Lennox, Danny Hong, Justin Uberti, Stefan Holmer, Magnus Flodman, 2017-07-02, This memo describes the RTCP Payload-Specific Feedback Message "Layer Refresh Request" (LRR), which can be used to request a state refresh of one or more substreams of a layered media stream. It also defines its use with several RTP payloads for scalable media formats. "RTP Stream Identifier Source Description (SDES)", Adam Roach, Suhas Nandakumar, Peter Thatcher, 2016-10-06, This document defines and registers two new RTCP Stream Identifier Source Description (SDES) items. One, named RtpStreamId, is used for unique identification of RTP streams. The other, RepairedRtpStreamId, can be used to identify which stream a redundancy RTP stream is to be used to repair. Babel routing protocol (babel) ------------------------------ "Applicability of the Babel routing protocol", Juliusz Chroboczek, 2019-08-17, Babel is a routing protocol based on the distance-vector algorithm augmented with mechanisms for loop avoidance and starvation avoidance. This document describes a number of niches where Babel has been found to be useful and that are arguably not adequately served by more mature protocols. "The Babel Routing Protocol", Juliusz Chroboczek, David Schinazi, 2019-10-18, Babel is a loop-avoiding distance-vector routing protocol that is robust and efficient both in ordinary wired networks and in wireless mesh networks. This document describes the Babel routing protocol, and obsoletes RFCs 6126 and 7557. "Babel Information Model", Barbara Stark, Mahesh Jethanandani, 2019-10-09, This Babel Information Model provides structured data elements for a Babel implementation reporting its current state and may allow limited configuration of some such data elements. This information model can be used as a basis for creating data models under various data modeling regimes. "Source-Specific Routing in Babel", Matthieu Boutier, Juliusz Chroboczek, 2019-04-11, Source-specific routing (also known as Source-Address Dependent Routing, SADR) is an extension to traditional next-hop routing where packets are forwarded according to both their destination and their source address. This document describes an extension for source- specific routing to the Babel routing protocol. "Babel Routing Protocol over Datagram Transport Layer Security", Antonin Decimo, David Schinazi, Juliusz Chroboczek, 2019-08-13, The Babel Routing Protocol does not contain any means to authenticate neighbours or provide integrity or confidentiality for messages sent between them. This document specifies a mechanism to ensure these properties, using Datagram Transport Layer Security (DTLS). "MAC authentication for the Babel routing protocol", Clara Do, Weronika Kolodziejak, Juliusz Chroboczek, 2019-08-16, This document describes a cryptographic authentication mechanism for the Babel routing protocol that has provisions for replay avoidance. This document obsoletes RFC 7298. "YANG Data Model for Babel", Mahesh Jethanandani, Barbara Stark, 2019-10-18, This document defines a data model for the Babel routing protocol. The data model is defined using the YANG data modeling language. BGP Enabled ServiceS (bess) --------------------------- "BGP based Multi-homing in Virtual Private LAN Service", Bhupesh Kothari, Kireeti Kompella, Wim Henderickx, Florin Balus, Jim Uttaro, 2019-07-26, Virtual Private LAN Service (VPLS) is a Layer 2 Virtual Private Network (VPN) that gives its customers the appearance that their sites are connected via a Local Area Network (LAN). It is often required for the Service Provider (SP) to give the customer redundant connectivity to some sites, often called "multi-homing". This memo shows how BGP-based multi-homing can be offered in the context of LDP and BGP VPLS solutions. This document updates RFC 4761 by defining new flags in the Control Flags field of the Layer2 Info Extended Community. "Integrated Routing and Bridging in EVPN", Ali Sajassi, Samer Salam, Samir Thoria, John Drake, Jorge Rabadan, 2019-03-05, EVPN provides an extensible and flexible multi-homing VPN solution over an MPLS/IP network for intra-subnet connectivity among Tenant Systems and End Devices that can be physical or virtual. However, there are scenarios for which there is a need for a dynamic and efficient inter-subnet connectivity among these Tenant Systems and End Devices while maintaining the multi-homing capabilities of EVPN. This document describes an Integrated Routing and Bridging (IRB) solution based on EVPN to address such requirements. "Interconnect Solution for EVPN Overlay networks", Jorge Rabadan, Senthil Sathappan, Wim Henderickx, Ali Sajassi, John Drake, 2018-03-02, This document describes how Network Virtualization Overlays (NVO) can be connected to a Wide Area Network (WAN) in order to extend the layer-2 connectivity required for some tenants. The solution analyzes the interaction between NVO networks running Ethernet Virtual Private Networks (EVPN) and other L2VPN technologies used in the WAN, such as Virtual Private LAN Services (VPLS), VPLS extensions for Provider Backbone Bridging (PBB-VPLS), EVPN or PBB-EVPN. It also describes how the existing technical specifications apply to the Interconnection and extends the EVPN procedures needed in some cases. In particular, this document describes how EVPN routes are processed on Gateways (GWs) that interconnect EVPN-Overlay and EVPN-MPLS networks, as well as the Interconnect Ethernet Segment (I-ES) to provide multi-homing, and the use of the Unknown MAC route to avoid MAC scale issues on Data Center Network Virtualization Edge (NVE) devices. "IP Prefix Advertisement in EVPN", Jorge Rabadan, Wim Henderickx, John Drake, Wen Lin, Ali Sajassi, 2018-05-18, The BGP MPLS-based Ethernet VPN (EVPN) [RFC7432] mechanism provides a flexible control plane that allows intra-subnet connectivity in an MPLS and/or NVO (Network Virtualization Overlay) [RFC7365] network. In some networks, there is also a need for a dynamic and efficient inter-subnet connectivity across Tenant Systems and End Devices that can be physical or virtual and do not necessarily participate in dynamic routing protocols. This document defines a new EVPN route type for the advertisement of IP Prefixes and explains some use-case examples where this new route-type is used. "Multicast VPN fast upstream failover", Thomas Morin, Robert Kebler, Gregory Mirsky, 2019-08-29, This document defines multicast VPN extensions and procedures that allow fast failover for upstream failures, by allowing downstream PEs to take into account the status of Provider-Tunnels (P-tunnels) when selecting the upstream PE for a VPN multicast flow, and extending BGP MVPN routing so that a C-multicast route can be advertised toward a standby upstream PE. "Optimized Ingress Replication solution for EVPN", Jorge Rabadan, Senthil Sathappan, Wen Lin, Mukul Katiyar, Ali Sajassi, 2018-10-19, Network Virtualization Overlay (NVO) networks using EVPN as control plane may use Ingress Replication (IR) or PIM (Protocol Independent Multicast) based trees to convey the overlay BUM traffic. PIM provides an efficient solution to avoid sending multiple copies of the same packet over the same physical link, however it may not always be deployed in the NVO core network. IR avoids the dependency on PIM in the NVO network core. While IR provides a simple multicast transport, some NVO networks with demanding multicast applications require a more efficient solution without PIM in the core. This document describes a solution to optimize the efficiency of IR in NVO networks. "Operational Aspects of Proxy-ARP/ND in EVPN Networks", Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Greg Hankins, Thomas King, 2019-07-08, The EVPN MAC/IP Advertisement route can optionally carry IPv4 and IPv6 addresses associated with a MAC address. Remote PEs can use this information to reply locally (act as proxy) to IPv4 ARP requests and IPv6 Neighbor Solicitation messages (or 'unicast-forward' them to the owner of the MAC) and reduce/suppress the flooding produced by the Address Resolution procedure. This EVPN capability is extremely useful in Internet Exchange Points (IXPs) and Data Centers (DCs) with large broadcast domains, where the amount of ARP/ND flooded traffic causes issues on routers and CEs. This document describes how the EVPN Proxy-ARP/ND function may be implemented to help IXPs and other operators deal with the issues derived from Address Resolution in large broadcast domains. "YANG Data Model for MPLS-based L2VPN", Himanshu Shah, Patrice Brissette, Ing-Wher Chen, Iftekhar Hussain, Bin Wen, Kishore Tiruveedhula, 2019-07-02, This document describes a YANG data model for Layer 2 VPN (L2VPN) services over MPLS networks. These services include point-to-point Virtual Private Wire Service (VPWS) and multipoint Virtual Private LAN service (VPLS) that uses LDP and BGP signaled Pseudowires. It is expected that this model will be used by the management tools run by the network operators in order to manage and monitor the network resources that they use to deliver L2VPN services. This document also describes the YANG data model for the Pseudowires. The independent definition of the Pseudowires facilitates its use in Ethernet Segment and EVPN data models defined in separate document. "PBB-EVPN ISID-based CMAC-Flush", Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Masahiro Miyake, Taku Matsuda, 2019-07-26, Provider Backbone Bridging (PBB) can be combined with Ethernet VPN (EVPN) to deploy ELAN services in very large MPLS networks (PBB- EVPN). Single-Active Multi-homing and per-ISID Load-Balancing can be provided to access devices and aggregation networks. In order to speed up the network convergence in case of failures on Single-Active Multi-Homed Ethernet Segments, PBB-EVPN defines a CMAC-Flush mechanism that works for different Ethernet Segment BMAC address allocation models. This document complements those CMAC-Flush procedures for cases in which no PBB-EVPN Ethernet Segments are defined (ESI 0) and an ISID-based CMAC-Flush granularity is desired. "Updates on EVPN BUM Procedures", Zhaohui Zhang, Wen Lin, Jorge Rabadan, Keyur Patel, Ali Sajassi, 2019-11-18, This document specifies procedure updates for broadcast, unknown unicast, and multicast (BUM) traffic in Ethernet VPNs (EVPN), including selective multicast, and provider tunnel segmentation. This document updates RFC 7432. "BGP Control Plane for NSH SFC", Adrian Farrel, John Drake, Eric Rosen, Jim Uttaro, Luay Jalil, 2019-12-13, This document describes the use of BGP as a control plane for networks that support Service Function Chaining (SFC). The document introduces a new BGP address family called the SFC AFI/SAFI with two route types. One route type is originated by a node to advertise that it hosts a particular instance of a specified service function. This route type also provides "instructions" on how to send a packet to the hosting node in a way that indicates that the service function has to be applied to the packet. The other route type is used by a Controller to advertise the paths of "chains" of service functions, and to give a unique designator to each such path so that they can be used in conjunction with the Network Service Header defined in RFC 8300. This document adopts the SFC architecture described in RFC 7665. "IGMP and MLD Proxy for EVPN", Ali Sajassi, Samir Thoria, Keyur Patel, John Drake, Wen Lin, 2019-09-30, Ethernet Virtual Private Network (EVPN) solution is becoming pervasive in data center (DC) applications for Network Virtualization Overlay (NVO) and DC interconnect (DCI) services, and in service provider (SP) applications for next generation virtual private LAN services. This draft describes how to support efficiently endpoints running IGMP for the above services over an EVPN network by incorporating IGMP proxy procedures on EVPN PEs. "Preference-based EVPN DF Election", Jorge Rabadan, Senthil Sathappan, Tony Przygienda, Wen Lin, John Drake, Ali Sajassi, satyamoh@cisco.com, 2019-06-25, The Designated Forwarder (DF) in Ethernet Virtual Private Networks (EVPN) is defined as the PE responsible for sending Broadcast, Unknown unicast and Broadcast traffic (BUM) to a multi-homed device/network in the case of an all-active multi-homing Ethernet Segment (ES), or BUM and unicast in the case of single-active multi- homing. The DF is selected out of a candidate list of PEs that advertise the same Ethernet Segment Identifier (ESI) to the EVPN network, according to the Default DF Election algorithm. While the Default Algorithm provides an efficient and automated way of selecting the DF across different Ethernet Tags in the ES, there are some use-cases where a more 'deterministic' and user-controlled method is required. At the same time, Service Providers require an easy way to force an on-demand DF switchover in order to carry out some maintenance tasks on the existing DF or control whether a new active PE can preempt the existing DF PE. This document proposes an extension to the Default DF election procedures so that the above requirements can be met. "Propagation of ARP/ND Flags in EVPN", Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Wen Lin, 2019-07-03, An EVPN MAC/IP Advertisement route can optionally carry an IPv4 or IPv6 addresses associated with a MAC address. Remote PEs can use this information to reply locally (act as proxy) to IPv4 ARP requests and IPv6 Neighbor Solicitation messages and reduce/suppress the flooding produced by the Address Resolution procedure. The information conveyed in the MAC/IP route may not be enough for the remote PE to reply to local ARP or ND requests. For example, if a PE learns an IPv6->MAC ND entry via EVPN, the PE would not know if that particular IPv6->MAC pair belongs to a host, a router or a host with an anycast address, as this information is not carried in the MAC/IP route advertisements. Similarly, other information relevant to the IP->MAC ARP/ND entries may be needed. This document defines an extended community that is advertised along with an EVPN MAC/IP Advertisement route and carries information relevant to the ARP/ND resolution, so that an EVPN PE implementing a proxy-ARP/ND function can reply to ARP Requests or Neighbor Solicitations with the correct information. "Gateway Auto-Discovery and Route Advertisement for Segment Routing Enabled Domain Interconnection", Adrian Farrel, John Drake, Eric Rosen, Keyur Patel, Luay Jalil, 2019-08-21, Data centers are critical components of the infrastructure used by network operators to provide services to their customers. Data centers are attached to the Internet or a backbone network by gateway routers. One data center typically has more than one gateway for commercial, load balancing, and resiliency reasons. Segment Routing is a popular protocol mechanism for use within a data center, but also for steering traffic that flows between two data center sites. In order that one data center site may load balance the traffic it sends to another data center site, it needs to know the complete set of gateway routers at the remote data center, the points of connection from those gateways to the backbone network, and the connectivity across the backbone network. Segment Routing may also be operated in other domains, such as access networks. Those domains also need to be connected across backbone networks through gateways. This document defines a mechanism using the BGP Tunnel Encapsulation attribute to allow each gateway router to advertise the routes to the prefixes in the Segment Routing domains to which it provides access, and also to advertise on behalf of each other gateway to the same Segment Routing domain. "EVPN Optimized Inter-Subnet Multicast (OISM) Forwarding", Wen Lin, Zhaohui Zhang, John Drake, Eric Rosen, Jorge Rabadan, Ali Sajassi, 2019-10-28, Ethernet VPN (EVPN) provides a service that allows a single Local Area Network (LAN), comprising a single IP subnet, to be divided into multiple "segments". Each segment may be located at a different site, and the segments are interconnected by an IP or MPLS backbone. Intra-subnet traffic (either unicast or multicast) always appears to the endusers to be bridged, even when it is actually carried over the IP or MPLS backbone. When a single "tenant" owns multiple such LANs, EVPN also allows IP unicast traffic to be routed between those LANs. This document specifies new procedures that allow inter-subnet IP multicast traffic to be routed among the LANs of a given tenant, while still making intra-subnet IP multicast traffic appear to be bridged. These procedures can provide optimal routing of the inter- subnet multicast traffic, and do not require any such traffic to leave a given router and then reenter that same router. These procedures also accommodate IP multicast traffic that needs to travel to or from systems that are outside the EVPN domain. "MVPN and MSDP SA Interoperation", Zhaohui Zhang, Leonard Giuliano, 2019-10-16, This document specifies the procedures for interoperation between Multicast Virtual Private Network (MVPN) Source Active routes and customer Multicast Source Discovery Protocol (MSDP) Source Active routes, which is useful for MVPN provider networks offering services to customers with an existing MSDP infrastructure. Without the procedures described in this document, VPN-specific MSDP sessions are required among the PEs that are customer MSDP peers. This document updates RFC6514. "Per multicast flow Designated Forwarder Election for EVPN", Ali Sajassi, mankamana mishra, Samir Thoria, Jorge Rabadan, John Drake, 2019-11-16, [RFC7432] describes mechanism to elect designated forwarder (DF) at the granularity of (ESI, EVI) which is per VLAN (or per group of VLANs in case of VLAN bundle or VLAN-aware bundle service). However, the current level of granularity of per-VLAN is not adequate for some applications.[I-D.ietf-bess-evpn-df-election-framework] improves base line DF election by introducing HRW DF election. [I-D.ietf-bess-evpn-igmp-mld-proxy] introduces applicability of EVPN to Multicast flows, routes to sync them and a default DF election. This document is an extension to HRW base draft [I-D.ietf-bess-evpn-df-election-framework] and further enhances HRW algorithm for the Multicast flows to do DF election at the granularity of (ESI, VLAN, Mcast flow). "Weighted Multi-Path Procedures for EVPN All-Active Multi-Homing", Neeraj Malhotra, Ali Sajassi, Samir Thoria, Jorge Rabadan, John Drake, Avinash Lingala, 2019-11-02, In an EVPN-IRB based network overlay, EVPN all-active multi-homing enables multi-homing for a CE device connected to two or more PEs via a LAG bundle, such that bridged and routed traffic from remote PEs can be equally load balanced (ECMPed) across the multi-homing PEs. This document defines extensions to EVPN procedures to optimally handle unequal access bandwidth distribution across a set of multi- homing PEs in order to: o provide greater flexibility, with respect to adding or removing individual PE-CE links within the access LAG o handle PE-CE LAG member link failures that can result in unequal PE-CE access bandwidth across a set of multi-homing PEs "MVPN/EVPN Tunnel Aggregation with Common Labels", Zhaohui Zhang, Eric Rosen, Wen Lin, Zhenbin Li, IJsbrand Wijnands, 2019-10-24, The MVPN specifications allow a single Point-to-Multipoint (P2MP) tunnel to carry traffic of multiple VPNs. The EVPN specifications allow a single P2MP tunnel to carry traffic of multiple Broadcast Domains (BDs). These features require the ingress router of the P2MP tunnel to allocate an upstream-assigned MPLS label for each VPN or for each BD. A packet sent on a P2MP tunnel then carries the label that is mapped to its VPN or BD. (In some cases, a distinct upstream-assigned is needed for each flow.) Since each ingress router allocates labels independently, with no coordination among the ingress routers, the egress routers may need to keep track of a large number of labels. The number of labels may need to be as large (or larger) than the product of the number of ingress routers times the number of VPNs or BDs. However, the number of labels can be greatly reduced if the association between a label and a VPN or BD is made by provisioning, so that all ingress routers assign the same label to a particular VPN or BD. New procedures are needed in order to take advantage of such provisioned labels. These new procedures also apply to Multipoint-to-Multipoint (MP2MP) tunnels. This document updates RFCs 6514, 7432 and 7582 by specifying the necessary procedures. "Yang Data Model for Multicast in MPLS/BGP IP VPNs", Yisong Liu, Feng Guo, Stephane Litkowski, Xufeng Liu, Robert Kebler, Mahesh Sivakumar, 2019-12-02, This document defines a YANG data model that can be used to configure and manage multicast in MPLS/BGP IP VPNs. "EVPN Operations, Administration and Maintenance Requirements and Framework", Samer Salam, Ali Sajassi, Sam Aldrin, John Drake, Donald Eastlake, 2019-07-08, This document specifies the requirements and reference framework for Ethernet VPN (EVPN) Operations, Administration and Maintenance (OAM). The requirements cover the OAM aspects of EVPN and PBB-EVPN. The framework defines the layered OAM model encompassing the EVPN service layer, network layer and underlying Packet Switched Network (PSN) transport layer. "EVPN Interworking with IPVPN", Jorge Rabadan, Ali Sajassi, 2019-11-28, EVPN is used as a unified control plane for tenant network intra and inter-subnet forwarding. When a tenant network spans not only EVPN domains but also domains where IPVPN provides inter-subnet forwarding, there is a need to specify the interworking aspects between both EVPN and IPVPN domains, so that the end to end tenant connectivity can be accomplished. This document specifies how EVPN should interwork with VPN-IPv4/VPN-IPv6 and IPv4/IPv6 BGP families for inter-subnet forwarding. "Extended Mobility Procedures for EVPN-IRB", Neeraj Malhotra, Ali Sajassi, Aparna Pattekar, Avinash Lingala, Jorge Rabadan, John Drake, 2019-11-02, Procedure to handle host mobility in a layer 2 Network with EVPN control plane is defined as part of RFC 7432. EVPN has since evolved to find wider applicability across various IRB use cases that include distributing both MAC and IP reachability via a common EVPN control plane. MAC Mobility procedures defined in RFC 7432 are extensible to IRB use cases if a fixed 1:1 mapping between VM IP and MAC is assumed across VM moves. Generic mobility support for IP and MAC that allows these bindings to change across moves is required to support a broader set of EVPN IRB use cases, and requires further consideration. EVPN all-active multi-homing further introduces scenarios that require additional consideration from mobility perspective. This document enumerates a set of design considerations applicable to mobility across these EVPN IRB use cases and defines generic sequence number assignment procedures to address these IRB use cases. "EVPN control plane for Geneve", Sami Boutros, Ali Sajassi, John Drake, Jorge Rabadan, Sam Aldrin, 2019-08-07, This document describes how Ethernet VPN (EVPN) control plane can be used with Network Virtualization Overlay over Layer 3 (NVO3) Generic Network Virtualization Encapsulation (Geneve) encapsulation for NVO3 solutions. EVPN control plane can also be used by a Network Virtualization Endpoints (NVEs) to express Geneve tunnel option TLV(s)supported in transmission and/or reception of Geneve encapsulated data packets. "PBB-EVPN ISID-based CMAC-Flush", Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Masahiro Miyake, Taku Matsuda, 2019-10-15, Provider Backbone Bridging (PBB) can be combined with Ethernet VPN (EVPN) to deploy ELAN services in very large MPLS networks (PBB- EVPN). Single-Active Multi-homing and per-ISID Load-Balancing can be provided to access devices and aggregation networks. In order to speed up the network convergence in case of failures on Single-Active Multi-Homed Ethernet Segments, PBB-EVPN defines a CMAC-Flush mechanism that works for different Ethernet Segment BMAC address allocation models. This document complements those CMAC-Flush procedures for cases in which no PBB-EVPN Ethernet Segments are defined (ESI 0) and an ISID-based CMAC-Flush granularity is desired. "SRv6 BGP based Overlay services", Gaurav Dawra, Clarence Filsfils, Robert Raszuk, Bruno Decraene, Shunwan Zhuang, Jorge Rabadan, 2019-11-04, This draft defines procedures and messages for SRv6-based BGP services including L3VPN, EVPN and Internet services. It builds on RFC4364 "BGP/MPLS IP Virtual Private Networks (VPNs)" and RFC7432 "BGP MPLS-Based Ethernet VPN". "Seamless Multicast Interoperability between EVPN and MVPN PEs", Ali Sajassi, Kesavan Thiruvenkatasamy, Samir Thoria, Ashutosh Gupta, Luay Jalil, 2019-11-18, Ethernet Virtual Private Network (EVPN) solution is becoming pervasive for Network Virtualization Overlay (NVO) services in data center (DC) networks and as the next generation VPN services in service provider (SP) networks. As service providers transform their networks in their COs toward next generation data center with Software Defined Networking (SDN) based fabric and Network Function Virtualization (NFV), they want to be able to maintain their offered services including Multicast VPN (MVPN) service between their existing network and their new Service Provider Data Center (SPDC) network seamlessly without the use of gateway devices. They want to have such seamless interoperability between their new SPDCs and their existing networks for a) reducing cost, b) having optimum forwarding, and c) reducing provisioning. This document describes a unified solution based on RFCs 6513 & 6514 for seamless interoperability of Multicast VPN between EVPN and MVPN PEs. Furthermore, it describes how the proposed solution can be used as a routed multicast solution in data centers with only EVPN PEs. Binary Floor Control Protocol Bis (bfcpbis) ------------------------------------------- "The Binary Floor Control Protocol (BFCP)", Gonzalo Camarillo, Keith Drage, Tom Kristensen, Joerg Ott, Charles Eckel, 2015-11-13, Floor control is a means to manage joint or exclusive access to shared resources in a (multiparty) conferencing environment. Thereby, floor control complements other functions -- such as conference and media session setup, conference policy manipulation, and media control -- that are realized by other protocols. This document specifies the Binary Floor Control Protocol (BFCP). BFCP is used between floor participants and floor control servers, and between floor chairs (i.e., moderators) and floor control servers. This document obsoletes RFC 4582. Changes from RFC 4582 are summarized in Section 16. "Session Description Protocol (SDP) Format for Binary Floor Control Protocol (BFCP) Streams", Gonzalo Camarillo, Tom Kristensen, Christer Holmberg, 2018-12-08, This document defines the Session Description Protocol (SDP) offer/ answer procedures for negotiating and establishing Binary Floor Control Protocol (BFCP) streams. This document obsoletes RFC 4583. Changes from RFC 4583 are summarized in Section 14. "The WebSocket Protocol as a Transport for the Binary Floor Control Protocol (BFCP)", Victor Pascual, Anton Roman, Stephane Cazeaux, Gonzalo Salgueiro, Ram R, 2017-02-08, The WebSocket protocol enables two-way realtime communication between clients and servers. This document specifies the use of Binary Floor Control Protocol(BFCP) as a new WebSocket sub-protocol enabling a reliable transport mechanism between BFCP entities in new scenarios. Bidirectional Forwarding Detection (bfd) ---------------------------------------- "YANG Data Model for Bidirectional Forwarding Detection (BFD)", Reshad Rahman, Lianshu Zheng, Mahesh Jethanandani, Santosh Pallagatti, Gregory Mirsky, 2018-08-02, This document defines a YANG data model that can be used to configure and manage Bidirectional Forwarding Detection (BFD). The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). "Optimizing BFD Authentication", Mahesh Jethanandani, Ashesh Mishra, Ankur Saxena, Manav Bhatia, 2019-12-09, This document describes an optimization to BFD Authentication as described in Section 6.7 of BFD RFC5880. "BFD Stability", Ashesh Mishra, Mahesh Jethanandani, Ankur Saxena, Juniper Networks, Mach Chen, Peng Fan, 2019-08-26, This document describes extensions to the Bidirectional Forwarding Detection (BFD) protocol to measure BFD stability. Specifically, it describes a mechanism for detection of BFD frame loss. "Secure BFD Sequence Numbers", Mahesh Jethanandani, Sonal Agarwal, Ashesh Mishra, Ankur Saxena, Alan DeKok, 2019-08-26, This document describes a security enhancements for the BFD packet's sequence number. "BFD for VXLAN", Juniper Networks, Sudarsan Paragiri, Vengada Govindan, Mallik Mudigonda, Gregory Mirsky, 2019-11-29, This document describes the use of the Bidirectional Forwarding Detection (BFD) protocol in point-to-point Virtual eXtensible Local Area Network (VXLAN) tunnels forming up an overlay network. "BFD Encapsulated in Large Packets", Jeffrey Haas, Albert Fu, 2019-11-01, The Bidirectional Forwarding Detection (BFD) protocol is commonly used to verify connectivity between two systems. BFD packets are typically very small. It is desirable in some circumstances to know that not only is the path between two systems reachable, but also that it is capable of carrying a payload of a particular size. This document discusses thoughts on how to implement such a mechanism using BFD in Asynchronous mode. "Unsolicited BFD for Sessionless Applications", Enke Chen, Naiming Shen, Robert Raszuk, Reshad Rahman, 2019-06-28, For operational simplification of "sessionless" applications using BFD, in this document we present procedures for "unsolicited BFD" that allow a BFD session to be initiated by only one side, and be established without explicit per-session configuration or registration by the other side (subject to certain per-interface or per-router policies). Bit Indexed Explicit Replication (bier) --------------------------------------- "BIER Use Cases", Nagendra Kumar, Rajiv Asati, Mach Chen, Xiaohu Xu, Andrew Dolganow, Tony Przygienda, Arkadiy Gulko, Dom Robinson, Vishal Arya, Caitlin Bestler, 2019-08-04, Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast related per- flow state. BIER also does not require any explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. The BIER header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by setting the bits that correspond to those routers in the BIER header. This document describes some of the use cases for BIER. "BGP Extensions for BIER", Xiaohu Xu, Mach Chen, Keyur Patel, IJsbrand Wijnands, Tony Przygienda, 2019-09-06, Bit Index Explicit Replication (BIER) is a new multicast forwarding architecture which doesn't require an explicit tree-building protocol and doesn't require intermediate routers to maintain any multicast state. BIER is applicable in a multi-tenant data center network environment for efficient delivery of Broadcast, Unknown-unicast and Multicast (BUM) traffic while eliminating the need for maintaining a huge amount of multicast state in the underlay. This document describes BGP extensions for advertising the BIER-specific information. These extensions are applicable in those multi-tenant data centers where BGP instead of IGP is deployed as an underlay for network reachability advertisement. These extensions may also be applicable in other scenarios. "Operations, Administration and Maintenance (OAM) Requirements for Bit Index Explicit Replication (BIER) Layer", Gregory Mirsky, Erik Nordmark, Carlos Pignataro, Nagendra Kumar, Sam Aldrin, Lianshu Zheng, Mach Chen, Nobo Akiya, Santosh Pallagatti, 2019-08-27, This document describes a list of functional requirement toward Operations, Administration and Maintenance (OAM) toolset in Bit Index Explicit Replication (BIER) layer of a network. "Path Maximum Transmission Unit Discovery (PMTUD) for Bit Index Explicit Replication (BIER) Layer", Gregory Mirsky, Tony Przygienda, Andrew Dolganow, 2019-11-26, This document describes Path Maximum Transmission Unit Discovery (PMTUD) in Bit Indexed Explicit Replication (BIER) layer. "Performance Measurement (PM) with Marking Method in Bit Index Explicit Replication (BIER) Layer", Gregory Mirsky, Lianshu Zheng, Mach Chen, Giuseppe Fioccola, 2019-07-01, This document describes a hybrid performance measurement method for multicast service through a Bit Index Explicit Replication domain. "BIER Ping and Trace", Nagendra Kumar, Carlos Pignataro, Nobo Akiya, Lianshu Zheng, Mach Chen, Gregory Mirsky, 2019-10-31, Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast related per- flow state. BIER also does not require any explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. The BIER header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by setting the bits that correspond to those routers in the BIER header. This document describes the mechanism and basic BIER OAM packet format that can be used to perform failure detection and isolation on BIER data plane. "BGP Link-State extensions for BIER", Ran Chen, Zheng Zhang, Vengada Govindan, IJsbrand Wijnands, 2019-10-30, Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain any multicast related per- flow state. BIER also does not require any explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. The BIER header contains a bitstring in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by setting the bits that correspond to those routers in the BIER header. This document specifies extensions to the BGP Link-state address- family in order to advertise BIER information. "BIER Ingress Multicast Flow Overlay using Multicast Listener Discovery Protocols", Pierre Pfister, IJsbrand Wijnands, Stig Venaas, Cui(Linda) Wang, Zheng Zhang, Markus Stenberg, 2019-11-04, This document specifies the ingress part of a multicast flow overlay for BIER networks. Using existing multicast listener discovery protocols, it enables multicast membership information sharing from egress routers, acting as listeners, toward ingress routers, acting as queriers. Ingress routers keep per-egress-router state, used to construct the BIER bit mask associated with IP multicast packets entering the BIER domain. "EVPN BUM Using BIER", Zhaohui Zhang, Tony Przygienda, Ali Sajassi, Jorge Rabadan, 2019-11-04, This document specifies protocols and procedures for forwarding broadcast, unknown unicast and multicast (BUM) traffic of Ethernet VPNs (EVPN) using Bit Index Explicit Replication (BIER). "Traffic Engineering for Bit Index Explicit Replication (BIER-TE)", Toerless Eckert, Gregory Cauchie, Michael Menth, 2019-11-01, This memo introduces per-packet stateless strict and loose path engineered replication and forwarding for Bit Index Explicit Replication packets ([RFC8279]). This is called BIER-TE. BIER-TE leverages the BIER architecture ([RFC8279]) and extends it with a new semantic for bits in the bitstring. BIER-TE can leverage BIER forwarding engines with little or no changes. In BIER, the BitPositions (BP) of the packets bitstring indicate BIER Forwarding Egress Routers (BFER), and hop-by-hop forwarding uses a Routing Underlay such as an IGP. In BIER-TE, BitPositions indicate adjacencies. The BIFT of each BFR are only populated with BPs that are adjacent to the BFR in the BIER- TE topology. The BIER-TE topology can consist of layer 2 or remote (route) adjacencies. The BFR then replicates and forwards BIER packets to those adjacencies. This results in the aforementioned strict and loose path forwarding. BIER-TE can co-exist with BIER forwarding in the same domain, for example by using separate sub-domains. In the absence of routed adjacencies, BIER-TE does not require a BIER routing underlay, and can then be operated without requiring an IGP routing protocol. BIER-TE operates without explicit in-network tree-building and carries the multicast distribution tree in the packet header. It can therefore be a good fit to support multicast path steering in Segment Routing (SR) networks. "PIM Signaling Through BIER Core", Hooman Bidgoli, Jayant Kotalwar, Fengman Xu, mankamana mishra, Zhaohui Zhang, Andrew Dolganow, 2019-11-01, Bit Index Explicit Replication (BIER) is an architecture that provides multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast related per-flow state. Neither does BIER require an explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. Such header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by the according set of bits switched on in BIER packet header. This document describes the procedure needed for PIM Joins and Prunes to be signaled through a BIER core. Allowing PIM routers to run traditional PIM multicast services through a BIER core. "BIER Underlay Path Calculation Algorithm and Constraints", Zhaohui Zhang, Tony Przygienda, Andrew Dolganow, Hooman Bidgoli, IJsbrand Wijnands, Arkadiy Gulko, 2019-11-04, This document specifies general rules for interaction between the BAR (BIER Algorithm) and IPA (IGP Algorithm) fields defined in ISIS/ OSPFv2 Extensions for BIER. The semantics for the BAR and IPA fields (when both or any of them is non-zero) defined in this document updates the semantics defined in RFC8444/RFC8401. "An Optional Encoding of the BIFT-id Field in the non-MPLS BIER Encapsulation", IJsbrand Wijnands, Xiaohu Xu, Hooman Bidgoli, 2019-08-09, Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "multicast domain", without requiring intermediate routers to maintain any per-flow state or to engage in an explicit tree-building protocol. The Multicast packet is encapsulated using a BIER Header and transported through an MPLS or non-MPLS network. When MPLS is used as the transport, the Bit Indexed Forwarding Table (BIFT) is identified by a MPLS Label. When non-MPLS transport is used, the BIFT is identified by a 20bit value. This document describes one way of encoding the 20bit value. "Use of BIER Entropy for Data Center Clos Networks", Jingrong Xie, Xiaohu Xu, Gang Yan, Mike McBride, 2019-11-03, Bit Index Explicit Replication (BIER) introduces a new multicast- specific BIER Header. BIER can be applied to the Multi Protocol Label Switching (MPLS) data plane or Non-MPLS data plane. Entropy is a technique used in BIER to support load-balancing. This document examines and describes how BIER Entropy is to be applied to Data Center Clos networks for path selection. "BIER Penultimate Hop Popping", Zhaohui Zhang, 2019-10-31, Bit Index Explicit Replication (BIER) can be used as provider tunnel for Multicast Virtual Private Network (MVPN) [RFC6514], Global Table Multicast [RFC7716] or Ethernet Virtual Private Network (EVPN) [RFC7432]. It is possible that not all routers in the provider network support BIER and there are various methods to handle BIER incapable transit routers. However those methods assume the MVPN/ EVPN Provider Edges (PEs) are BIER capable. This document specifies a method to allow BIER incapable routers to act as MVPN/EVPN PEs with BIER as the transport, by having the upstream BIER Forwarding Router (BFR) that is connected directly or indirectly via a tunnel to a BIER incapable PE remove the BIER header and send the payload to the PE. "Applicability of BIER Multicast Overlay for Adaptive Streaming Services", Dirk Trossen, Akbar Rahman, Chonggang Wang, Toerless Eckert, 2019-12-04, HTTP Level multicast, using BIER, is described as a use case in the BIER Use Cases document. HTTP Level Multicast is used in today's video streaming and delivery services such as HLS, AR/VR etc., generally realized over IP Multicast as well as other use cases such as software update delivery. A realization of "HTTP Multicast" over "IP Multicast" is described for the video delivery use case. IP multicast is commonly used for IPTV services. DVB and BBF is also developing a reference architecture for IP Multicast service. A few problems with IP Multicast, such as waste of transmission bandwidth, increase in signaling when there are few users are described. Realization over BIER, through a BIER Multicast Overlay Layer, is described as an alternative. How BIER Multicast Overlay operation improves over IP Multicast, such as reduction in signaling, dynamic creation of multicast groups to reduce signaling and bandwidth wastage is described. We conclude with few next steps. "OSPFv3 Extensions for BIER", Peter Psenak, Nagendra Kumar, IJsbrand Wijnands, 2019-11-24, Bit Index Explicit Replication (BIER) is an architecture that provides multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast related per-flow state. Neither does BIER require an explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. Such header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by the according set of bits set in BIER packet header. This document describes the OSPFv3 [RFC8362] protocol extensions required for BIER with MPLS encapsulation [RFC8296]. Support for other encapsulation types is outside the scope of this document. The use of multiple encapsulation types is outside the scope of this document. "BIER IPv6 Requirements", Mike McBride, Jingrong Xie, Senthil Dhanaraj, Rajiv Asati, 2019-11-02, The BIER WG includes, in its charter, work on developing mechanisms to transport BIER natively in IPv6. This document is intended to help the WG with this effort by specifying requirements for transporting packets, with Bit Index Explicit Replication (BIER) headers, in an IPv6 environment. There will be a need to send IPv6 payloads, to multiple IPv6 destinations, using BIER. There have been several proposed solutions in this area. But there hasn't been a document which describes the problem and lists the requirements. The goal of this document is to describe the BIER IPv6 requirements, summarize the proposed solutions, and guide the working group in understanding the benefits, and drawbacks, of the various solutions and to help in the development of acceptable solutions. "LSR Extensions for BIER over Ethernet", Senthil Dhanaraj, IJsbrand Wijnands, Peter Psenak, Zhaohui Zhang, Gang Yan, Jingrong Xie, 2019-07-08, Bit Index Explicit Replication (BIER) is an architecture that provides multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast related per-flow state. BIER can be supported in MPLS and non-MPLS networks. This document specifies the required extensions to the IS-IS, OSPFv2 and OSPFv3 protocols for supporting BIER in non-MPLS networks using BIER in Ethernet encapsulation. Benchmarking Methodology (bmwg) ------------------------------- "Benchmarking Methodology for EVPN and PBB-EVPN", sudhin jacob, Kishore Tiruveedhula, 2019-08-21, This document defines methodologies for benchmarking EVPN and PBB- EVPN performance. EVPN is defined in RFC 7432, and is being deployed in Service Provider networks. Specifically this document defines the methodologies for benchmarking EVPN/PBB-EVPN convergence, data plane performance, and control plane performance. "Benchmarking Methodology for Network Security Device Performance", Balamuhunthan Balarajah, Carsten Rossenhoevel, bmonkman, 2019-11-19, This document provides benchmarking terminology and methodology for next-generation network security devices including next-generation firewalls (NGFW), intrusion detection and prevention solutions (IDS/ IPS) and unified threat management (UTM) implementations. This document aims to strongly improve the applicability, reproducibility, and transparency of benchmarks and to align the test methodology with today's increasingly complex layer 7 application use cases. The main areas covered in this document are test terminology, traffic profiles and benchmarking methodology for NGFWs to start with. "Updates for the Back-to-back Frame Benchmark in RFC 2544", Alfred Morton, 2019-11-18, Fundamental Benchmarking Methodologies for Network Interconnect Devices of interest to the IETF are defined in RFC 2544. This memo updates the procedures of the test to measure the Back-to-back frames Benchmark of RFC 2544, based on further experience. This memo updates Section 26.4 of RFC 2544. Calendaring Extensions (calext) ------------------------------- "Event Publishing Extensions to iCalendar", Michael Douglass, 2019-10-08, This specification updates RFC5545 by introducing a number of new iCalendar properties and components which are of particular use for event publishers and in social networking. This specification also defines a new STRUCTURED-DATA property for iCalendar RFC5545 to allow for data that is directly pertinent to an event or task to be included with the calendar data. "JSCalendar: A JSON representation of calendar data", Neil Jenkins, Robert Stepanek, 2019-12-04, This specification defines a data model and JSON representation of calendar data that can be used for storage and data exchange in a calendaring and scheduling environment. It aims to be an alternative, and over time successor to, the widely deployed iCalendar data format and to be unambiguous, extendable and simple to process. In contrast to the JSON-based jCal format, it is not a direct mapping from iCalendar and expands semantics where appropriate. "JSCalendar: Converting from and to iCalendar", Neil Jenkins, Robert Stepanek, 2019-06-29, This document provides an informational guideline for converting JSCalendar from and to iCalendar. "Calendar subscription upgrades", Michael Douglass, 2019-11-03, This specification introduces an approach to allow subscribers to calendar feeds to upgrade to a more performant protocol. This specification updates [RFC5545] to add the value DELETED to the STATUS property. This specification also updates [RFC7240] to add the subscribe- enhanced-get and limit preferences. "Support for Series in iCalendar", Michael Douglass, 2019-10-30, This specification updates [RFC5545] by defining a new repeating set of events known as a series. This differs from recurrences in that each instance is a separate entity with a parent relationship to a specified template entity. "VPOLL: Consensus Scheduling Component for iCalendar", Eric York, Cyrus Daboo, Michael Douglass, 2019-11-21, This specification introduces a new iCalendar component which allows for consensus scheduling, that is, voting on a number of alternative meeting or task alternatives. Captive Portal Interaction (capport) ------------------------------------ "CAPPORT Architecture", Kyle Larose, David Dolson, 2019-06-29, This document aims to document consensus on the CAPPORT architecture. DHCP or Router Advertisements, an optional signaling protocol, and an HTTP API are used to provide the solution. The role of Provisioning Domains (PvDs) is described. "Captive Portal API", Tommy Pauly, Darshak Thakore, 2019-07-06, This document describes an HTTP API that allows clients to interact with a Captive Portal system. "Captive-Portal Identification in DHCP / RA", Warren Kumari, Erik Kline, 2019-07-02, In many environments offering short-term or temporary Internet access (such as coffee shops), it is common to start new connections in a captive portal mode. This highly restricts what the customer can do until the customer has authenticated. This document describes a DHCP option (and a Router Advertisement (RA) extension) to inform clients that they are behind some sort of captive-portal device, and that they will need to authenticate to get Internet access. It is not a full solution to address all of the issues that clients may have with captive portals; it is designed to be used in larger solutions. The method of authenticating to, and interacting with the captive portal is out of scope of this document. [ This document is being collaborated on in Github at: https://github.com/wkumari/draft-ekwk-capport-rfc7710bis. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. Text in square brackets will be removed before publication. ] Concise Binary Object Representation Maintenance and Extensions (cbor) ---------------------------------------------------------------------- "Concise Binary Object Representation (CBOR)", Carsten Bormann, Paul Hoffman, 2019-11-04, The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. These design goals make it different from earlier binary serializations such as ASN.1 and MessagePack. This document is a revised edition of RFC 7049, with editorial improvements, added detail, and fixed errata. This revision formally obsoletes RFC 7049, while keeping full compatibility of the interchange format from RFC 7049. It does not create a new version of the format. "Concise Binary Object Representation (CBOR) Tags for Typed Arrays", Carsten Bormann, 2019-10-08, The Concise Binary Object Representation (CBOR, RFC 7049) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation. The present document makes use of this extensibility to define a number of CBOR tags for typed arrays of numeric data, as well as two additional tags for multi-dimensional and homogeneous arrays. It is intended as the reference document for the IANA registration of the CBOR tags defined. "Concise Binary Object Representation (CBOR) Sequences", Carsten Bormann, 2019-09-25, This document describes the Concise Binary Object Representation (CBOR) Sequence format and associated media type "application/cbor- seq". A CBOR Sequence consists of any number of encoded CBOR data items, simply concatenated in sequence. Structured syntax suffixes for media types allow other media types to build on them and make it explicit that they are built on an existing media type as their foundation. This specification defines and registers "+cbor-seq" as a structured syntax suffix for CBOR Sequences. Common Control and Measurement Plane (ccamp) -------------------------------------------- "Information Model for Wavelength Switched Optical Networks (WSONs) with Impairments Validation", Giovanni Martinelli, Haomian Zheng, Gabriele Galimberti, Young Lee, Fatai Zhang, 2019-09-08, This document defines an information model to support Impairment- Aware (IA) Routing and Wavelength Assignment (RWA) functionality. This information model extends the information model for impairment- free RWA process in WSON to facilitate computation of paths where optical impairment constraints need to considered. "A framework for Management and Control of DWDM optical interface parameters", Ruediger Kunze, Gert Grammel, Dieter Beller, Gabriele Galimberti, Julien Meuric, 2019-07-24, The control and management of DWDM interfaces are a precondition for enhanced multilayer networking. They are needed to ensure an efficient data transport, to meet the requirements requested by today's IP-services and to provide a further automation of network provisioning and operations. This document describes use cases, requirements and solutions for the control and management of optical interface parameters according to different types of single channel DWDM interfaces. The focus is on automating the network provisioning process irrespective on how it is triggered i.e. by Element Manager System (EMS), Network Management System (NMS) or Generalized Multi Protocol Label Switching (GMPLS). This document covers management and control considerations in different scenarios of single channel DWDM interfaces. The purpose is to identify the necessary information and processes to be used by control or management systems to properly and efficiently drive the network. "A YANG Data Model for WSON (Wavelength Switched Optical Networks)", Haomian Zheng, Young Lee, Aihua Guo, Victor Lopezalvarez, Daniel King, 2019-11-04, This document provides a YANG data model for the routing and wavelength assignment (RWA) TE topology in wavelength switched optical networks (WSONs). The YANG data model defined in this document conforms to the Network Management Datastore Architecture (NMDA). "A YANG Data Model for Optical Transport Network Topology", Haomian Zheng, Italo Busi, Xufeng Liu, Sergio Belotti, Oscar de Dios, 2019-11-02, This document describes a YANG data model to describe the topologies of an Optical Transport Network (OTN). It is independent of control plane protocols and captures topological and resource related information pertaining to OTN. This model enables clients, which interact with a transport domain controller, for OTN topology related operations such as obtaining the relevant topology resource information. "OTN Tunnel YANG Model", Haomian Zheng, Italo Busi, Sergio Belotti, Victor Lopezalvarez, Yunbin Xu, 2019-11-02, This document describes the YANG data model for OTN Tunnels. "YANG data model for Flexi-Grid Optical Networks", Universidad de Madrid, Daniel Perdices, Victor Lopezalvarez, Daniel King, Young Lee, 2019-07-07, This document defines a YANG model for managing flexi-grid optical Networks. The model described in this document defines a flexi-grid traffic engineering database. A complementary module is referenced to detail the flexi-grid media channels. This module is grounded on other defined YANG abstract models. "A Yang Data Model for WSON Tunnel", Young Lee, Haomian Zheng, Aihua Guo, Victor Lopezalvarez, Daniel King, Bin-Yeong Yoon, Ricard Vilata, 2019-09-11, This document provides a YANG data model for WSON TE tunnel. "Transport Northbound Interface Applicability Statement", Italo Busi, Daniel King, Haomian Zheng, Yunbin Xu, 2019-11-19, This document provides an analysis of the applicability of the YANG models defined by the IETF (Traffic Engineering Architecture and Signaling (TEAS) moreover, Common Control and Measurement Plane (CCAMP) WGs in particular) to support ODU transit services, Transparent client services and EPL/EVPL Ethernet services over OTN single and multi-domain network scenarios. This document also describes how existing YANG models can be used through a number of worked examples and JSON fragments. "A YANG Data Model for L1 Connectivity Service Model (L1CSM)", Young Lee, Kwang-koog Lee, Haomian Zheng, Dhruv Dhody, Oscar de Dios, Daniele Ceccarelli, 2019-09-09, This document provides a YANG data model for Layer 1 Connectivity Service Model (L1CSM). The intent of this document is to provide a Layer 1 service model exploiting YANG data model, which can be utilized by a customer network controller to initiate a service request connectivity as well as retrieving service states toward a Layer 1 network controller communicating with its customer network controller. This YANG model is NMDA-compliant. "Applicability of GMPLS for B100G Optical Transport Network", Qilei Wang, Radha Valiveti, Haomian Zheng, Huub van Helvoort, Sergio Belotti, 2019-07-07, This document examines the applicability of using current existing GMPLS routing and signaling to set up ODUk/ODUflex over ODUCn link, as a result of the support of OTU/ODU links with rates larger than 100G in the 2016 version of G.709. "Extension to the Link Management Protocol (LMP/DWDM -rfc4209) for Dense Wavelength Division Multiplexing (DWDM) Optical Line Systems to manage the application code of optical interface parameters in DWDM application", Dharini Hiremagalur, Gert Grammel, Gabriele Galimberti, Ruediger Kunze, Dieter Beller, 2019-11-04, This memo defines extensions to LMP(rfc4209) for managing Optical parameters associated with Wavelength Division Multiplexing (WDM) systems in accordance with the Interface Application Identifier approach defined in ITU-T Recommendation G.694.1.[ITU-T.G694.1] and its extensions. "A YANG model to manage the optical interface parameters for an external transponder in a WDM network", Gabriele Galimberti, Ruediger Kunze, Dharini Hiremagalur, Gert Grammel, 2019-11-04, This memo defines a Yang model related to the Optical Transceiver parameters characterising coherent 100G and above interfaces. 100G and above Transceivers support coherent modulation, multiple modulation formats, multiple FEC codes including some not yet specified (or by in phase of specification by) ITU-T G.698.2 [ITU.G698.2] or any other ITU-T recommendation. More context about the state of the Coherent transceivers is described in draft-many- coherent-DWDM-if-control. Use cases are described in RFC7698. The Yang model defined in this memo can be used for Optical Parameters monitoring and/or configuration of the endpoints of a multi-vendor IaDI optical link. The use of this model does not guarantee interworking of transceivers over a DWDM. Optical path feasibility and interoperability has to be determined by means outside the scope of this document. The purpose of this model is to program interface parameters to consistently configure the mode of operation of transceivers. "A Yang Data Model for Optical Impairment-aware Topology", Young Lee, Victor Lopezalvarez, Gabriele Galimberti, Luc Auge, Dieter Beller, 2019-11-04, In order to provision an optical connection through optical networks, a combination of path continuity, resource availability, and impairment constraints must be met to determine viable and optimal paths through the network. The determination of appropriate paths is known as Impairment-Aware Routing and Wavelength Assignment (IA-RWA) for WSON, while it is known as Impairment-Aware Routing and Spectrum Assigment (IA-RSA) for SSON. This document provides a YANG data model for the impairment-aware TE topology in optical networks. "A YANG Data Model for Layer 0 Types", Haomian Zheng, Young Lee, Aihua Guo, Victor Lopezalvarez, Daniel King, 2019-11-28, This document defines a collection of common data types and groupings in the YANG data modeling language. These derived common types and groupings are intended to be imported by modules that model Layer 0 optical Traffic Engineering (TE) configuration and state capabilities such as Wavelength Switched Optical Networks (WSONs) and Flexi-grid Dense Wavelength Division Multiplexing (DWDM) Networks. "A YANG Data Model for Transport Network Client Signals", Haomian Zheng, Aihua Guo, Italo Busi, Anton Snitser, Francesco Lazzeri, Yunbin Xu, Yang Zhao, Xufeng Liu, Giuseppe Fioccola, 2019-11-03, A transport network is a server-layer network to provide connectivity services to its client. The topology and tunnel information in the transport layer has already been defined by generic Traffic- engineered models and technology-specific models (e.g., OTN, WSON). However, how the client signals are accessing to the network has not been described. These information is necessary to both client and provider. This draft describes how the client signals are carried over transport network and defines YANG data models which are required during configuration procedure. More specifically, several client signal (of transport network) models including ETH, STM-n, FC and so on, are defined in this draft. "A YANG Data Model for Layer 1 Types", Haomian Zheng, Italo Busi, 2019-12-05, This document defines a collection of common data types and groupings in YANG data modeling language for layer 1 networks. These derived common types and groupings are intended to be imported by modules that specifies the OTN networks, including the topology, tunnel, client signal adaptation and service. Content Delivery Networks Interconnection (cdni) ------------------------------------------------ "URI Signing for CDN Interconnection (CDNI)", Ray van Brandenburg, Kent Leung, Phil Sorber, 2019-10-08, This document describes how the concept of URI signing supports the content access control requirements of CDNI and proposes a URI signing method as a JSON Web Token (JWT) profile. The proposed URI signing method specifies the information needed to be included in the URI to transmit the signed JWT, as well as the claims needed by the signed JWT to authorize a UA. The mechanism described can be used both in CDNI and single CDN scenarios. "CDNI Request Routing Extensions", Ori Finkelman, Sanjay Mishra, 2019-11-20, Open Caching architecture is a use case of Content Delivery Networks Interconnection (CDNI) in which the commercial Content Delivery Network (CDN) is the upstream CDN (uCDN) and the ISP caching layer serves as the downstream CDN (dCDN). The extensions specified in this document to the CDNI Metadata Interface (MI) and the Footprint and Capabilities Interface (FCI) are derived from requirements raised by Open Caching but are also applicable to CDNI use cases in general. "CDNI extensions for HTTPS delegation", Frederic Fieau, Stephan Emile, Sanjay Mishra, 2019-11-04, The delivery of content over HTTPS involving multiple CDNs raises credential management issues. This document proposes extensions in CDNI Control and Metadata interfaces to setup HTTPS delegation from an Upstream CDN (uCDN) to a Downstream CDN (dCDN). "CDNI Control Triggers Interface Extensions", Ori Finkelman, Sanjay Mishra, 2019-09-24, This document updates RFC 8007 to include generic extensions and more granular content matching options, required by the Open Caching architecture. The Open Caching working group of the Streaming Video Alliance is focused on the delegation of video delivery request from commercial CDNs to a caching layer at the ISP. In that aspect, Open Caching is a specific use case of CDNI, where the commercial CDN is the upstream CDN (uCDN) and the ISP caching layer is the downstream CDN (dCDN). The extensions specified in this document to the CDNI Control Interface / Triggers are derived from requirements of Open Caching but are applicable to CDNI use cases in general. Codec Encoding for LossLess Archiving and Realtime transmission (cellar) ------------------------------------------------------------------------ "Extensible Binary Meta Language", Steve Lhomme, Dave Rice, Moritz Bunkus, 2019-12-01, This document defines the Extensible Binary Meta Language (EBML) format as a generalized file format for any type of data in a hierarchical form. EBML is designed as a binary equivalent to XML and uses a storage-efficient approach to build nested Elements with identifiers, lengths, and values. Similar to how an XML Schema defines the structure and semantics of an XML Document, this document defines how EBML Schemas are created to convey the semantics of an EBML Document. "FFV1 Video Coding Format Version 0, 1, and 3", Michael Niedermayer, Dave Rice, Jerome Martinez, 2019-10-23, This document defines FFV1, a lossless intra-frame video encoding format. FFV1 is designed to efficiently compress video data in a variety of pixel formats. Compared to uncompressed video, FFV1 offers storage compression, frame fixity, and self-description, which makes FFV1 useful as a preservation or intermediate video format. "FFV1 Video Coding Format Version 4", Michael Niedermayer, Dave Rice, Jerome Martinez, 2019-10-23, This document defines FFV1, a lossless intra-frame video encoding format. FFV1 is designed to efficiently compress video data in a variety of pixel formats. Compared to uncompressed video, FFV1 offers storage compression, frame fixity, and self-description, which makes FFV1 useful as a preservation or intermediate video format. "Matroska Specifications", Steve Lhomme, Moritz Bunkus, Dave Rice, 2019-10-27, This document defines the Matroska audiovisual container, including definitions of its structural elements, as well as its terminology, vocabulary, and application. "Matroska Codec", Steve Lhomme, Moritz Bunkus, Dave Rice, 2019-10-27, This document defines the Matroska codec mappings, including the codec ID, layout of data in a "Block Element" and in an optional "CodecPrivate Element". "Matroska Tags", Steve Lhomme, Moritz Bunkus, Dave Rice, 2019-10-27, This document defines the Matroska tags, namely the tag names and their respective semantic meaning. "Free Lossless Audio Codec", Josh Coalson, , Andrew Weaver, 2019-07-30, This document defines FLAC, which stands for Free Lossless Audio Codec, a free, open source codec for lossless audio compression and decompression. Crypto Forum (cfrg) ------------------- "SPAKE2, a PAKE", Watson Ladd, Benjamin Kaduk, 2019-10-03, This document describes SPAKE2 which is a protocol for two parties that share a password to derive a strong shared key with no risk of disclosing the password. This method is compatible with any group, is computationally efficient, and SPAKE2 has a security proof. "The memory-hard Argon2 password hash and proof-of-work function", Alex Biryukov, Daniel Dinu, Dmitry Khovratovich, Simon Josefsson, 2019-11-21, This document describes the Argon2 memory-hard function for password hashing and proof-of-work applications. We provide an implementer- oriented description with test vectors. The purpose is to simplify adoption of Argon2 for Internet protocols. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF. "The Transition from Classical to Post-Quantum Cryptography", Paul Hoffman, 2019-11-25, Quantum computing is the study of computers that use quantum features in calculations. For over 20 years, it has been known that if very large, specialized quantum computers could be built, they could have a devastating effect on asymmetric classical cryptographic algorithms such as RSA and elliptic curve signatures and key exchange, as well as (but in smaller scale) on symmetric cryptographic algorithms such as block ciphers, MACs, and hash functions. There has already been a great deal of study on how to create algorithms that will resist large, specialized quantum computers, but so far, the properties of those algorithms make them onerous to adopt before they are needed. Small quantum computers are being built today, but it is still far from clear when large, specialized quantum computers will be built that can recover private or secret keys in classical algorithms at the key sizes commonly used today. It is important to be able to predict when large, specialized quantum computers usable for cryptanalysis will be possible so that organization can change to post-quantum cryptographic algorithms well before they are needed. This document describes quantum computing, how it might be used to attack classical cryptographic algorithms, and possibly how to predict when large, specialized quantum computers will become feasible. "Verifiable Random Functions (VRFs)", Sharon Goldberg, Leonid Reyzin, Dimitrios Papadopoulos, Jan Vcelak, 2019-08-11, A Verifiable Random Function (VRF) is the public-key version of a keyed cryptographic hash. Only the holder of the private key can compute the hash, but anyone with public key can verify the correctness of the hash. VRFs are useful for preventing enumeration of hash-based data structures. This document specifies several VRF constructions that are secure in the cryptographic random oracle model. One VRF uses RSA and the other VRF uses Eliptic Curves (EC). "Randomness Improvements for Security Protocols", Cas Cremers, Luke Garratt, Stanislav Smyshlyaev, Nick Sullivan, Christopher Wood, 2019-11-02, Randomness is a crucial ingredient for TLS and related security protocols. Weak or predictable "cryptographically-strong" pseudorandom number generators (CSPRNGs) can be abused or exploited for malicious purposes. The Dual EC random number backdoor and Debian bugs are relevant examples of this problem. An initial entropy source that seeds a CSPRNG might be weak or broken as well, which can also lead to critical and systemic security problems. This document describes a way for security protocol participants to augment their CSPRNGs using long-term private keys. This improves randomness from broken or otherwise subverted CSPRNGs. "Hashing to Elliptic Curves", Armando Faz-Hernandez, Sam Scott, Nick Sullivan, Riad Wahby, Christopher Wood, 2019-11-02, This document specifies a number of algorithms that may be used to encode or hash an arbitrary string to a point on an elliptic curve. "XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305", Scott Arciszewski, 2019-07-22, The eXtended-nonce ChaCha cipher construction (XChaCha) allows for ChaCha-based ciphersuites to accept a 192-bit nonce with similar guarantees to the original construction, except with a much lower probability of nonce misuse occurring. This helps for long running TLS connections. This also enables XChaCha constructions to be stateless, while retaining the same security assumptions as ChaCha. This document defines XChaCha20, which uses HChaCha20 to convert the key and part of the nonce into a subkey, which is in turn used with the remainder of the nonce with ChaCha20 to generate a pseudorandom keystream (e.g. for message encryption). This document also defines AEAD_XChaCha20_Poly1305, a variant of [RFC7539] that utilizes the XChaCha20 construction in place of ChaCha20. "Hybrid Public Key Encryption", Richard Barnes, Karthikeyan Bhargavan, 2019-11-04, This document describes a scheme for hybrid public-key encryption (HPKE). This scheme provides authenticated public key encryption of arbitrary-sized plaintexts for a recipient public key. HPKE works for any combination of an asymmetric key encapsulation mechanism (KEM), key derivation function (KDF), and authenticated encryption with additional data (AEAD) encryption function. We provide instantiations of the scheme using widely-used and efficient primitives. "Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups", Alex Davidson, Nick Sullivan, Christopher Wood, 2019-11-04, An Oblivious Pseudorandom Function (OPRF) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input. The 'obliviousness' property ensures that the server does not learn anything about the client's input during the evaluation. The client should also not learn anything about the server's secret PRF key. Optionally, OPRFs can also satisfy a notion 'verifiability' (VOPRF). In this setting, the client can verify that the server's output is indeed the result of evaluating the underlying PRF with just a public key. This document specifies OPRF and VOPRF constructions instantiated within prime-order groups, including elliptic curves. "KangarooTwelve", Benoit Viguier, Giles Van Assche, Quynh Dang, Joan Daemen, 2019-08-06, This document defines the KangarooTwelve eXtendable Output Function (XOF), a hash function with output of arbitrary length. It provides an efficient and secure hashing primitive, which is able to exploit the parallelism of the implementation in a scalable way. It uses tree hashing over a round-reduced version of SHAKE128 as underlying primitive. This document builds up on the definitions of the permutations and of the sponge construction in [FIPS 202], and is meant to serve as a stable reference and an implementation guide. "draft-irtf-cfrg-bls-signature-00.txt", Dan Boneh, Riad Wahby, Sergey Gorbunov, Hoeteck Wee, Zhenfei Zhang, 2019-08-12, BLS is a digital signature scheme with compression properties. With a given set of signatures (signature_1, ..., signature_n) anyone can produce a compressed signature signature_compressed. The same is true for a set of secret keys or public keys, while keeping the connection between sets (i.e., a compressed public key is associated to its compressed secret key). Furthermore, the BLS signature scheme is deterministic, non-malleable, and efficient. Its simplicity and cryptographic properties allows it to be useful in a variety of use- cases, specifically when minimal storage space or bandwidth are required. "Pairing-Friendly Curves", Yumi Sakemi, Tetsutaro Kobayashi, Tsunekazu Saito, 2019-11-01, This memo introduces pairing-friendly curves used for constructing pairing-based cryptography. It describes recommended parameters for each security level and recent implementations of pairing-friendly curves. ControLling mUltiple streams for tElepresence (clue) ---------------------------------------------------- "Framework for Telepresence Multi-Streams", Mark Duckworth, Andrew Pepperell, Stephan Wenger, 2016-01-08, This document defines a framework for a protocol to enable devices in a telepresence conference to interoperate. The protocol enables communication of information about multiple media streams so a sending system and receiving system can make reasonable decisions about transmitting, selecting and rendering the media streams. This protocol is used in addition to SIP signaling and SDP negotiation for setting up a telepresence session. "Mapping RTP streams to CLUE Media Captures", Roni Even, Jonathan Lennox, 2017-02-27, This document describes how the Real Time transport Protocol (RTP) is used in the context of the CLUE protocol (ControLling mUltiple streams for tElepresence). It also describes the mechanisms and recommended practice for mapping RTP media streams defined in Session Description Protocol (SDP) to CLUE Media Captures and defines a new RTP header extension (CaptureId). "An XML Schema for the CLUE data model", Roberta Presta, Simon Romano, 2016-08-13, This document provides an XML schema file for the definition of CLUE data model types. The term "CLUE" stands for "ControLling mUltiple streams for tElepresence" and is the name of the IETF working group in which this document, as well as other companion documents, has been developed. The document defines a coherent structure for information associated with the description of a telepresence scenario. "CLUE Protocol data channel", Christer Holmberg, 2019-04-24, This document defines how to use the WebRTC data channel mechanism to realize a data channel, referred to as a CLUE data channel, for transporting CLUE protocol messages between two CLUE entities. "Session Signaling for Controlling Multiple Streams for Telepresence (CLUE)", Robert Hansen, Paul Kyzivat, Lennard Xiao, Christian Groves, 2019-12-09, This document specifies how CLUE-specific signaling such as the CLUE protocol and the CLUE data channel are used in conjunction with each other and with existing signaling mechanisms such as SIP and SDP to produce a telepresence call. "Protocol for Controlling Multiple Streams for Telepresence (CLUE)", Roberta Presta, Simon Romano, 2019-07-05, The CLUE protocol is an application protocol conceived for the description and negotiation of a telepresence session. The design of the CLUE protocol takes into account the requirements and the framework defined within the IETF CLUE working group. A companion document delves into CLUE signaling details, as well as on the SIP/ SDP session establishment phase. CLUE messages flow over the CLUE data channel, based on reliable and ordered SCTP over DTLS transport. Message details, together with the behavior of CLUE Participants acting as Media Providers and/or Media Consumers, are herein discussed. Constrained RESTful Environments (core) --------------------------------------- "CoRE Resource Directory", Zach Shelby, Michael Koster, Carsten Bormann, Peter van der Stok, Christian Amsuess, 2019-07-08, In many IoT applications, direct discovery of resources is not practical due to sleeping nodes, disperse networks, or networks where multicast traffic is inefficient. These problems can be solved by employing an entity called a Resource Directory (RD), which contains information about resources held on other servers, allowing lookups to be performed for those resources. The input to an RD is composed of links and the output is composed of links constructed from the information stored in the RD. This document specifies the web interfaces that a Resource Directory supports for web servers to discover the RD and to register, maintain, lookup and remove information on resources. Furthermore, new target attributes useful in conjunction with an RD are defined. "CBOR Encoding of Data Modeled with YANG", Michel Veillette, Ivaylo Petrov, Alexander Pelov, 2019-09-11, This document defines encoding rules for serializing configuration data, state data, RPC input and RPC output, Action input, Action output, notifications and yang data template defined within YANG modules using the Concise Binary Object Representation (CBOR) [RFC7049]. "Dynamic Resource Linking for Constrained RESTful Environments", Zach Shelby, Michael Koster, Christian Groves, Jintao Zhu, Bill Silverajan, 2019-07-22, This specification defines Link Bindings, which provide dynamic linking of state updates between resources, either on an endpoint or between endpoints, for systems using CoAP (RFC7252). This specification also defines Conditional Notification Attributes that work with Link Bindings or with CoAP Observe (RFC7641). Editor note The git repository for the draft is found at https://github.com/core- wg/dynlink "Publish-Subscribe Broker for the Constrained Application Protocol (CoAP)", Michael Koster, Ari Keranen, Jaime Jimenez, 2019-09-30, The Constrained Application Protocol (CoAP), and related extensions are intended to support machine-to-machine communication in systems where one or more nodes are resource constrained, in particular for low power wireless sensor networks. This document defines a publish- subscribe Broker for CoAP that extends the capabilities of CoAP for supporting nodes with long breaks in connectivity and/or up-time. There is work in progress to resolve some of the transfer layer issues by using a more RESTful approach. Please see https://github.com/core-wg/pubsub/blob/master/proposal.txt "YANG Schema Item iDentifier (SID)", Michel Veillette, Alexander Pelov, Ivaylo Petrov, 2019-07-08, YANG Schema Item iDentifiers (SID) are globally unique 64-bit unsigned integers used to identify YANG items. This document defines the semantics, the registration, and assignment processes of SIDs. To enable the implementation of these processes, this document also defines a file format used to persist and publish assigned SIDs. "CoAP Management Interface", Michel Veillette, Peter van der Stok, Alexander Pelov, Andy Bierman, Ivaylo Petrov, 2019-09-27, This document describes a network management interface for constrained devices and networks, called CoAP Management Interface (CoMI). The Constrained Application Protocol (CoAP) is used to access datastore and data node resources specified in YANG, or SMIv2 converted to YANG. CoMI uses the YANG to CBOR mapping and converts YANG identifier strings to numeric identifiers for payload size reduction. The complete solution composed of CoMI, [I-D.ietf-core-yang-cbor] and [I-D.ietf-core-sid] is called CORECONF. CORECONF extends the set of YANG based protocols, NETCONF and RESTCONF, with the capability to manage constrained devices and networks. "CoRE Resource Directory: DNS-SD mapping", Peter van der Stok, Michael Koster, Christian Amsuess, 2019-07-07, Resource and service discovery are complementary. Resource discovery provides fine-grained detail about the content of a web server, while service discovery can provide a scalable method to locate servers in large networks. This document defines a method for mapping between CoRE Link Format attributes and DNS-Based Service Discovery records to facilitate the use of either method to locate RESTful service interfaces (APIs) in heterogeneous HTTP/CoAP environments. "CoAP: Echo, Request-Tag, and Token Processing", Christian Amsuess, John Mattsson, Goeran Selander, 2019-11-04, This document specifies enhancements to the Constrained Application Protocol (CoAP) that mitigate security issues in particular use cases. The Echo option enables a CoAP server to verify the freshness of a request or to force a client to demonstrate reachability at its claimed network address. The Request-Tag option allows the CoAP server to match block-wise message fragments belonging to the same request. The update to the client Token processing requirements of RFC 7252 forbids non-secure reuse of Tokens to ensure binding of responses to requests when CoAP is used with security. "Group OSCORE - Secure Group Communication for CoAP", Marco Tiloca, Goeran Selander, Francesca Palombini, Jiye Park, 2019-11-04, This document describes a mode for protecting group communication over the Constrained Application Protocol (CoAP). The proposed mode relies on Object Security for Constrained RESTful Environments (OSCORE) and the CBOR Object Signing and Encryption (COSE) format. In particular, it defines how OSCORE is used in a group communication setting, while fulfilling the same security requirements for group requests and responses. Source authentication of all messages exchanged within the group is provided by means of digital signatures produced by the sender and embedded in the protected CoAP messages. "Uniform Resource Names for Device Identifiers", Jari Arkko, Cullen Jennings, Zach Shelby, 2019-12-13, This memo describes a new Uniform Resource Name (URN) namespace for hardware device identifiers. A general representation of device identity can be useful in many applications, such as in sensor data streams and storage, or equipment inventories. A URN-based representation can be easily passed along in any application that needs the information. "Multipart Content-Format for CoAP", Thomas Fossati, Klaus Hartke, Carsten Bormann, 2019-08-21, This memo defines application/multipart-core, an application- independent media-type that can be used to combine representations of zero or more different media types into a single message, such as a CoAP request or response body, with minimal framing overhead, each along with a CoAP Content-Format identifier. "Constrained Application Protocol (CoAP) Hop-Limit Option", Mohamed Boucadair, Tirumaleswar Reddy.K, Jon Shallow, 2019-10-17, The presence of Constrained Application Protocol (CoAP) proxies may lead to infinite forwarding loops, which is undesirable. To prevent and detect such loops, this document specifies the Hop-Limit CoAP option. "FETCH & PATCH with Sensor Measurement Lists (SenML)", Ari Keranen, Mojan Mohajer, 2019-08-17, The Sensor Measurement Lists (SenML) media type and data model can be used to send collections of resources, such as batches of sensor data or configuration parameters. The CoAP iPATCH, PATCH, and FETCH methods enable accessing and updating parts of a resource or multiple resources with one request. This document defines new media types for the CoAP iPATCH, PATCH, and FETCH methods for resources represented with the SenML data model. "Extended Tokens and Stateless Clients in the Constrained Application Protocol (CoAP)", Klaus Hartke, 2019-12-06, This document provides considerations for alleviating CoAP clients and intermediaries of keeping per-request state. To facilitate this, this document additionally introduces a new, optional CoAP protocol extension for extended token lengths. This document updates RFCs 7252 and 8323. "Constrained YANG Module Library", Michel Veillette, Ivaylo Petrov, 2019-07-24, This document describes a constrained version of the YANG library that provides information about the YANG modules, datastores, and datastore schemas used by a constrained network management server (e.g., a CORECONF server). "SenML Data Value Content-Format Indication", Ari Keranen, Carsten Bormann, 2019-11-04, The Sensor Measurement Lists (SenML) media type supports multiple types of values, from numbers to text strings and arbitrary binary data values. In order to simplify processing of the data values this document proposes to specify a new SenML field for indicating the Content-Format of the data. "The Constrained RESTful Application Language (CoRAL)", Klaus Hartke, 2019-11-04, The Constrained RESTful Application Language (CoRAL) defines a data model and interaction model as well as two specialized serialization formats for the description of typed connections between resources on the Web ("links"), possible operations on such resources ("forms"), as well as simple resource metadata. "Constrained Resource Identifiers", Klaus Hartke, 2019-11-04, Constrained Resource Identifiers (CoRIs) are an alternate serialization of Uniform Resource Identifiers (URIs) that encodes the URI components in Concise Binary Object Representation (CBOR) instead of a string of characters. This simplifies parsing, reference resolution, and comparison of URIs in environments with severe limitations on processing power, code size, and memory size. "Additional Units for SenML", Carsten Bormann, 2019-11-04, The Sensor Measurement Lists (SenML) media type supports the indication of units for a quantity represented. This short document registers a number of additional unit names in the IANA registry for Units in SenML. It also defines a registry for secondary units that cannot be in SenML's main registry as they are derived by linear transformation from units already in that registry; RFC 8428 is updated to also accept these units. CBOR Object Signing and Encryption (cose) ----------------------------------------- "Use of the HSS/LMS Hash-based Signature Algorithm with CBOR Object Signing and Encryption (COSE)", Russ Housley, 2019-12-11, This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the CBOR Object Signing and Encryption (COSE) syntax. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. "CBOR Object Signing and Encryption (COSE): Structures and Process", Jim Schaad, 2019-11-17, Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR. This document along with [I-D.ietf-cose-rfc8152bis-algs] obsoletes RFC8152. "CBOR Object Signing and Encryption (COSE): Initial Algorithms", Jim Schaad, 2019-11-04, Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. COSE additionally describes how to represent cryptographic keys using CBOR. In this specification the conventions for the use of a number of cryptographic algorithms with COSE. The details of the structure of COSE are defined in [I-D.ietf-cose-rfc8152bis-struct]. This document along with [I-D.ietf-cose-rfc8152bis-struct] obsoletes RFC8152. "CBOR Object Signing and Encryption (COSE): Headers for carrying and referencing X.509 certificates", Jim Schaad, 2019-11-04, The CBOR Signing And Encrypted Message (COSE) structure uses references to keys in general. For some algorithms, additional properties are defined which carry parts of keys as needed. The COSE Key structure is used for transporting keys outside of COSE messages. This document extends the way that keys can be identified and transported by providing attributes that refer to or contain X.509 certificates. "CBOR Object Signing and Encryption (COSE): Hash Algorithms", Jim Schaad, 2019-11-04, The CBOR Object Signing and Encryption (COSE) syntax [I-D.ietf-cose-rfc8152bis-struct] does not define any direct methods for using hash algorithms. There are however circumstances where hash algorithms are used: Indirect signatures where the hash of one or more contents are signed. X.509 certificate or other object identification by the use of a thumbprint. This document defines a set of hash algorithms that are identified by COSE Algorithm Identifiers. "COSE and JOSE Registrations for WebAuthn Algorithms", Michael Jones, 2019-11-01, The W3C Web Authentication (WebAuthn) specification and the FIDO Alliance Client to Authenticator Protocol (CTAP) specification use CBOR Object Signing and Encryption (COSE) algorithm identifiers. This specification registers the following algorithms in the IANA "COSE Algorithms" registry, which are used by WebAuthn and CTAP implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512, and SHA-1, and ECDSA using the secp256k1 curve and SHA-256. It registers the secp256k1 elliptic curve in the IANA "COSE Elliptic Curves" registry. Also, for use with JSON Object Signing and Encryption (JOSE), it registers the algorithm ECDSA using the secp256k1 curve and SHA-256 in the IANA "JSON Web Signature and Encryption Algorithms" registry and the secp256k1 elliptic curve in the IANA "JSON Web Key Elliptic Curve" registry. CURves, Deprecating and a Little more Encryption (curdle) --------------------------------------------------------- "Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448", Aris Adamantiadis, Simon Josefsson, Mark Baushke, 2019-09-05, This document describes the specification for using Curve25519 and Curve448 key exchange methods in the Secure Shell (SSH) protocol. "Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)", Mark Baushke, 2018-01-02, This document is intended to update the recommended set of key exchange methods for use in the Secure Shell (SSH) protocol to meet evolving needs for stronger security. This document updates RFC 4250. "GSS-API Key Exchange with SHA2", Simo Sorce, Hubert Kario, 2019-07-23, This document specifies additions and amendments to RFC4462. It defines a new key exchange method that uses SHA-2 for integrity and deprecates weak DH groups. The purpose of this specification is to modernize the cryptographic primitives used by GSS Key Exchanges. "Deprecating RC4 in Secure Shell (SSH)", Loganaden Velvindron, 2019-11-25, This document deprecates RC4 in Secure Shell (SSH). Therefore, this document formally moves RFC4345 to historic status. "Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH) protocol", Ben Harris, Loganaden Velvindron, 2019-09-09, This document describes the use of the Ed25519 and Ed448 digital signature algorithm in the Secure Shell (SSH) protocol. Deterministic Networking (detnet) --------------------------------- "Deterministic Networking (DetNet) Security Considerations", Tal Mizrahi, Ethan Grossman, Andrew Hacker, Subir Das, John Dowdell, Henrik Austad, Norman Finn, 2019-11-02, A deterministic network is one that can carry data flows for real- time applications with extremely low data loss rates and bounded latency. Deterministic networks have been successfully deployed in real-time operational technology (OT) applications for some years. However, such networks are typically isolated from external access, and thus the security threat from external attackers is low. IETF Deterministic Networking (DetNet) specifies a set of technologies that enable creation of deterministic networks on IP-based networks of potentially wide area (on the scale of a corporate network) potentially bringing the OT network into contact with Information Technology (IT) traffic and security threats that lie outside of a tightly controlled and bounded area (such as the internals of an aircraft). These DetNet technologies have not previously been deployed together on a wide area IP-based network, and thus can present security considerations that may be new to IP-based wide area network designers. This draft, intended for use by DetNet network designers, provides insight into these security considerations. In addition, this draft collects all security-related statements from the various DetNet drafts (Architecture, Use Cases, etc) into a single location Section 8. "DetNet Flow Information Model", Janos Farkas, Balazs Varga, Rodney Cummings, Yuanlong Jiang, Don Fedyk, 2019-10-28, This document describes flow and service information model for Deterministic Networking (DetNet). These models are defined for IP and MPLS DetNet data planes "Deterministic Networking (DetNet) Configuration YANG Model", Xuesong Geng, Mach Chen, Yeoncheol Ryoo, Zhenqiang Li, Reshad Rahman, 2019-11-04, This document contains the specification for Deterministic Networking flow configuration YANG Model. The model allows for provisioning of end-to-end DetNet service along the path without dependency on any signaling protocol. The YANG module defined in this document conforms to the Network Management Datastore Architecture (NMDA). "DetNet Data Plane Framework", Balazs Varga, Janos Farkas, Lou Berger, Don Fedyk, Andrew Malis, Stewart Bryant, Jouni Korhonen, 2019-10-28, This document provides an overall framework for the DetNet data plane. It covers concepts and considerations that are generally common to any Deterministic Networking data plane specification. "DetNet Data Plane: IEEE 802.1 Time Sensitive Networking over MPLS", Balazs Varga, Janos Farkas, Andrew Malis, Stewart Bryant, Don Fedyk, 2019-10-28, This document specifies the Deterministic Networking data plane when TSN networks are interconnected over a DetNet MPLS Network. "DetNet Data Plane: MPLS over UDP/IP", Balazs Varga, Janos Farkas, Lou Berger, Andrew Malis, Stewart Bryant, Jouni Korhonen, 2019-11-21, This document specifies the MPLS Deterministic Networking data plane operation and encapsulation over an IP network. The approach is modeled on the operation of MPLS and over UDP/IP packet switched networks. "DetNet Data Plane: MPLS over IEEE 802.1 Time Sensitive Networking (TSN)", Balazs Varga, Janos Farkas, Andrew Malis, Stewart Bryant, 2019-10-28, This document specifies the Deterministic Networking MPLS data plane when operating over a TSN sub-network. "DetNet Data Plane: MPLS", Balazs Varga, Janos Farkas, Lou Berger, Don Fedyk, Andrew Malis, Stewart Bryant, Jouni Korhonen, 2019-11-21, This document specifies the Deterministic Networking data plane when operating over an MPLS Packet Switched Networks. "DetNet Data Plane: IP over IEEE 802.1 Time Sensitive Networking (TSN)", Balazs Varga, Janos Farkas, Andrew Malis, Stewart Bryant, 2019-10-28, This document specifies the Deterministic Networking IP data plane when operating over a TSN sub-network. "DetNet Data Plane: IP over MPLS", Balazs Varga, Janos Farkas, Lou Berger, Don Fedyk, Andrew Malis, Stewart Bryant, Jouni Korhonen, 2019-11-21, This document specifies the Deterministic Networking data plane when operating in an IP over MPLS packet switched network. "DetNet Data Plane: IP", Balazs Varga, Janos Farkas, Lou Berger, Don Fedyk, Andrew Malis, Stewart Bryant, Jouni Korhonen, 2019-11-21, This document specifies the Deterministic Networking data plane when operating in an IP packet switched network. "DetNet Bounded Latency", Norman Finn, Jean-Yves Le Boudec, Ehsan Mohammadpour, Jiayi Zhang, Balazs Varga, Janos Farkas, 2019-11-04, This document presents a timing model for Deterministic Networking (DetNet), so that existing and future standards can achieve the DetNet quality of service features of bounded latency and zero congestion loss. It defines requirements for resource reservation protocols or servers. It calls out queuing mechanisms, defined in other documents, that can provide the DetNet quality of service. Dynamic Host Configuration (dhc) -------------------------------- "YANG Data Model for DHCPv6 Configuration", Yong Cui, Linhui Sun, Ian Farrer, Sladjana Zechlin, Zihao He, Michal Nowikowski, 2019-11-04, This document describes several YANG data modules for the configuration and management of DHCPv6 servers, relays, and clients. "Link-Layer Addresses Assignment Mechanism for DHCPv6", Bernie Volz, Tomek Mrugalski, Carlos Bernardos, 2019-09-20, In certain environments, e.g. large scale virtualization deployments, new devices are created in an automated manner. Such devices typically have their link-layer (MAC) addresses randomized. With sufficient scale, the likelihood of collision is not acceptable. Therefore an allocation mechanism is required. This draft proposes an extension to DHCPv6 that allows a scalable approach to link-layer address assignments. "SLAP quadrant selection options for DHCPv6", Carlos Bernardos, Alain Mourad, 2019-07-08, The IEEE originally structured the 48-bit MAC address space in such a way that half of it was reserved for local use. Recently, the IEEE has been working on a new specification (IEEE 802c) which defines a new "optional Structured Local Address Plan" (SLAP) that specifies different assignment approaches in four specified regions of the local MAC address space. The IEEE is working on mechanisms to allocate addresses in the one of these quadrants (IEEE 802.1CQ). There is work also in the IETF on specifying a new mechanism that extends DHCPv6 operation to handle the local MAC address assignments. In this document, we complement this ongoing IETF work by defining a mechanism to allow choosing the SLAP quadrant to use in the allocation of the MAC address to the requesting device/client. This document proposes extensions to DHCPv6 protocols to enable a DHCPv6 client or a DHCPv6 relay to indicate a preferred SLAP quadrant to the server, so that the server allocates the MAC address to the given client out of the quadrant requested by relay or client. "Problem Statement of Multi-requirement Extensions for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", Ren Gang, Lin He, Ying Liu, 2019-10-11, The manageability, security, privacy protection, and traceability of networks can be supported by extending DHCPv6 protocol according to requirements. This document analyzes current extension practices and typical DHCP server software on extensions, defines a DHCP general model, discusses some extension points, and present extension cases. Diameter Maintenance and Extensions (dime) ------------------------------------------ "Diameter Group Signaling", Mark Jones, Marco Liebsch, Lionel Morand, 2018-12-28, In large network deployments, a single Diameter node can support over a million concurrent Diameter sessions. Recent use cases have revealed the need for Diameter nodes to apply the same operation to a large group of Diameter sessions concurrently. The Diameter base protocol commands operate on a single session so these use cases could result in many thousands of command exchanges to enforce the same operation on each session in the group. In order to reduce signaling, it would be desirable to enable bulk operations on all (or part of) the sessions managed by a Diameter node using a single or a few command exchanges. This document specifies the Diameter protocol extensions to achieve this signaling optimization. Dispatch (dispatch) ------------------- "ECMAScript Media Types Updates", Myles Borins, Mathias Bynens, Matthew Miller, Bradley Farias, 2019-10-31, This document proposes updates to the ECMAScript media types, superseding the existing registrations for "application/javascript" and "text/javascript" by adding an additional extension and removing usage warnings. This document updates RFC4329, "Scripting Media Types". Domain-based Message Authentication, Reporting & Conformance (dmarc) -------------------------------------------------------------------- "Recommended Usage of the Authenticated Received Chain (ARC)", Steven Jones, Kurt Andersen, 2019-10-22, The Authentication Received Chain (ARC) provides an authenticated "chain of custody" for a message, allowing each entity that handles the message to see what entities handled it before, and to see what the message's authentication assessment was at each step in the handling. But the specification does not indicate how the entities handling these messages should interpret or utilize ARC results in making decisions about message disposition. This document will provide guidance in these areas. "DMARC (Domain-based Message Authentication, Reporting, and Conformance) Extension For PSDs (Public Suffix Domains)", Scott Kitterman, 2019-10-14, DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling. The design of DMARC presumes that domain names represent either nodes in the tree below which registrations occur, or nodes where registrations have occurred; it does not permit a domain name to have both of these properties simultaneously. Since its deployment in 2015, use of DMARC has shown a clear need for the ability to express policy for these domains as well. Domains at which registrations can occur are referred to as Public Suffix Domains (PSDs). This document describes an extension to DMARC to enable DMARC functionality for PSDs. This document also seeks to address implementations that consider a domain on a public Suffix list to be ineligible for DMARC enforcement. Distributed Mobility Management (dmm) ------------------------------------- "Distributed Mobility Anchoring", Anthony Chan, Xinpeng Wei, Jong-Hyouk Lee, Seil Jeon, Carlos Bernardos, 2019-11-01, This document defines distributed mobility anchoring in terms of the different configurations and functions to provide IP mobility support. A network may be configured with distributed mobility anchoring functions for both network-based or host-based mobility support according to the needs of mobility support. In a distributed mobility anchoring environment, multiple anchors are available for mid-session switching of an IP prefix anchor. To start a new flow or to handle a flow not requiring IP session continuity as a mobile node moves to a new network, the flow can be started or re-started using an IP address configured from the new IP prefix anchored to the new network. If the flow needs to survive the change of network, there are solutions that can be used to enable IP address mobility. This document describes different anchoring approaches, depending on the IP mobility needs, and how this IP address mobility is handled by the network. "Segment Routing IPv6 for Mobile User Plane", Satoru Matsushima, Clarence Filsfils, Miya Kohno, Pablo Camarillo, Daniel Voyer, Charles Perkins, 2019-11-04, This document shows the applicability of SRv6 (Segment Routing IPv6) to the user-plane of mobile networks. The network programming nature of SRv6 accomplish mobile user-plane functions in a simple manner. The statelessness of SRv6 and its ability to control both service layer path and underlying transport can be beneficial to the mobile user-plane, providing flexibility, end-to-end network slicing and SLA control for various applications. This document describes the SRv6 mobile user plane. "Proxy Mobile IPv6 extensions for Distributed Mobility Management", Carlos Bernardos, Antonio de la Oliva, Fabio Giust, Juan Zuniga, Alain Mourad, 2019-11-02, Distributed Mobility Management solutions allow for setting up networks so that traffic is distributed in an optimal way and does not rely on centrally deployed anchors to provide IP mobility support. There are many different approaches to address Distributed Mobility Management, as for example extending network-based mobility protocols (like Proxy Mobile IPv6), or client-based mobility protocols (like Mobile IPv6), among others. This document follows the former approach and proposes a solution based on Proxy Mobile IPv6 in which mobility sessions are anchored at the last IP hop router (called mobility anchor and access router). The mobility anchor and access router is an enhanced access router which is also able to operate as a local mobility anchor or mobility access gateway, on a per prefix basis. The document focuses on the required extensions to effectively support simultaneously anchoring several flows at different distributed gateways. "User Plane Protocol and Architectural Analysis on 3GPP 5G System", Shunsuke Homma, Takuya Miyasaka, Satoru Matsushima, Daniel Voyer, 2019-11-03, This document analyzes the mobile user plane protocol and the architecture specified in 3GPP 5G documents. The analysis work is to clarify those specifications, extract protocol and architectural requirements and derive evaluation aspects for user plane protocols on IETF side. This work is corresponding to the User Plane Protocol Study work on 3GPP side. Domain Name System Operations (dnsop) ------------------------------------- "The ALT Special Use Top Level Domain", Warren Kumari, Andrew Sullivan, 2019-08-23, This document reserves a string (ALT) to be used as a TLD label in non-DNS contexts. It also provides advice and guidance to developers developing alternative namespaces. [Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication. This document is being collaborated on in Github at: https://github.com/wkumari/draft- wkumari-dnsop-alt-tld. The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests. ] "A Common Operational Problem in DNS Servers - Failure To Communicate.", Mark Andrews, Ray Bellis, 2019-11-04, The DNS is a query / response protocol. Failing to respond to queries, or responding incorrectly, causes both immediate operational problems and long term problems with protocol development. This document identifies a number of common kinds of queries to which some servers either fail to respond or else respond incorrectly. This document also suggests procedures for zone operators to apply to identify and remediate the problem. The document does not look at the DNS data itself, just the structure of the responses. "Address-specific DNS aliases (ANAME)", Tony Finch, Evan Hunt, Peter van Dijk, Anthony Eden, Willem Mekking, 2019-07-08, This document defines the "ANAME" DNS RR type, to provide similar functionality to CNAME, but only for address queries. Unlike CNAME, an ANAME can coexist with other record types. The ANAME RR allows zone owners to make an apex domain name into an alias in a standards compliant manner. "DNS Transport over TCP - Operational Requirements", John Kristoff, Duane Wessels, 2019-11-02, This document encourages the practice of permitting DNS messages to be carried over TCP on the Internet. This includes both DNS over unencrypted TCP, as well as over an encrypted TLS session. The document also considers the consequences with this form of DNS communication and the potential operational issues that can arise when this best common practice is not upheld. "Extended DNS Errors", Warren Kumari, Evan Hunt, Roy Arends, Wes Hardaker, David Lawrence, 2019-10-01, This document defines an extensible method to return additional information about the cause of DNS errors. Though created primarily to extend SERVFAIL to provide additional information about the cause of DNS and DNSSEC failures, the Extended DNS Errors option defined in this document allows all response types to contain extended error information. Extended DNS Error information does not change the processing of RCODEs. "Serving Stale Data to Improve DNS Resiliency", David Lawrence, Warren Kumari, Puneet Sood, 2019-12-09, This draft defines a method (serve-stale) for recursive resolvers to use stale DNS data to avoid outages when authoritative nameservers cannot be reached to refresh expired data. One of the motivations for serve-stale is to make the DNS more resilient to DoS attacks, and thereby make them less attractive as an attack vector. This document updates the definitions of TTL from RFC 1034 and RFC 1035 so that data can be kept in the cache beyond the TTL expiry, updates RFC 2181 by interpreting values with the high order bit set as being positive, rather than 0, and suggests a cap of 7 days. "Secret Key Transaction Authentication for DNS (TSIG)", Francis Dupont, Stephen Morris, Paul Vixie, Donald Eastlake, Olafur Gudmundsson, Brian Wellington, 2019-11-01, This document describes a protocol for transaction level authentication using shared secrets and one way hashing. It can be used to authenticate dynamic updates as coming from an approved client, or to authenticate responses as coming from an approved name server. No recommendation is made here for distributing the shared secrets: it is expected that a network administrator will statically configure name servers and clients using some out of band mechanism. This document obsoletes RFC2845 and RFC4635. "Running a Root Server Local to a Resolver", Warren Kumari, Paul Hoffman, 2019-11-17, Some DNS recursive resolvers have longer-than-desired round-trip times to the closest DNS root server such as during a network attack. Some DNS recursive resolver operators want to prevent snooping by third parties of requests sent to DNS root servers. Such resolvers can greatly decrease the round-trip time and prevent observation of requests by serving a copy of the full root zone on the same server, such as on a loopback address or in the resolver software. This document shows how to start and maintain such a copy of the root zone that does not cause problems for other users of the DNS, at the cost of adding some operational fragility for the operator. [ This document is being collaborated on in Github at: https://github.com/wkumari/draft-kh-dnsop-7706bis. The most recent version of the document, open issues, and so on should all be available there. The authors gratefully accept pull requests. ] "YANG Types for DNS Classes and Resource Record Types", Ladislav Lhotka, Petr Spacek, 2019-06-27, This document contains the initial revision of the YANG module iana- dns-class-rr-type that contains derived types reflecting two IANA registries: DNS CLASSes and Resource Record (RR) TYPEs. These YANG types are intended as a minimum basis for future data modeling work. "Multi Signer DNSSEC models", Shumon Huque, Pallavi Aras, John Dickinson, Jan Vcelak, David Blacka, 2019-07-22, Many enterprises today employ the service of multiple DNS providers to distribute their authoritative DNS service. Deploying DNSSEC in such an environment may present some challenges depending on the configuration and feature set in use. This document will present several deployment models that may be suitable. "Message Digest for DNS Zones", Duane Wessels, Piet Barber, Matt Weinberg, Warren Kumari, Wes Hardaker, 2019-12-03, This document describes a protocol and new DNS Resource Record that can be used to provide a cryptographic message digest over DNS zone data. The ZONEMD Resource Record conveys the digest data in the zone itself. When a zone publisher includes an ZONEMD record, recipients can verify the zone contents for accuracy and completeness. This provides assurance that received zone data matches published data, regardless of how the zone data has been transmitted and received. ZONEMD is not designed to replace DNSSEC. Whereas DNSSEC protects individual RRSets (DNS data with fine granularity), ZONEMD protects protects a zone's data as a whole, whether consumed by authoritative name servers, recursive name servers, or any other applications. As specified at this time, ZONEMD is not designed for use in large, dynamic zones due to the time and resources required for digest calculation. The ZONEMD record described in this document includes a field intended to enable future work to support large, dynamic zones. "Moving DNSSEC Lookaside Validation (DLV) to Historic Status", Willem Mekking, Dan Mahoney, 2019-10-31, This document obsoletes DNSSEC lookaside validation (DLV) and reclassifies RFCs 4431 and 5074 as Historic. Furthermore, this document updates RFC 6698 by excluding the DLV resource record from certificates, and updates RFC 6840 by excluding the DLV registries from the trust anchor selection. "Terminology for DNS Transports and Location", Paul Hoffman, 2019-08-15, This document adds terms and abbreviations to "DNS Terminology" (RFC 8499) that relate to DNS running over various transports, as well as terms and abbreviations for DNS resolution at traditional and non- traditional locations. "DNS Resolver Information Self-publication", Puneet Sood, Roy Arends, Paul Hoffman, 2019-08-19, This document describes methods for DNS resolvers to self-publish information about themselves, such as whether they perform DNSSEC validation or are available over transports other than what is defined in RFC 1035. The information is returned as a JSON object. The names in this object are defined in an IANA registry that allows for light-weight registration. Applications and operating systems can use the methods defined here to get the information from resolvers in order to make choices about how to send future queries to those resolvers. "Interoperable Domain Name System (DNS) Server Cookies", Ondrej Sury, Willem Toorop, Donald Eastlake, Mark Andrews, 2019-11-18, DNS cookies, as specified in RFC 7873, are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of denial-of-service and amplification, forgery, or cache poisoning attacks by off-path attackers. This document provides precise directions for creating Server Cookies so that an anycast server set including diverse implementations will interoperate with standard clients. This document updates [RFC7873] "Service binding and parameter specification via the DNS (DNS SVCB and HTTPSSVC)", Benjamin Schwartz, Mike Bishop, Erik Nygren, 2019-11-04, This document specifies the "SVCB" and "HTTPSSVC" DNS resource record types to facilitate the lookup of information needed to make connections for origin resources, such as for HTTPS URLs. SVCB records allow an origin to be served from multiple network locations, each with associated parameters (such as transport protocol configuration and keying material for encrypting TLS SNI). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPSSVC DNS RR is a variation of SVCB for HTTPS and HTTP origins. By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy. TO BE REMOVED: This proposal is inspired by and based on recent DNS usage proposals such as ALTSVC, ANAME, and ESNIKEYS (as well as long standing desires to have SRV or a functional equivalent implemented for HTTP). These proposals each provide an important function but are potentially incompatible with each other, such as when an origin is load-balanced across multiple hosting providers (multi-CDN). Furthermore, these each add potential cases for adding additional record lookups in-addition to AAAA/A lookups. This design attempts to provide a unified framework that encompasses the key functionality of these proposals, as well as providing some extensibility for addressing similar future challenges. TO BE REMOVED: The specific name for this RR type is an open topic for discussion. "SVCB" and "HTTPSSVC" are meant as placeholders as they are easy to replace. Other names might include "B", "SRV2", "SVCHTTPS", "HTTPS", and "ALTSVC". Extensions for Scalable DNS Service Discovery (dnssd) ----------------------------------------------------- "Discovery Proxy for Multicast DNS-Based Service Discovery", Stuart Cheshire, 2019-03-24, This document specifies a network proxy that uses Multicast DNS to automatically populate the wide-area unicast Domain Name System namespace with records describing devices and services found on the local link. "DNS Push Notifications", Tom Pusateri, Stuart Cheshire, 2019-10-13, The Domain Name System (DNS) was designed to return matching records efficiently for queries for data that are relatively static. When those records change frequently, DNS is still efficient at returning the updated results when polled, as long as the polling rate is not too high. But there exists no mechanism for a client to be asynchronously notified when these changes occur. This document defines a mechanism for a client to be notified of such changes to DNS records, called DNS Push Notifications. "DNS-SD Privacy and Security Requirements", Christian Huitema, Daniel Kaiser, 2019-07-25, DNS-SD (DNS Service Discovery) normally discloses information about devices offering and requesting services. This information includes host names, network parameters, and possibly a further description of the corresponding service instance. Especially when mobile devices engage in DNS Service Discovery over Multicast DNS at a public hotspot, serious privacy problems arise. We analyze the requirements of a privacy respecting discovery service. "Service Registration Protocol for DNS-Based Service Discovery", Stuart Cheshire, Ted Lemon, 2019-07-08, The Service Registration Protocol for DNS-Based Service Discovery uses the standard DNS Update mechanism to enable DNS-Based Service Discovery using only unicast packets. This makes it possible to deploy DNS Service Discovery without multicast, which greatly improves scalability and improves performance on networks where multicast service is not an optimal choice, particularly 802.11 (Wi-Fi) and 802.15.4 (IoT) networks. DNS-SD Service registration uses public keys and SIG(0) to allow services to defend their registrations against attack. DDoS Open Threat Signaling (dots) --------------------------------- "Use cases for DDoS Open Threat Signaling", Roland Dobbins, Daniel Migault, Robert Moskowitz, Nik Teague, Liang Xia, Kaname Nishizuka, 2019-09-05, The DDoS Open Threat Signaling (DOTS) effort is intended to provide protocols to facilitate interoperability across disparate DDoS mitigation solutions. This document presents sample use cases which describe the interactions expected between the DOTS components as well as DOTS messaging exchanges. These use cases are meant to identify the interacting DOTS components, how they collaborate, and what are the typical information to be exchanged. "Distributed-Denial-of-Service Open Threat Signaling (DOTS) Architecture", Andrew Mortensen, Tirumaleswar Reddy.K, Flemming Andreasen, Nik Teague, Rich Compton, 2019-05-29, This document describes an architecture for establishing and maintaining Distributed Denial of Service (DDoS) Open Threat Signaling (DOTS) within and between domains. The document does not specify protocols or protocol extensions, instead focusing on defining architectural relationships, components and concepts used in a DOTS deployment. "Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification", Tirumaleswar Reddy.K, Mohamed Boucadair, Prashanth Patil, Andrew Mortensen, Nik Teague, 2019-11-20, This document specifies the DOTS signal channel, a protocol for signaling the need for protection against Distributed Denial-of- Service (DDoS) attacks to a server capable of enabling network traffic mitigation on behalf of the requesting client. A companion document defines the DOTS data channel, a separate reliable communication layer for DOTS management and configuration purposes. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: o "This version of this YANG module is part of RFC XXXX;" o "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification"; o "| [RFCXXXX] |" o reference: RFC XXXX Please update this statement with the RFC number to be assigned to the following documents: o "RFC YYYY: Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel Specification (used to be I-D.ietf-dots-data- channel) Please update TBD/TBD1/TBD2 statements with the assignments made by IANA to DOTS Signal Channel Protocol. Also, please update the "revision" date of the YANG modules. "Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel Specification", Mohamed Boucadair, Tirumaleswar Reddy.K, 2019-07-21, The document specifies a Distributed Denial-of-Service Open Threat Signaling (DOTS) data channel used for bulk exchange of data that cannot easily or appropriately communicated through the DOTS signal channel under attack conditions. This is a companion document to the DOTS signal channel specification. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: o "This version of this YANG module is part of RFC XXXX;" o "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel Specification"; o reference: RFC XXXX Please update the "revision" date of the YANG module. "Multi-homing Deployment Considerations for Distributed-Denial-of-Service Open Threat Signaling (DOTS)", Mohamed Boucadair, Tirumaleswar Reddy.K, Wei Pan, 2019-07-22, This document discusses multi-homing considerations for Distributed- Denial-of-Service Open Threat Signaling (DOTS). The goal is to provide some guidance for DOTS clients/gateways when multihomed. "Distributed-Denial-of-Service Open Threat Signaling (DOTS) Agent Discovery", Mohamed Boucadair, Tirumaleswar Reddy.K, 2019-11-18, It may not be possible for a network to determine the cause for an attack, but instead just realize that some resources seem to be under attack. To fill that gap, Distributed-Denial-of-Service Open Threat Signaling (DOTS) allows a network to inform a DOTS server that it is under a potential attack so that appropriate mitigation actions are undertaken. This document specifies mechanisms to configure DOTS clients with their DOTS servers. The discovery procedure also covers the DOTS Signal Channel Call Home. "Controlling Filtering Rules Using Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel", Kaname Nishizuka, Mohamed Boucadair, Tirumaleswar Reddy.K, Takahiko Nagata, 2019-09-17, This document specifies an extension to the DOTS signal channel protocol so that DOTS clients can control their filtering rules when an attack mitigation is active. Particularly, this extension allows a DOTS client to activate or de- activate existing filtering rules during a DDoS attack. The characterization of these filtering rules is supposed to be conveyed by a DOTS client during an idle time by means of the DOTS data channel protocol. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: o "This version of this YANG module is part of RFC XXXX;" o "RFC XXXX: Controlling Filtering Rules Using Distributed Denial- of-Service Open Threat Signaling (DOTS) Signal Channel"; o reference: RFC XXXX o [RFCXXXX] Please update these statements with the RFC number to be assigned to the following documents: o "RFC SSSS: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification" (used to be [I-D.ietf-dots-signal-channel]) o "RFC DDDD: Distributed Denial-of-Service Open Threat Signaling (DOTS) Data Channel Specification" (used to be [I-D.ietf-dots-data-channel]) Please update the "revision" date of the YANG module. "Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Call Home", Tirumaleswar Reddy.K, Mohamed Boucadair, Jon Shallow, 2019-11-18, This document specifies the DOTS signal channel Call Home, which enables a DOTS server to initiate a secure connection to a DOTS client, and to receive the attack traffic information from the DOTS client. The DOTS server in turn uses the attack traffic information to identify the compromised devices launching the outgoing DDoS attack and takes appropriate mitigation action(s). The DOTS signal channel Call Home is not specific to the home networks; the solution targets any deployment which requires to block DDoS attack traffic closer to the source(s) of a DDoS attack. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: o "This version of this YANG module is part of RFC XXXX;" o "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Call Home"; o "| [RFCXXXX] |" o reference: RFC XXXX Please update this statement with the RFC number to be assigned to the following documents: o "RFC YYYY: Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Channel Specification (used to be I-D.ietf-dots- signal-channel) Please update TBD statements with the assignment made by IANA to DOTS Signal Channel Call Home. Also, please update the "revision" date of the YANG module. DNS PRIVate Exchange (dprive) ----------------------------- "Recommendations for DNS Privacy Service Operators", Sara Dickinson, Benno Overeinder, Roland van Rijswijk-Deij, Allison Mankin, 2019-11-18, This document presents operational, policy and security considerations for DNS recursive resolver operators who choose to offer DNS Privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, and how the decisions and alternatives impact the privacy of users. This document also presents a framework to assist writers of a DNS Recursive Operator Privacy Statement (analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC6841). "DNS Privacy Considerations", Stephane Bortzmeyer, Sara Dickinson, 2019-11-18, This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. "DNS Zone Transfer-over-TLS", Han Zhang, Pallavi Aras, Willem Toorop, Sara Dickinson, Allison Mankin, 2019-11-18, DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of DNS-over-TLS to prevent zone contents collection via passive monitoring of zone transfers. Delay/Disruption Tolerant Networking (dtn) ------------------------------------------ "Bundle Protocol Version 7", Scott Burleigh, Kevin Fall, Edward Birrane, 2019-10-25, This Internet Draft presents a specification for Bundle Protocol, adapted from the experimental Bundle Protocol specification developed by the Delay-Tolerant Networking Research group of the Internet Research Task Force and documented in RFC 5050. "Bundle Protocol Security Specification", Edward Birrane, Kenneth McKeever, 2019-11-04, This document defines a security protocol providing end to end data integrity and confidentiality services for the Bundle Protocol. "Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4", Brian Sipos, Michael Demmer, Joerg Ott, Simon Perreault, 2019-11-22, This document describes a revised protocol for the TCP-based convergence layer (TCPCL) for Delay-Tolerant Networking (DTN). The protocol revision is based on implementation issues in the original TCPCL Version 3 of RFC7242 and updates to the Bundle Protocol contents, encodings, and convergence layer requirements in Bundle Protocol Version 7. Specifically, the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit being transported and provides a reliable transport of such bundles. Several new IANA registries are defined for TCPCLv4 which define some behaviors inherited from TCPCLv3 but with updated encodings and/or semantics. "Bundle-in-Bundle Encapsulation", Scott Burleigh, 2019-08-04, This document describes Bundle-in-Bundle Encapsulation (BIBE), a Delay-Tolerant Networking (DTN) Bundle Protocol (BP) "convergence layer" protocol that tunnels BP "bundles" through encapsulating bundles. The services provided by the BIBE convergence-layer protocol adapter encapsulate an outbound BP "bundle" in a BIBE convergence-layer protocol data unit for transmission as the payload of a bundle. Security measures applied to the encapsulating bundle may augment those applied to the encapsulated bundle. The protocol includes a mechanism for recovery from loss of an encapsulating bundle, called "custody transfer". This mechanism is adapted from the custody transfer procedures described in the experimental Bundle Protocol specification developed by the Delay-Tolerant Networking Research group of the Internet Research Task Force and documented in RFC 5050. "Asynchronous Management Architecture", Edward Birrane, 2019-08-08, This document describes an asynchronous management architecture (AMA) suitable for providing application-level network management services in a challenged networking environment. Challenged networks are those that require fault protection, configuration, and performance reporting while unable to provide humans-in-the-loop with synchronous feedback or otherwise preserve transport-layer sessions. In such a context, networks must exhibit behavior that is both determinable and autonomous while maintaining compatibility with existing network management protocols and operational concepts. Emergency Context Resolution with Internet Technologies (ecrit) --------------------------------------------------------------- "Data-Only Emergency Calls", Brian Rosen, Henning Schulzrinne, Hannes Tschofenig, Randall Gellens, 2019-04-17, RFC 6443 'Framework for Emergency Calling Using Internet Multimedia' describes how devices use the Internet to place emergency calls and how Public Safety Answering Points (PSAPs) handle Internet multimedia emergency calls natively. The exchange of multimedia traffic for emergency services involves a Session Initiation Protocol (SIP) session establishment starting with a SIP INVITE that negotiates various parameters for that session. In some cases, however, the transmission of application data is all that is needed. Examples of such environments include alerts issued by a temperature sensor, burglar alarm, or chemical spill sensor. Often these alerts are conveyed as one-shot data transmissions. These type of interactions are called 'data-only emergency calls'. This document describes a container for the data based on the Common Alerting Protocol (CAP) and its transmission using the SIP MESSAGE transaction. "A LoST extension to return complete and similar location info", Roger Marshall, Jeff Martin, Brian Rosen, 2019-07-23, This document introduces a new way to provide returned location information in LoST responses that is either of a completed or similar form to the original input civic location, based on whether valid or invalid civic address elements are returned within the findServiceResponse message. This document defines a new extension to the findServiceResponse message within the LoST protocol [RFC5222] that enables the LoST protocol to return a completed civic address element set for a valid location response, and one or more suggested sets of similar location information for invalid LoST responses. These two types of civic addresses are referred to as either "complete location" or "similar location", and are included as a compilation of CAtype xml elements within the existing LoST findServiceResponse message structure. EAP Method Update (emu) ----------------------- "Using EAP-TLS with TLS 1.3", John Mattsson, Mohit Sethi, 2019-09-21, This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP- TLS. TLS 1.3 provides significantly improved security, privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 further improves security and privacy by mandating use of privacy and revocation checking. This document updates RFC 5216. "Improved Extensible Authentication Protocol Method for 3GPP Mobile Network Authentication and Key Agreement (EAP-AKA')", Jari Arkko, Vesa Lehtovirta, Vesa Torvinen, Pasi Eronen, 2019-11-17, The 3GPP Mobile Network Authentication and Key Agreement (AKA) is the primary authentication mechanism for devices wishing to access mobile networks. RFC 4187 (EAP-AKA) made the use of this mechanism possible within the Extensible Authentication Protocol (EAP) framework. RFC 5448 (EAP-AKA') was an improved version of EAP-AKA. This memo replaces the specification of EAP-AKA'. EAP-AKA' was defined in RFC 5448 and updated EAP-AKA RFC 4187. As such this document obsoletes RFC 5448 and updates RFC 4187. EAP-AKA' differs from EAP-AKA by providing a key derivation function that binds the keys derived within the method to the name of the access network. The key derivation function has been defined in the 3rd Generation Partnership Project (3GPP). EAP-AKA' allows its use in EAP in an interoperable manner. EAP-AKA' is also an algorithm update, as it employs SHA-256 / HMAC-SHA-256 instead of SHA-1 / HMAC- SHA-1 as in EAP-AKA. This version of EAP-AKA' specification specifies the protocol behaviour for 5G deployments as well. "Perfect-Forward Secrecy for the Extensible Authentication Protocol Method for Authentication and Key Agreement (EAP-AKA' PFS)", Jari Arkko, Karl Norrman, Vesa Torvinen, 2019-11-17, Many different attacks have been reported as part of revelations associated with pervasive surveillance. Some of the reported attacks involved compromising smart cards, such as attacking SIM card manufacturers and operators in an effort to compromise shared secrets stored on these cards. Since the publication of those reports, manufacturing and provisioning processes have gained much scrutiny and have improved. However, the danger of resourceful attackers for these systems is still a concern. This specification is an optional extension to the EAP-AKA' authentication method which was defined in [I-D.ietf-emu-rfc5448bis]. The extension, when negotiated, provides Perfect Forward Secrecy for the session key generated as a part of the authentication run in EAP- AKA'. This prevents an attacker who has gained access to the long- term pre-shared secret in a SIM card from being able to decrypt any past communications. In addition, if the attacker stays merely a passive eavesdropper, the extension prevents attacks against future sessions. This forces attackers to use active attacks instead. "Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods", Mohit Sethi, John Mattsson, Sean Turner, 2019-08-13, EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This memo looks at the this problem in detail and describes the potential solutions available. "EAP Session-Id Derivation for EAP-SIM, EAP-AKA, and PEAP", Alan DeKok, 2019-11-04, EAP Session-Id derivation has not been defined for EAP-SIM or EAP-AKA when using the fast re-authentication exchange instead of full authentication. This document updates RFC 5247 to define those derivations for EAP-SIM and EAP-AKA. Since RFC5448bis defines the Session-ID for EAP-AKA', the definition for EAP-AKA' is not included here. RFC 5247 also does not define Session-Id derivation for PEAP. A definition is given here which follows the definition for other TLS-based EAP methods. Email mailstore and eXtensions To Revise or Amend (extra) --------------------------------------------------------- "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev2", Alexey Melnikov, Barry Leiba, 2019-12-03, The Internet Message Access Protocol, Version 4rev2 (IMAP4rev2) allows a client to access and manipulate electronic mail messages on a server. IMAP4rev2 permits manipulation of mailboxes (remote message folders) in a way that is functionally equivalent to local folders. IMAP4rev2 also provides the capability for an offline client to resynchronize with the server. IMAP4rev2 includes operations for creating, deleting, and renaming mailboxes, checking for new messages, permanently removing messages, setting and clearing flags, RFC 5322, RFC 2045 and RFC 2231 parsing, searching, and selective fetching of message attributes, texts, and portions thereof. Messages in IMAP4rev2 are accessed by the use of numbers. These numbers are either message sequence numbers or unique identifiers. IMAP4rev2 does not specify a means of posting mail; this function is handled by a mail submission protocol such as RFC 6409. "IMAP4 Extension: Message Preview Generation", Michael Slusarz, 2019-12-10, This document specifies an Internet Message Access Protocol (IMAP) protocol extension allowing a client to request a server-generated abbreviated representation of message data useful as a contextual preview of the entire message. "IMAP QUOTA Extension", Alexey Melnikov, 2019-06-17, The QUOTA extension of the Internet Message Access Protocol (RFC 3501) permits administrative limits on resource usage (quotas) to be manipulated through the IMAP protocol. This memo obsoletes RFC 2087, but attempts to remain backwards compatible whenever possible. GitHub Integration and Tooling (git) ------------------------------------ "GitHub Configuration for IETF Working Groups", Alissa Cooper, Paul Hoffman, 2019-10-21, The use of GitHub in IETF working group processes is increasing. This document describes possible uses and conventions for working groups which are considering starting to use GitHub. It does not mandate any processes, and does not require changes to the processes used by current and future working groups not using GitHub. Discussion of this document takes place on the ietf-and-github mailing list (ietf-and-github@ietf.org), which is archived at . "Using GitHub at the IETF", Martin Thomson, Barbara Stark, 2019-11-19, This document describes best practices for Working Groups that use GitHub for their work. Global Routing Operations (grow) -------------------------------- "Support for Local RIB in BGP Monitoring Protocol (BMP)", Tim Evens, Serpil Bayraktar, Manish Bhardwaj, Paolo Lucente, 2019-11-04, The BGP Monitoring Protocol (BMP) defines access to the Adj-RIB-In and locally originated routes (e.g. routes distributed into BGP from protocols such as static) but not access to the BGP instance Loc-RIB. This document updates the BGP Monitoring Protocol (BMP) RFC 7854 by adding access to the BGP instance Local-RIB, as defined in RFC 4271 the routes that have been selected by the local BGP speaker's Decision Process. These are the routes over all peers, locally originated, and after best-path selection. "Methods for Detection and Mitigation of BGP Route Leaks", Kotikalapudi Sriram, Alexander Azimov, 2019-07-26, Problem definition for route leaks and enumeration of types of route leaks are provided in [RFC7908]. This document describes a new well- known Large Community that provides a way for route leak prevention, detection, and mitigation. The configuration process for this Community can be automated with the methodology for setting BGP roles that is described in ietf-idr-bgp-open-policy draft. "BMP Peer Up Message Namespace", John Scudder, 2019-07-24, RFC 7854, BMP, uses different message types for different purposes. Most of these are Type, Length, Value (TLV) structured. One message type, the Peer Up message, lacks a set of TLVs defined for its use, instead sharing a namespace with the Initiation message. Subsequent experience has shown that this namespace sharing was a mistake, as it hampers the extension of the protocol. This document updates RFC 7854 by creating an independent namespace for the Peer Up message. The changes in this document are formal only, compliant implementations of RFC 7854 also comply with this specification. "TLV support for BMP Route Monitoring and Peer Down Messages", Paolo Lucente, Yunan Gu, Henk Smit, 2019-10-15, Most of the message types defined by the BGP Monitoring Protocol (BMP) do provision for optional trailing data; however Route Monitoring message (to provide a snapshot of the monitored Routing Information Base) and Peer Down message (to indicate that a peering session was terminated) do not. Supporting optional data in TLV format across all BMP message types allows for an homogeneous and extensible surface that would be useful for the most different use- cases that need to convey additional data to a BMP station. While this document does not want to cover any specific utilization scenario, it defines a simple way to support optional TLV data in all message types. Host Identity Protocol (hip) ---------------------------- "Host Identity Protocol Architecture", Robert Moskowitz, Miika Komu, 2019-02-14, This memo describes the Host Identity (HI) namespace, that provides a cryptographic namespace to applications, and the associated protocol layer, the Host Identity Protocol, located between the internetworking and transport layers, that supports end-host mobility, multihoming and NAT traversal. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a HI namespace will add completeness to them. The roles of the HI namespace in the protocols are defined. This document obsoletes RFC 4423 and addresses the concerns raised by the IESG, particularly that of crypto agility. The section on security considerations describe also measures against flooding attacks, usage of identities in access control lists, weaker types of identifiers and trust on first use. This document incorporates lessons learned from the implementations of RFC 5201 and goes further to explain how HIP works as a secure signaling channel. "Native NAT Traversal Mode for the Host Identity Protocol", Ari Keranen, Jan Melen, Miika Komu, 2018-03-05, This document specifies a new Network Address Translator (NAT) traversal mode for the Host Identity Protocol (HIP). The new mode is based on the Interactive Connectivity Establishment (ICE) methodology and UDP encapsulation of data and signaling traffic. The main difference from the previously specified modes is the use of HIP messages for all NAT traversal procedures. "HIP Diet EXchange (DEX)", Robert Moskowitz, Rene Hummen, Miika Komu, 2019-10-31, This document specifies the Host Identity Protocol Diet EXchange (HIP DEX), a variant of the Host Identity Protocol Version 2 (HIPv2). The HIP DEX protocol design aims at reducing the overhead of the employed cryptographic primitives by omitting public-key signatures and hash functions. The HIP DEX protocol is primarily designed for computation or memory- constrained sensor/actuator devices. Like HIPv2, it is expected to be used together with a suitable security protocol such as the Encapsulated Security Payload (ESP) for the protection of upper layer protocol data. In addition, HIP DEX can also be used as a keying mechanism for security primitives at the MAC layer, e.g., for IEEE 802.15.4 networks. Home Networking (homenet) ------------------------- "Outsourcing Home Network Authoritative Naming Service", Daniel Migault, Ralf Weber, Michael Richardson, Ray Hunter, Chris Griffiths, Wouter Cloetens, 2019-11-16, The Homenet Naming authority is responsible for making devices within the home network accessible by name within the home network as well as from outside the home network (e.g. the Internet). The names of the devices accessible from the Internet are stored in the Public Homenet Zone, served by a DNS authoritative server. It is unlikely that home networks will contain sufficiently robust platforms designed to host a service such as the DNS on the Internet and as such would expose the home network to DDoS attacks. This document describes a mechanism that enables the Home Network Authority (HNA) to outsource the naming service to the Outsourcing Infrastructure via a Distribution Master (DM). "Homenet profile of the Babel routing protocol", Juliusz Chroboczek, 2018-07-18, This document defines the exact subset of the Babel routing protocol and its extensions that is required by an implementation of the Homenet protocol suite, as well as the interactions between the Home Networking Control Protocol (HNCP) and Babel. Human Rights Protocol Considerations (hrpc) ------------------------------------------- "Notes on networking standards and politics", Niels ten Oever, 2019-09-28, The IETF cannot ordain what standards or protocols are to be used on networks, but the standards development process in the IETF does have an impact on society through its normative standards setting process. This document aims to bring about a better understanding on the political nature of standards and protocols. Among other things, the IETF's work affects what is perceived as technologically possible and useful where networking technologies are being deployed, and its standards reflect what is considered by the technical community to be feasible and good practice. Whereas there might not be agreement among the Internet protocol community on the specific political nature of the technological development process and its outputs, it is generally agreed that standards and protocols are both products of a political process, and they can also be used for political means. "Freedom of Association on the Internet", Stephane Couture, Joseph Hall, Niels ten Oever, Gisela de Acha, 2019-08-22, This document establishes the link between the Internet architecture and the ability of people to exercise their right to freedom of assembly and association online. The Internet increasingly mediates our lives, our relationships and our ability to exercise our human rights. As a forum, it provides a global public space despite being built on predominantly private infrastructure. Since Internet protocols play a central role in the management, development and use of the Internet, the relation between protocols and the aforementioned rights should be analyzed and any adverse impacts should be mitigated. HTTP (httpbis) -------------- "HTTP Client Hints", Ilya Grigorik, Yoav Weiss, 2019-11-18, HTTP defines proactive content negotiation to allow servers to select the appropriate response for a given request, based upon the user agent's characteristics, as expressed in request headers. In practice, clients are often unwilling to send those request headers, because it is not clear whether they will be used, and sending them impacts both performance and privacy. This document defines an Accept-CH response header that servers can use to advertise their use of request headers for proactive content negotiation, along with a set of guidelines for the creation of such headers, colloquially known as "Client Hints." "Structured Headers for HTTP", Mark Nottingham, Poul-Henning Kamp, 2019-10-31, This document describes a set of data types and associated algorithms that are intended to make it easier and safer to define and handle HTTP header fields. It is intended for use by specifications of new HTTP header fields that wish to use a common syntax that is more restrictive than traditional HTTP field values. "Expect-CT Extension for HTTP", estark@google.com, 2018-12-09, This document defines a new HTTP header field named Expect-CT, which allows web host operators to instruct user agents to expect valid Signed Certificate Timestamps (SCTs) to be served on connections to these hosts. Expect-CT allows web host operators to discover misconfigurations in their Certificate Transparency deployments. Further, web host operaters can use Expect-CT to ensure that, if a UA which supports Expect-CT accepts a misissued certificate, that certificate will be discoverable in Certificate Transparency logs. "Secondary Certificate Authentication in HTTP/2", Mike Bishop, Nick Sullivan, Martin Thomson, 2019-11-01, A use of TLS Exported Authenticators is described which enables HTTP/2 clients and servers to offer additional certificate-based credentials after the connection is established. The means by which these credentials are used with requests is defined. "Building Protocols with HTTP", Mark Nottingham, 2019-11-01, HTTP is often used as a substrate for other application protocols (a.k.a. HTTP-based APIs). This document specifies best practices for writing specifications that use HTTP to define new application protocols, especially when they are defined for diverse implementation and broad deployment (e.g., in standards efforts). "HTTP Representation Variants", Mark Nottingham, 2019-11-03, This specification introduces an alternative way to select a HTTP response from a cache based upon its request headers, using the HTTP "Variants" and "Variant-Key" response header fields. Its aim is to make HTTP proactive content negotiation more cache-friendly. "HTTP Caching", Roy Fielding, Mark Nottingham, Julian Reschke, 2019-11-04, The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document defines HTTP caches and the associated header fields that control cache behavior or indicate cacheable response messages. This document obsoletes RFC 7234. "HTTP/1.1 Messaging", Roy Fielding, Mark Nottingham, Julian Reschke, 2019-11-04, The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document specifies the HTTP/1.1 message syntax, message parsing, connection management, and related security concerns. This document obsoletes portions of RFC 7230. "HTTP Semantics", Roy Fielding, Mark Nottingham, Julian Reschke, 2019-11-04, The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol for distributed, collaborative, hypertext information systems. This document defines the semantics of HTTP: its architecture, terminology, the "http" and "https" Uniform Resource Identifier (URI) schemes, core request methods, request header fields, response status codes, response header fields, and content negotiation. This document obsoletes RFC 2818, RFC 7231, RFC 7232, RFC 7233, RFC 7235, RFC 7538, RFC 7615, and portions of RFC 7230. "The Cache-Status HTTP Response Header", Mark Nottingham, 2019-11-04, To aid debugging, HTTP caches often append headers to a response detailing how they handled the request. This specification codifies that practice and updates it for HTTP's current caching model. "Using TLS 1.3 with HTTP/2", David Benjamin, 2019-10-17, This document updates RFC 7540 by forbidding TLS 1.3 post-handshake authentication, as an analog to the existing TLS 1.2 renegotiation restriction. "Digest Headers", Roberto Polli, Lucas Pardue, 2019-11-03, This document defines the Digest and Want-Digest header fields for HTTP, thus allowing client and server to negotiate an integrity checksum of the exchanged resource representation data. This document obsoletes RFC 3230. It replaces the term "instance" with "representation", which makes it consistent with the HTTP Semantic and Context defined in RFC 7231. "Extensible Prioritization Scheme for HTTP", Kazuho Oku, Lucas Pardue, 2019-11-20, This document describes a scheme for prioritizing HTTP responses. This scheme expresses the priority of each HTTP response using absolute values, rather than as a relative relationship between a group of HTTP responses. This document defines the Priority header field for communicating the initial priority in an HTTP version-independent manner, as well as HTTP/2 and HTTP/3 frames for reprioritizing the responses. These share a common format structure that is designed to provide future extensibility. Interface to Network Security Functions (i2nsf) ----------------------------------------------- "Interface to Network Security Functions (I2NSF) Terminology", Susan Hares, John Strassner, Diego Lopez, Liang Xia, Henk Birkholz, 2019-07-05, This document defines a set of terms that are used for the Interface to Network Security Functions (I2NSF) effort. "Information Model of NSFs Capabilities", Liang Xia, John Strassner, Cataldo Basile, Diego Lopez, 2019-04-24, This draft defines the concept of an NSF (Network Security Function) capability, as well as its information model. Capabilities are a set of features that are available from a managed entity, and are represented as data that unambiguously characterizes an NSF. Capabilities enable management entities to determine the set of features from available NSFs that will be used, and simplify the management of NSFs. "Applicability of Interfaces to Network Security Functions to Network-Based Security Services", Jaehoon Jeong, Sangwon Hyun, Tae-Jin Ahn, Susan Hares, Diego Lopez, 2019-09-16, This document describes the applicability of Interface to Network Security Functions (I2NSF) to network-based security services in Network Functions Virtualization (NFV) environments, such as firewall, deep packet inspection, or attack mitigation engines. "Software-Defined Networking (SDN)-based IPsec Flow Protection", Rafael Lopez, Gabriel Lopez-Millan, Fernando Pereniguez-Garcia, 2019-08-05, This document describes how providing IPsec-based flow protection by means of a Software-Defined Network (SDN) controller (aka. Security Controller) and establishes the requirements to support this service. It considers two main well-known scenarios in IPsec: (i) gateway-to- gateway and (ii) host-to-host. The SDN-based service described in this document allows the distribution and monitoring of IPsec information from a Security Controller to one or several flow-based Network Security Function (NSF). The NSFs implement IPsec to protect data traffic between network resources. The document focuses on the NSF Facing Interface by providing models for configuration and state data required to allow the Security Controller to configure the IPsec databases (SPD, SAD, PAD) and IKEv2 to establish Security Associations with a reduced intervention of the network administrator. "I2NSF Consumer-Facing Interface YANG Data Model", Jaehoon Jeong, Chaehong Chung, Tae-Jin Ahn, Rakesh Kumar, Susan Hares, 2019-11-04, This document describes an information model and a YANG data model for the Consumer-Facing Interface between an Interface to Network Security Functions (I2NSF) User and Security Controller in an I2NSF system in a Network Functions Virtualization (NFV) environment. The information model defines various types of managed objects and the relationship among them needed to build the interface. The information model is organized based on the "Event-Condition-Action" (ECA) policy model defined by a capability information model for I2NSF [i2nsf-capability-im], and the data model is defined for enabling different users of a given I2NSF system to define, manage, and monitor security policies for specific flows within an administrative domain. "I2NSF Network Security Function-Facing Interface YANG Data Model", Jinyong Kim, Jaehoon Jeong, J., PARK, Susan Hares, Qiushi Lin, 2019-11-04, This document defines a YANG data model for configuring security policy rules on Network Security Functions (NSF) in the Interface to Network Security Functions (I2NSF) framework. The YANG data model in this document corresponds to the information model for NSF-Facing Interface in the I2NSF framework. "I2NSF Capability YANG Data Model", Susan Hares, Jaehoon Jeong, Jinyong Kim, Robert Moskowitz, Qiushi Lin, 2019-07-25, This document defines a YANG data model for the capabilities of various Network Security Functions (NSFs) in the Interface to Network Security Functions (I2NSF) framework to centrally manage the capabilities of the various NSFs. "I2NSF Registration Interface YANG Data Model", Sangwon Hyun, Jaehoon Jeong, TaeKyun Roh, Sarang Wi, J., PARK, 2019-07-24, This document defines an information model and a YANG data model for Registration Interface between Security Controller and Developer's Management System (DMS) in the Interface to Network Security Functions (I2NSF) framework to register Network Security Functions (NSF) of the DMS into the Security Controller. The objective of these information and data models is to support NSF capability registration and query via I2NSF Registration Interface. "I2NSF NSF Monitoring YANG Data Model", Jaehoon Jeong, Chaehong Chung, Susan Hares, Liang Xia, Henk Birkholz, 2019-11-04, This document proposes an information model and the corresponding YANG data model for monitoring Network Security Functions (NSFs) in the Interface to Network Security Functions (I2NSF) framework. If the monitoring of NSFs is performed in a comprehensive way, it is possible to detect the indication of malicious activity, anomalous behavior or the potential sign of denial of service attacks in a timely manner. This monitoring functionality is based on the monitoring information that is generated by NSFs. Thus, this document describes not only an information model for monitoring NSFs along with a YANG data diagram, but also the corresponding YANG data model for monitoring NSFs. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: "This version of this YANG module is part of RFC 6087;" "RFC XXXX: I2NSF NSF Monitoring YANG Data Model" "reference: RFC 6087" Please update the "revision" date of the YANG module. Interface to the Routing System (i2rs) -------------------------------------- "A YANG Data Model for Layer-2 Network Topologies", Jie Dong, Xiugang Wei, Qin WU, Mohamed Boucadair, Anders Liu, 2019-10-15, This document defines a YANG data model for Layer 2 network topologies. Editorial Note (To be removed by RFC Editor) Please update these statements within the document with the RFC number to be assigned to this document: o "This version of this YANG module is part of RFC XXXX;" o "RFC XXXX: A YANG Data Model for Layer-2 Network Topologies"; o reference: RFC XXXX Please update the "revision" date of the YANG module. Internet Architecture Board (iab) --------------------------------- "The Harmful Consequences of the Robustness Principle", Martin Thomson, 2019-11-03, The robustness principle, often phrased as "be conservative in what you send, and liberal in what you accept", has long guided the design and implementation of Internet protocols. The posture this statement advocates promotes interoperability in the short term, but can negatively affect the protocol ecosystem over time. For a protocol that is actively maintained, the robustness principle can, and should, be avoided. "Principles for Operation of Internet Assigned Numbers Authority (IANA) Registries", Russ Housley, Olaf Kolkman, 2019-06-26, This document provides principles for the operation of Internet Assigned Numbers Authority (IANA) registries. "Fifty Years of RFCs", Heather Flanagan, 2019-08-09, This RFC marks the fiftieth anniversary for the RFC Series. It includes both retrospective material from individuals involved at key inflection points, as well as a review of the current state of affairs. It concludes with thoughts on possibilities for the next fifty years for the Series. This document updates the perspectives offered in RFCs 2555 and 5540. "Long-term Viability of Protocol Extension Mechanisms", Martin Thomson, 2019-08-07, The ability to change protocols depends on exercising the extension and version negotiation mechanisms that support change. Protocols that don't use these mechanisms can find that deploying changes can be difficult and costly. "The Internet is for End Users", Mark Nottingham, 2019-11-17, This document explains why the IAB believes the IETF should consider end users as its highest priority concern, and how that can be done. "Report from the IAB Workshop on Exploring Synergy between Content Aggregation and the Publisher Ecosystem (ESCAPE)", Martin Thomson, Mark Nottingham, 2019-09-18, The Exploring Synergy between Content Aggregation and the Publisher Ecosystem (ESCAPE) Workshop was convened by the Internet Architecture Board (IAB) in July 2019. This report summarizes its significant points of discussion and identifies topics that may warrant further consideration. IETF Administrative Support Activity 2 (iasa2) ---------------------------------------------- "Update to the Process for Selection of Trustees for the IETF Trust", Jari Arkko, Ted Hardie, 2019-02-04, This memo updates the process for selection of trustees for the IETF Trust. Previously, the Internet Administrative Oversight Committee (IAOC) members also acted as trustees, but the IAOC has been eliminated as part of an update of the structure of the Internet Administrative Support Activity (IASA). This memo specifies that the trustees shall be selected separately. This memo obsoletes RFC 4371. The changes relate only to the selection of trustees. All other aspects of the IETF Trust remain as they are today. "Discussion of the IASA 2.0 Changes as They Relate to the IETF Trust", Jari Arkko, 2018-10-11, This document is published to capture the rationale for the changes introduced in RFC NNNN (RFC Editor: please replace NNNN with the RFC number of [I-D.ietf-iasa2-trust-update]), Update to the Process for Selection of Trustees for the IETF Trust. At the time RFC NNNN was published, IETF administrative structure changes ("IASA 2.0") had an impact on the IETF Trust because members of the IETF Administrative Oversight Committee (IAOC), which was being phased out, had served as Trustees of the IETF Trust. This document provides background on the past IETF Trust arrangements, explains the effect of the rules in the founding documents during the transition to the new arrangement, and provides a rationale for the update. "Advice to the Trustees of the IETF Trust on Rights to Be Granted in IETF Documents", Joel Halpern, 2019-08-21, Contributors grant intellectual property rights to the IETF. The IETF Trust holds and manages those rights on behalf of the IETF. The Trustees of the IETF Trust are responsible for that management. This management includes granting the licenses to copy, implement, and otherwise use IETF Contributions, among them Internet-Drafts and RFCs. The Trustees of the IETF Trust accept direction from the IETF regarding the rights to be granted. This document describes the desires of the IETF regarding outbound rights to be granted in IETF Contributions. This document obsoletes RFC 5377 solely for the purpose of removing references to the IAOC which was part of IASA. "Update to the IETF Anti-Harassment Procedures for the Replacement of the IAOC with the IETF Administration LLC", Pete Resnick, Adrian Farrel, 2019-09-14, The IETF Anti-Harassment Procedures are described in RFC 7776. The IETF Administrative Oversight Committee (IAOC) has been replaced by the IETF Administration LLC, and the IETF Administrative Director has been replaced by the IETF LLC Executive Director. This document updates RFC 7776 to amend these terms. RFC 7776 contained updates to RFC 7437. draft-ietf-iasa2-rfc7437bis has incorporated those updates, so this document also updates RFC 7776 to remove those updates. NOTE for RFC Editor and Readers of this Document When published as an RFC o All references to and mentions of draft-ietf-iasa2-rfc7437bis in this document should be replaced by the RFC that results from draft-ietf-iasa2-rfc7437bis. o The string "XXXX" should be replaced with the RFC number assigned to the RFC that results from draft-ietf-iasa2-rfc7437bis. o This note should be removed. *** END OF NOTE *** "IAB, IESG, IETF Trust and IETF LLC Selection, Confirmation, and Recall Process: Operation of the IETF Nominating and Recall Committees", Murray Kucherawy, Robert Hinden, Jason Livingood, 2019-07-11, The process by which the members of the IAB and IESG, some Trustees of the IETF Trust, and some Directors of the IETF LLC are selected, confirmed, and recalled is specified in this document. This document is based on RFC7437. Only those updates required to reflect the changes introduced by IASA 2.0 have been included. Any other changes will be addressed in future documents. This document obsoletes RFC7437 and RFC8318. "Consolidated IASA 2.0 Updates of IETF Administrative Terminology", John Klensin, 2019-03-11, In 2018, the IETF began the transition to a new administrative structure and updated its IETF Administrative Support Activity (IASA) to a new "IASA 2.0" structure. In addition to more substantive changes that are described in other documents, the transition to the 2018 IETF Administrative Support structure changes several position titles and organizational relationships that are referenced elsewhere. Rather than reissue those referencing documents individually, this specification provides updates to them and deprecates some now-obsolete documents to ensure that there is no confusion due to these changes. "The IETF-ISOC Relationship", Gonzalo Camarillo, Jason Livingood, 2019-08-27, This document summarises the Internet Engineering Task Force (IETF) - Internet Society (ISOC) relationship, following a major revision to the structure of the IETF Administrative Support Activity (IASA) in 2018. The IASA was revised under a new "IASA 2.0" structure by the IASA2 Working Group, which changed the IETF's administrative, legal, and financial structure. As a result, it also changed the relationship between the IETF and ISOC, which made it necessary to revise RFC 2031. "Structure of the IETF Administrative Support Activity, Version 2.0", Brian Haberman, Joseph Hall, Jason Livingood, 2019-04-12, The IETF Administrative Support Activity (IASA) was originally established in 2005. In the years since then, the needs of the IETF evolved in ways that required changes to its administrative structure. The purpose of this document is to document and describe the IETF Administrative Support Activity, version 2 (IASA 2.0). It defines the roles and responsibilities of the IETF Administration LLC Board, the IETF Executive Director, and the Internet Society in the fiscal and administrative support of the IETF standards process. It also defines the membership and selection rules for the IETF Administration LLC Board. This document obsoletes RFC 4071, RFC 4333, and RFC 7691. Interactive Connectivity Establishment (ice) -------------------------------------------- "Trickle ICE: Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (ICE) Protocol", Emil Ivov, Eric Rescorla, Justin Uberti, Peter Saint-Andre, 2018-04-15, This document describes "Trickle ICE", an extension to the Interactive Connectivity Establishment (ICE) protocol that enables ICE agents to begin connectivity checks while they are still gathering candidates, by incrementally exchanging candidates over time instead of all at once. This method can considerably accelerate the process of establishing a communication session. "Interactive Connectivity Establishment Patiently Awaiting Connectivity (ICE PAC)", Christer Holmberg, Justin Uberti, 2019-10-13, During the process of establishing peer-to-peer connectivity, ICE agents can encounter situations where they have no candidate pairs to check, and, as a result, conclude that ICE processing has failed. However, because additional candidate pairs can be discovered during ICE processing, declaring failure at this point may be premature. This document discusses when these situations can occur and proposes a way to avoid premature failure. This document updates RFC 8445 and RFC XXXX. [RFC EDITOR NOTE: Please replace RFC XXXX with the RFC number of draft-ietf-ice-trickle once it has been published. Please also indicate that this specification updates RFC XXXX.] Information-Centric Networking (icnrg) -------------------------------------- "Research Directions for Using ICN in Disaster Scenarios", Jan Seedorf, Mayutan Arumaithurai, Atsushi Tagami, K. Ramakrishnan, Nicola Blefari-Melazzi, 2019-11-26, Information Centric Networking (ICN) is a new paradigm where the network provides users with named content, instead of communication channels between hosts. This document outlines some research directions for Information Centric Networking with respect to applying ICN approaches for coping with natural or human-generated, large-scale disasters. This document is a product of the Information-Centric Networking Research Group (ICNRG). "File-Like ICN Collections (FLIC)", Christian Tschudin, Christopher Wood, Marc Mosko, David Oran, 2019-11-04, This document describes a bare bones "index table"-approach for organizing a set of ICN data objects into a large, File-Like ICN Collection (FLIC). At the core of this collection is a so called manifest which acts as the collection's root node. The manifest contains an index table with pointers, each pointer being a hash value pointing to either a final data block or another index table node. "Information-Centric Networking (ICN): CCNx and NDN Terminology", Bastiaan Wissingh, Christopher Wood, Alex Afanasyev, Lixia Zhang, David Oran, Christian Tschudin, 2019-11-02, Information Centric Networking (ICN) is a novel paradigm where network communications are accomplished by requesting named content, instead of sending packets to destination addresses. Named Data Networking (NDN) and Content-Centric Networking (CCNx) are two prominent ICN architectures. This document provides an overview of the terminology and definitions that have been used in describing concepts in these two implementations of ICN. While there are other ICN architectures, they are not part of the NDN and CCNx concepts and as such are out of scope for this document. This document is a product of the Information-Centric Networking Research Group (ICNRG). "Native Deployment of ICN in LTE, 4G Mobile Networks", Prakash suthar, Milan Stolic, Anil Jangam, Dirk Trossen, Ravi Ravindran, 2019-11-04, LTE, 4G mobile networks use IP-based transport for control plane to establish the data session and user plane for actual data delivery. In existing architecture, IP transport used in the user plane is not optimized for data transport, which leads to an inefficient data delivery. IP unicast routing from server to clients is used for delivery of multimedia content to User Equipment (UE), where each user gets a separate stream. From a bandwidth and routing perspective, this approach is inefficient. Multicast and broadcast technologies have emerged recently for mobile networks, but their deployments are very limited or at an experimental stage due to complex architecture and radio spectrum issues. ICN is a rapidly emerging technology with built-in features for efficient multimedia data delivery. However much of the work is focused on fixed networks. The focus of this draft is on native deployment of ICN in cellular mobile networks by using ICN in a 3GPP protocol stack. ICN has an inherent capability for multicast, anchorless mobility and security, and it is optimized for data delivery using local caching at the edge. The proposed approaches in this draft allow ICN to be enabled natively over the current LTE stack comprising PDCP/RLC/MAC/ PHY, or in a dual stack mode (along with IP). These approaches can help optimize the mobile networks by leveraging the inherent benefits of ICN. "Deployment Considerations for Information-Centric Networking (ICN)", Akbar Rahman, Dirk Trossen, Dirk Kutscher, Ravi Ravindran, 2019-09-03, Information-Centric Networking (ICN) is now reaching technological maturity after many years of fundamental research and experimentation. This document provides a number of deployment considerations in the interest of helping the ICN community move forward to the next step of live deployments. First, the major deployment configurations for ICN are described including the key overlay and underlay approaches. Then proposed deployment migration paths are outlined to address major practical issues such as network and application migration. Next, selected ICN trial experiences are summarized. Finally, protocol areas that require further standardization are identified to facilitate future interoperable ICN deployments. This document is a product of the Information-Centric Networking Research Group (ICNRG). "MAP-Me : Managing Anchorless Mobility in Content Centric Networking", Jordan Auge, Giovanna Carofiglio, Luca Muscariello, Michele Papalini, 2019-11-03, Consumer mobility is supported in ICN by design, in virtue of its connectionless pull-based communication model; producer mobility though is not natively supported. This document describes MAP-Me, an anchor-less solution to manage micro-mobility of content producers in the CCN (Content Centric Networking) and NDN (Named Data Networking) architectures, with support for latency-sensitive applications. MAP- Me consists in the combination of two data plane protocols, triggered by producer movements, and leveraging ICN named-based data plane. The main protocol consists in a lightweight FIB update process, complemented by a mechanism of local notification and scoped discovery suitable for low latency applications and fast mobility. "CCNinfo: Discovering Content and Network Information in Content-Centric Networks", Hitoshi Asaeda, Atsushi Ooka, Xun Shao, 2019-07-08, This document describes a mechanism named "CCNinfo" that discovers information about the network topology and in-network cache in Content-Centric Networks (CCN). CCNinfo investigates: 1) the CCN routing path information per name prefix, 2) the Round-Trip Time (RTT) between content forwarder and consumer, and 3) the states of in-network cache per name prefix. "Design Guidelines for Name Resolution Service in ICN", Jungha Hong, Taewan You, Yong-Geun Hong, Lijun Dong, Cedric Westphal, Borje Ohlman, 2019-11-04, This document discusses the functionalities and design guidelines for Name Resolution Service (NRS) in ICN. The NRS in ICN is to translate an object name into some other information such as a locator, another name, etc. for forwarding the object request. "Architectural Considerations of ICN using Name Resolution Service", Jungha Hong, Taewan You, Yong-Geun Hong, Ved Kafle, 2019-11-04, This document discusses architectural considerations and implications of Information-Centric Networking (ICN) related to the usage of the Name Resolution Service (NRS). It describes how ICN architectures may change and what implications are introduced within the ICN routing system when NRS is integrated into ICN. "ICN Adaptation to LowPAN Networks (ICN LoWPAN)", Cenk Gundogan, Thomas Schmidt, Matthias Waehlisch, Christopher Scherb, Claudio Marxer, Christian Tschudin, 2019-11-04, This document defines a convergence layer for CCNx and NDN over IEEE 802.15.4 LoWPAN networks. A new frame format is specified to adapt CCNx and NDN packets to the small MTU size of IEEE 802.15.4. For that, syntactic and semantic changes to the TLV-based header formats are described. To support compatibility with other LoWPAN technologies that may coexist on a wireless medium, the dispatching scheme provided by 6LoWPAN is extended to include new dispatch types for CCNx and NDN. Additionally, the link fragmentation component of the 6LoWPAN dispatching framework is applied to ICN chunks. In its second part, the document defines stateless and stateful compression schemes to improve efficiency on constrained links. Stateless compression reduces TLV expressions to static header fields for common use cases. Stateful compression schemes elide state local to the LoWPAN and replace names in data packets by short local identifiers. "Internet Protocol Tunneling over Content Centric Mobile Networks", Greg White, Susmit Shannigrahi, Chengyu Fan, 2019-08-02, This document describes a protocol that enables tunneling of Internet Protocol traffic over a Content Centric Network (CCN) or a Named Data Network (NDN). The target use case for such a protocol is to provide an IP mobility plane for mobile networks that might otherwise use IP- over-IP tunneling, such as the GPRS Tunneling Protocol (GTP) used by the Evolved Packet Core in LTE networks (LTE-EPC). By leveraging the elegant, built-in support for mobility provided by CCN or NDN, this protocol achieves performance on par with LTE-EPC, equivalent efficiency, and substantially lower implementation and protocol complexity [Shannigrahi]. Furthermore, the use of CCN/NDN for this purpose paves the way for the deployment of ICN native applications on the mobile network. "Enabling ICN in 3GPP's 5G NextGen Core Architecture", Ravi Ravindran, Prakash suthar, Dirk Trossen, Chonggang Wang, Greg White, 2019-11-27, The proposed 3GPP's 5G core nextgen architecture (5GC) allows the introduction of new user and control plane function, considering the support for network slicing functions, that offers greater flexibility to handle heterogeneous devices and applications. In this draft, we provide a short description of the proposed 5GC architecture, including recent efforts to provide cellular Local Area Network (LAN) connectivity, followed by extensions to 5GC's control and user plane to support Packet Data Unit (PDU) sessions from Information-Centric Networks (ICN). In addition, ICN over 5GLAN is also described. Inter-Domain Routing (idr) -------------------------- "BGP Bestpath Selection Criteria Enhancement", Rajiv Asati, 2019-06-05, BGP specification (RFC4271) prescribes 'BGP next-hop reachability' as one of the key 'Route Resolvability Condition' that must be satisfied before the BGP bestpath candidate selection. This condition, however, may not be sufficient (as explained in the Appendix section) and would desire further granularity. This document defines enhances the "Route Resolvability Condition" to facilitate the next-hop to be resolved in the chosen data plane. "Extended Optional Parameters Length for BGP OPEN Message", Enke Chen, John Scudder, 2019-11-18, The Optional Parameters in the BGP OPEN message as defined in the base BGP specification are limited to 255 octets due to a one-octet length field. BGP Capabilities are carried in this field and may foreseeably exceed 255 octets in the future, leading to concern about this limitation. In this document we update RFC 4271 by extending, in a backward- compatible manner, the length of the Optional Parameters in the BGP OPEN. The Parameter Length field of individual Optional Parameters is also extended. "Dissemination of Flow Specification Rules for IPv6", Christoph Loibl, Robert Raszuk, Susan Hares, 2019-11-03, Dissemination of Flow Specification Rules [I-D.ietf-idr-rfc5575bis] provides a protocol extension for propagation of traffic flow information for the purpose of rate limiting or filtering. The [I-D.ietf-idr-rfc5575bis] specifies those extensions for IPv4 protocol data packets only. This specification extends [I-D.ietf-idr-rfc5575bis] and defines changes to the original document in order to make it also usable and applicable to IPv6 data packets. "BGP Optimal Route Reflection (BGP-ORR)", Robert Raszuk, Christian Cassar, Erik Aman, Bruno Decraene, Kevin Wang, 2019-07-08, This document proposes a solution for BGP route reflectors to allow them to choose the best path for their clients that the clients themselves would have chosen under the same conditions, without requiring further state or any new features to be placed on the clients. This facilitates, for example, best exit point policy (hot potato routing). This solution is primarily applicable in deployments using centralized route reflectors. The solution relies upon all route reflectors learning all paths which are eligible for consideration. Best path selection is performed in each route reflector based on a configured virtual location in the IGP. The location can be the same for all clients or different per peer/update group or per peer. Best path selection can also be performed based on user configured policies in each route reflector. "Revised Validation Procedure for BGP Flow Specifications", Jim Uttaro, Juan Alcaide, Clarence Filsfils, David Smith, Prodosh Mohapatra, 2019-08-09, This document describes a modification to the validation procedure defined in [RFC5575bis] for the dissemination of BGP Flow Specifications. [RFC5575bis] requires that the originator of the Flow Specification matches the originator of the best-match unicast route for the destination prefix embedded in the Flow Specification. This allows only BGP speakers within the data forwarding path (such as autonomous system border routers) to originate BGP Flow Specifications. Though it is possible to disseminate such Flow Specifications directly from border routers, it may be operationally cumbersome in an autonomous system with a large number of border routers having complex BGP policies. The modification proposed herein enables Flow Specifications to be originated from a centralized BGP route controller. "Distribution of Traffic Engineering (TE) Policies and State using BGP-LS", Stefano Previdi, Ketan Talaulikar, Jie Dong, Mach Chen, Hannes Gredler, Jeff Tantsura, 2019-10-14, This document describes a mechanism to collect the Traffic Engineering and Policy information that is locally available in a node and advertise it into BGP Link State (BGP-LS) updates. Such information can be used by external components for path computation, re-optimization, service placement, network visualization, etc. "Route Target Constrained Distribution of Routes with no Route Targets", Eric Rosen, Keyur Patel, Jeffrey Haas, Robert Raszuk, 2019-10-01, There are a variety of BGP-enabled services in which the originator of a BGP route may attach one or more "Route Targets" to the route. By means of a procedure known as "RT Constrained Distribution" (RTC), a given BGP speaker (call it "B") can announce the set of RTs in which it has interest. The implication is that if a particular route (call it "R") carries any RTs at all, BGP speaker B wants to receive route R if and only if B has announced interest in one of the RTs carried by R. However, if route R does not carry any RTs at all, prior specifications do not make it clear whether B's use of RTC implies that it does not want to receive route R. This has caused interoperability problems in the field, as some implementations of RTC do not allow B to receive R, but some services presuppose that B will receive R. This document updates RFC 4684 by clarifying the effect of the RTC mechanism on routes that do not have any RTs. "Performance-based BGP Routing Mechanism", Xiaohu Xu, Shraddha Hegde, Ketan Talaulikar, Mohamed Boucadair, Christian Jacquenet, 2019-10-13, The current BGP specification doesn't use network performance metrics (e.g., network latency) in the route selection decision process. This document describes a performance-based BGP routing mechanism in which network latency metric is taken as one of the route selection criteria. This routing mechanism is useful for those server providers with global reach to deliver low-latency network connectivity services to their customers. "BGP Dissemination of L2VPN Flow Specification Rules", Hao Weiguo, Donald Eastlake, Jim Uttaro, Stephane Litkowski, Shunwan Zhuang, 2019-11-03, This document defines a Border Gateway Protocol (BGP) Flow-spec extension to disseminate Layer 2 Virtual Private Network (L2VPN) Ethernet traffic filtering rules. AFI=25 SAFI=134 is used for this purpose. New component types and an extended community also are defined. "Distribution of Traffic Engineering Extended Admin Groups using BGP-LS", Zitao Wang, Qin WU, Jeff Tantsura, Ketan Talaulikar, 2019-11-21, Administrative groups (commonly referred to as "colors" or "link colors") are link attributes that are advertised by link state protocols like IS-IS (Intermediate System to Intermediate System) and OSPF (Open Shortest Path First) and used for traffic engineering. These administrative groups have initially been defined as a fixed- length 32-bit bitmask. As networks grew and more use-cases were introduced, the 32-bit length was found to be constraining and hence extended administrative groups were introduced in the link state protocols. The 32-bit administrative groups are already advertised as link attributes in BGP-LS (Border Gateway Protocol Link-State). This document defines extensions to BGP-LS for advertisement of the extended administrative groups. "BGP-LS extensions for Segment Routing BGP Egress Peer Engineering", Stefano Previdi, Ketan Talaulikar, Clarence Filsfils, Keyur Patel, Saikat Ray, Jie Dong, 2019-05-16, Segment Routing (SR) leverages source routing. A node steers a packet through a controlled set of instructions, called segments, by prepending the packet with an SR header. A segment can represent any instruction, topological or service-based. SR segments allow steering a flow through any topological path and service chain while maintaining per-flow state only at the ingress node of the SR domain. This document describes an extension to BGP Link-State (BGP-LS) for advertisement of BGP Peering Segments along with their BGP peering node information so that efficient BGP Egress Peer Engineering (EPE) policies and strategies can be computed based on Segment Routing. "Making Route Servers Aware of Data Link Failures at IXPs", Randy Bush, Jeffrey Haas, John Scudder, Arnold Nipper, Christoph Dietzel, 2019-09-02, When BGP route servers are used, the data plane is not congruent with the control plane. Therefore, peers at an Internet exchange can lose data connectivity without the control plane being aware of it, and packets are lost. This document proposes the use of a newly defined BGP Subsequent Address Family Identifier (SAFI) both to allow the route server to request its clients use BFD to track data plane connectivity to their peers' addresses, and for the clients to signal that connectivity state back to the route server. "BGP YANG Model for Service Provider Networks", Mahesh Jethanandani, Keyur Patel, Susan Hares, Jeffrey Haas, 2019-10-04, This document defines a YANG data model for configuring and managing BGP, including protocol, policy, and operational aspects, such as RIB, based on data center, carrier and content provider operational requirements. "The BGP Tunnel Encapsulation Attribute", Keyur Patel, Gunter Van de Velde, Srihari Ramachandra, 2019-12-01, RFC 5512 defines a BGP Path Attribute known as the "Tunnel Encapsulation Attribute". This attribute allows one to specify a set of tunnels. For each such tunnel, the attribute can provide the information needed to create the tunnel and the corresponding encapsulation header. The attribute can also provide information that aids in choosing whether a particular packet is to be sent through a particular tunnel. RFC 5512 states that the attribute is only carried in BGP UPDATEs that have the "Encapsulation Subsequent Address Family (Encapsulation SAFI)". This document deprecates the Encapsulation SAFI (which has never been used in production), and specifies semantics for the attribute when it is carried in UPDATEs of certain other SAFIs. This document adds support for additional tunnel types, and allows a remote tunnel endpoint address to be specified for each tunnel. This document also provides support for specifying fields of any inner or outer encapsulations that may be used by a particular tunnel. This document obsoletes RFC 5512. "BGP Dissemination of Flow Specification Rules for Tunneled Traffic", Donald Eastlake, Hao Weiguo, Shunwan Zhuang, Zhenbin Li, Rong Gu, 2019-11-04, This draft specifies a Border Gateway Protocol Network Layer Reachability Information (BGP NLRI) encoding format for flow specifications (RFC 5575bis) that can match on a variety of tunneled traffic. In addition, flow specification components are specified for certain tunneling header fields. "Applying BGP flowspec rules on a specific interface set", Stephane Litkowski, Adam Simpson, Keyur Patel, Jeffrey Haas, Lucy Yong, 2019-11-18, The BGP Flow Specification (flowspec) Network Layer Reachability Information (BGP NLRI) extension (draft-ietf-idr-rfc5575bis) is used to distribute traffic flow specifications into BGP. The primary application of this extension is the distribution of traffic filtering policies for the mitigation of distributed denial of service (DDoS) attacks. By default, flow specification filters are applied on all forwarding interfaces that are enabled for use by the BGP flowspec extension. A network operator may wish to apply a given filter selectively to a subset of interfaces based on an internal classification scheme. Examples of this include "all customer interfaces", "all peer interfaces", "all transit interfaces", etc. This document defines BGP Extended Communities (RFC4360) that allow such filters to be selectively applied to sets of forwarding interfaces sharing a common group identifier. The BGP Extended Communities carrying this group identifier are referred to as the BGP Flowspec "interface-set" Extended Communities. "Flowspec Indirection-id Redirect", Gunter Van de Velde, Keyur Patel, Zhenbin Li, 2019-10-29, This document defines a new extended community known as "FlowSpec Redirect to indirection-id Extended Community". This extended community triggers advanced redirection capabilities to flowspec clients. When activated, this flowspec extended community is used by a flowspec client to retrieve the corresponding next-hop and encoding information within a localised indirection-id mapping table. The functionality detailed in this document allows a network controller to decouple the BGP flowspec redirection instruction from the operation of the available paths. "BGP Link-State extensions for Segment Routing", Stefano Previdi, Ketan Talaulikar, Clarence Filsfils, Hannes Gredler, Mach Chen, 2019-06-27, Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of topological sub-paths, called "segments". These segments are advertised by routing protocols e.g. by the link state routing protocols (IS-IS, OSPFv2 and OSPFv3) within IGP topologies. This document defines extensions to the BGP Link-state address-family in order to carry segment routing information via BGP. "Dissemination of Flow Specification Rules", Christoph Loibl, Susan Hares, Robert Raszuk, Danny McPherson, Martin Bacher, 2019-11-04, This document obsoletes both RFC5575 and RFC7674. This document defines a Border Gateway Protocol Network Layer Reachability Information (BGP NLRI) encoding format, that can be used to distribute traffic Flow Specifications. This allows the routing system to propagate information regarding more specific components of the traffic aggregate defined by an IP destination prefix. It also specifies BGP Extended Community encoding formats, that can be used to propagate Traffic Filtering Actions along with the Flow Specification NLRI. Those Traffic Filtering Actions encode actions a routing system can take if the packet matches the Flow Specification. Additionally, it defines two applications of that encoding format: one that can be used to automate inter-domain coordination of traffic filtering, such as what is required in order to mitigate (distributed) denial-of-service attacks, and a second application to provide traffic filtering in the context of a BGP/MPLS VPN service. Other applications (ie. centralized control of traffic in a SDN or NFV context) are also possible. Other drafts specify IPv6, MPLS addresses, L2VPN addresses, and NV03 encapsulation of IP addresses as Flow Specification extensions. The information is carried via the BGP, thereby reusing protocol algorithms, operational experience, and administrative processes such as inter-provider peering agreements. "Route Leak Prevention using Roles in Update and Open messages", Alexander Azimov, Eugene Bogomazov, Randy Bush, Keyur Patel, Kotikalapudi Sriram, 2019-07-08, Route Leaks are the propagation of BGP prefixes which violate assumptions of BGP topology relationships; e.g. passing a route learned from one peer to another peer or to a transit provider, passing a route learned from one transit provider to another transit provider or to a peer. Today, approaches to leak prevention rely on marking routes by operator configuration, with no check that the configuration corresponds to that of the BGP neighbor, or enforcement that the two BGP speakers agree on the relationship. This document enhances BGP OPEN to establish agreement of the (peer, customer, provider, Route Server, Route Server client) relationship of two neighboring BGP speakers to enforce appropriate configuration on both sides. Propagated routes are then marked with an OTC attribute according to the agreed relationship, allowing both prevention and detection of route leaks. "Signaling MSD (Maximum SID Depth) using Border Gateway Protocol Link-State", Jeff Tantsura, Uma Chunduri, Ketan Talaulikar, Gregory Mirsky, Nikos Triantafillis, 2019-10-15, This document defines a way for a Border Gateway Protocol Link-State (BGP-LS) speaker to advertise multiple types of supported Maximum SID Depths (MSDs) at node and/or link granularity. Such advertisements allow entities (e.g., centralized controllers) to determine whether a particular Segment Identifier (SID) stack can be supported in a given network. "Advertising Segment Routing Policies in BGP", Stefano Previdi, Clarence Filsfils, Ketan Talaulikar, Paul Mattes, Eric Rosen, Dhanendra Jain, Steven Lin, 2019-11-18, This document defines a new BGP SAFI with a new NLRI in order to advertise a candidate path of a Segment Routing (SR) Policy. An SR Policy is a set of candidate paths, each consisting of one or more segment lists. The headend of an SR Policy may learn multiple candidate paths for an SR Policy. Candidate paths may be learned via a number of different mechanisms, e.g., CLI, NetConf, PCEP, or BGP. This document specifies the way in which BGP may be used to distribute SR Policy candidate paths. New sub-TLVs for the Tunnel Encapsulation Attribute are defined for signaling information about these candidate paths. "Signalling ERLD using BGP-LS", Gunter Van de Velde, Wim Henderickx, Matthew Bocci, Keyur Patel, 2019-08-20, This document defines the attribute encoding to use for BGP-LS to expose ERLD "Entropy capable Readable Label Depth" from a node to a centralised controller (PCE/SDN). "Extended BGP Administrative Shutdown Communication", Job Snijders, Jakob Heitz, John Scudder, Alexander Azimov, 2019-10-16, This document enhances the BGP Cease NOTIFICATION message "Administrative Shutdown" and "Administrative Reset" subcodes for operators to transmit a short freeform message to describe why a BGP session was shutdown or reset. This document updates RFC 4486 and obsoletes RFC 8203 by defining an Extended BGP Administrative Shutdown Communication to improve communication using multibyte character sets. "BGP-LS Extension for Inter-AS Topology Retrieval", Aijun Wang, Huaimo Chen, Ketan Talaulikar, Shunwan Zhuang, Shaowen Ma, 2019-09-29, This document describes the process to build Border Gateway Protocol- Link State (BGP-LS) key parameters in inter-domain scenario, defines one new BGP-LS Network Layer Reachability Information (NLRI) type (Stub Link NLRI) and some new inter Autonomous (inter-AS) Traffic Engineering (TE) related Type-Length-Values (TLVs) for BGP-LS to let Software Definition Network (SDN) controller retrieve the network topology automatically under various inter-AS environments. Such extension and process can enable the network operator to collect the interconnect information between different domains and then calculate the overall network topology automatically based on the information provided by BGP-LS protocol. "Revision to Capability Codes Registration Procedures", John Scudder, 2019-10-15, This document updates RFC 5492 by making a change to the registration procedures for BGP Capability Codes. Specifically, the range formerly designated "Reserved for Private Use" is divided into three new ranges, respectively designated as "First Come First Served", "Experimental" and "Reserved". "BGP Link State Extensions for SRv6", Gaurav Dawra, Clarence Filsfils, Ketan Talaulikar, Mach Chen, daniel.bernier@bell.ca, Bruno Decraene, 2019-07-07, Segment Routing IPv6 (SRv6) allows for a flexible definition of end- to-end paths within various topologies by encoding paths as sequences of topological or functional sub-paths, called "segments". These segments are advertised by the various protocols such as BGP, ISIS and OSPFv3. BGP Link-state (BGP-LS) address-family solution for SRv6 is similar to BGP-LS for SR for MPLS dataplane. This draft defines extensions to the BGP-LS to advertise SRv6 Segments along with their functions and other attributes via BGP. "Application Specific Attributes Advertisement with BGP Link-State", Ketan Talaulikar, Peter Psenak, Jeff Tantsura, 2019-11-16, Various link attributes have been defined in link-state routing protocols like OSPF and IS-IS in the context of the MPLS Traffic Engineering (TE) and GMPLS. BGP Link-State (BGP-LS) extensions have been defined to distribute these attributes along with other topology information from these link-state routing protocols. Many of these link attributes can be used for applications other than MPLS TE or GMPLS. Extensions to link-state routing protocols have been defined for such link attributes which enable distribution of their application specific values. This document defines extensions to BGP-LS address- family to enable advertisement of these application specific attributes as a part of the topology information from the network. "Flexible Algorithm Definition Advertisement with BGP Link-State", Ketan Talaulikar, Peter Psenak, Shawn Zandi, Gaurav Dawra, 2019-07-08, Flexible Algorithm is a solution that allows routing protocols (viz. OSPF and IS-IS) to compute paths over a network based on user-defined (and hence, flexible) constraints and metrics. The computation is performed by routers participating in the specific network in a distribute manner using a Flex Algorithm definition. This definition provisioned on one or more routers and propagated (viz. OSPF and IS- IS flooding) through the network. BGP Link-State (BGP-LS) enables the collection of various topology information from the network. This draft defines extensions to BGP- LS address-family to advertise the Flexible Algorithm Definition as a part of the topology information from the network. "BGP Link-State Extensions for Seamless BFD", Zhenbin Li, Shunwan Zhuang, Ketan Talaulikar, Sam Aldrin, Jeff Tantsura, Gregory Mirsky, 2019-11-01, Seamless Bidirectional Forwarding Detection (S-BFD) defines a simplified mechanism to use Bidirectional Forwarding Detection (BFD) with large portions of negotiation aspects eliminated, thus providing benefits such as quick provisioning as well as improved control and flexibility to network nodes initiating the path monitoring. The link-state routing protocols (IS-IS and OSPF) have been extended to advertise the Seamless BFD (S-BFD) Discriminators. This draft defines extensions to the BGP Link-state address-family to carry the S-BFD Discriminators information via BGP. "SR Policy Extensions for Path Segment and Bidirectional Path", Cheng Li, China Telecom, Mach Chen, Jie Dong, Zhenbin Li, 2019-08-08, A Segment Routing (SR) policy is a set of candidate SR paths consisting of one or more segment lists with necessary path attributes. For each SR path, it may also have its own path attributes, and Path Segment is one of them. A Path Segment is defined to identify an SR path, which can be used for performance measurement, path correlation, and end-2-end path protection. Path Segment can be also used to correlate two unidirctional SR paths into a bidirectional SR path which is required in some scenarios, for example, mobile backhaul transport network. This document defines extensions to BGP to distribute SR policies carrying Path Segment and bidirectional path information. "Deprecation of AS_SET and AS_CONFED_SET in BGP", Warren Kumari, Kotikalapudi Sriram, Lilia Hannachi, 2019-11-03, BCP 172 (i.e., RFC 6472) recommends not using AS_SET and AS_CONFED_SET in the Border Gateway Protocol. This document advances this recommendation to a standards requirement in BGP; it proscribes the use of the AS_SET and AS_CONFED_SET types of path segments in the AS_PATH. This is done to simplify the design and implementation of BGP and to make the semantics of the originator of a route clearer. This will also simplify the design, implementation, and deployment of various BGP security mechanisms. This document (if approved) updates RFC 4271 and RFC 5065 by eliminating AS_SET and AS_CONFED_SET types, and obsoletes RFC 6472. "Support for Long-lived BGP Graceful Restart", Jim Uttaro, Enke Chen, Bruno Decraene, John Scudder, 2019-09-05, In this document we introduce a new BGP capability termed "Long-lived Graceful Restart Capability" so that stale routes can be retained for a longer time upon session failure. A well-known BGP community "LLGR_STALE" is introduced for marking stale routes retained for a longer time. A second well-known BGP community, "NO_LLGR", is introduced to mark routes for which these procedures should not be applied. We also specify that such long-lived stale routes be treated as the least-preferred, and their advertisements be limited to BGP speakers that have advertised the new capability. Use of this extension is not advisable in all cases, and we provide guidelines to help determine if it is. We update RFC 6368 by specifying that the LLGR_STALE community must be propagated into, or out of, the path attributes exchanged between PE and CE. "Distribution of Link-State and Traffic Engineering Information Using BGP", Ketan Talaulikar, 2019-11-01, In a number of environments, a component external to a network is called upon to perform computations based on the network topology and current state of the connections within the network, including Traffic Engineering (TE) information. This is information typically distributed by IGP routing protocols within the network. This document describes a mechanism by which link-state and TE information can be collected from networks and shared with external components using the BGP routing protocol. This is achieved using a new BGP Network Layer Reachability Information (NLRI) encoding format. The mechanism is applicable to physical and virtual IGP links. The mechanism described is subject to policy control. Applications of this technique include Application-Layer Traffic Optimization (ALTO) servers and Path Computation Elements (PCEs). This document obsoletes RFC 7752 by completely replacing that document. It makes a number of small changes and clarifications to the previous specification. "BGP BFD Strict-Mode", Mercia Zheng, Acee Lindem, Jeffrey Haas, Albert Fu, 2019-11-04, This document specifies extensions to RFC4271 BGP-4 that enable a BGP speaker to negotiate additional Bidirectional Forwarding Detection (BFD) extensions using a BGP capability. This BFD capability enables a BGP speaker to prevent a BGP session from being established until a BFD session is established. It is referred to as BGP BFD "strict- mode". BGP BFD strict-mode will be supported when both the local speaker and its remote peer are BFD strict-mode capable. "SR Policy Extensions for Path Segment and Bidirectional Path", Cheng Li, Zhenbin Li, China Telecom, Weiqiang Cheng, Ketan Talaulikar, 2019-10-28, A Segment Routing (SR) policy is a set of candidate SR paths consisting of one or more segment lists with necessary path attributes. For each SR path, it may also have its own path attributes, and Path Segment is one of them. A Path Segment is defined to identify an SR path, which can be used for performance measurement, path correlation, and end-2-end path protection. Path Segment can be also used to correlate two unidirctional SR paths into a bidirectional SR path which is required in some scenarios, for example, mobile backhaul transport network. This document defines extensions to BGP to distribute SR policies carrying Path Segment and bidirectional path information. "BGP Extensions for Routing Policy Distribution (RPD)", Zhenbin Li, Liang Ou, Yujia Luo, Sujian Lu, Huaimo Chen, Shunwan Zhuang, Haibo Wang, 2019-11-01, It is hard to adjust traffic and optimize traffic paths on a traditional IP network from time to time through manual configurations. It is desirable to have an automatic mechanism for setting up routing policies, which adjust traffic and optimize traffic paths automatically. This document describes BGP Extensions for Routing Policy Distribution (BGP RPD) to support this. "SR Policies Extensions for Path Segment and Bidirectional Path in BGP-LS", Cheng Li, Zhenbin Li, China Telecom, Weiqiang Cheng, Ketan Talaulikar, 2019-11-01, This document specifies the way of collecting configuration and states of SR policies carrying Path Segment and bidirectional path information by using BPG-LS. Such information can be used by external conponents for many use cases such as performance measurement, path re-optimization and end-to-end protection. "Updates to the Allocation Policy for the Border Gateway Protocol - Link State (BGP-LS) Parameters Registries", Adrian Farrel, 2019-11-19, RFC 7752 defines Border Gateway Protocol - Link State (BGP-LS). IANA created a registry consistent with that document called the "Border Gateway Protocol - Link State (BGP-LS) Parameters Registry" with a number of sub-registries. The allocation policy applied by IANA for those policies is "Specification Required" as defined in RFC 8126. This document updates RFC 7752 by changing the allocation policy for all of the registries to "Expert Review" and by updating the guidance to the Designated Experts. Internet Area (int) ------------------- "Guidelines and Registration Procedures for Interface Types and Tunnel Types", Dave Thaler, Dan Romascanu, 2019-11-02, This document provides guidelines and procedures for those who are defining, registering, or evaluating definitions of new interface types ("ifType" values) and tunnel types. The original definition of the IANA interface type registry predated the use of IANA Considerations sections and YANG modules, and so some confusion arose over time. Tunnel types were added later, with the same requirements and allocation policy as interface types. This document updates RFC 2863, and provides updated guidance for these registries. Internet Area Working Group (intarea) ------------------------------------- "IP Tunnels in the Internet Architecture", Joseph Touch, Mark Townsley, 2019-09-12, This document discusses the role of IP tunnels in the Internet architecture. An IP tunnel transits IP datagrams as payloads in non- link layer protocols. This document explains the relationship of IP tunnels to existing protocol layers and the challenges in supporting IP tunneling, based on the equivalence of tunnels to links. The implications of this document are used to derive recommendations that update MTU and fragment issues in RFC 4459. "Generic UDP Encapsulation", Tom Herbert, Lucy Yong, Osama Zia, 2019-10-26, This specification describes Generic UDP Encapsulation (GUE), which is a scheme for using UDP to encapsulate packets of different IP protocols for transport across layer 3 networks. By encapsulating packets in UDP, specialized capabilities in networking hardware for efficient handling of UDP packets can be leveraged. GUE specifies basic encapsulation methods upon which higher level constructs, such as tunnels and overlay networks for network virtualization, can be constructed. GUE is extensible by allowing optional data fields as part of the encapsulation, and is generic in that it can encapsulate packets of various IP protocols. "Discovering Provisioning Domain Names and Data", Pierre Pfister, Eric Vyncke, Tommy Pauly, David Schinazi, Wenqin Shao, 2019-12-06, Provisioning Domains (PvDs) are defined as consistent sets of network configuration information. This allows hosts to manage connections to multiple networks and interfaces simultaneously, such as when a home router provides connectivity through both a broadband and cellular network provider. This document defines a mechanism for explicitly identifying PvDs through a Router Advertisement (RA) option. This RA option announces a PvD identifier, which hosts can compare to differentiate between PvDs. The option can directly carry some information about a PvD and can optionally point to additional PvD information that can be retrieved using HTTP over TLS. "IP Fragmentation Considered Fragile", Ron Bonica, Fred Baker, Geoff Huston, Robert Hinden, Ole Troan, Fernando Gont, 2019-09-30, This document describes IP fragmentation and explains how it introduces fragility to Internet communication. This document also proposes alternatives to IP fragmentation and provides recommendations for developers and network operators. IP Performance Measurement (ippm) --------------------------------- "Registry for Performance Metrics", Marcelo Bagnulo, Benoit Claise, Philip Eardley, Alfred Morton, Aamer Akhter, 2019-12-11, This document defines the format for the IANA Performance Metrics Registry. This document also gives a set of guidelines for Registered Performance Metric requesters and reviewers. "Initial Performance Metrics Registry Entries", Alfred Morton, Marcelo Bagnulo, Philip Eardley, Kevin D'Souza, 2019-12-11, This memo defines the set of Initial Entries for the IANA Performance Metrics Registry. The set includes: UDP Round-trip Latency and Loss, Packet Delay Variation, DNS Response Latency and Loss, UDP Poisson One-way Delay and Loss, UDP Periodic One-way Delay and Loss, ICMP Round-trip Latency and Loss, and TCP round-trip Latency and Loss. "Two-Way Active Measurement Protocol (TWAMP) Data Model", Ruth Civil, Alfred Morton, Reshad Rahman, Mahesh Jethanandani, Kostas Pentikousis, 2018-07-02, This document specifies a data model for client and server implementations of the Two-Way Active Measurement Protocol (TWAMP). The document defines the TWAMP data model through Unified Modeling Language (UML) class diagrams and formally specifies it using a NDMA- compliant YANG model. "Data Fields for In-situ OAM", Frank Brockners, Shwetha Bhandari, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, David Mozes, Petr Lapukhov, remy@barefootnetworks.com, daniel.bernier@bell.ca, Jennifer Lemon, 2019-10-24, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document discusses the data fields and associated data types for in-situ OAM. In-situ OAM data fields can be embedded into a variety of transports such as NSH, Segment Routing, Geneve, native IPv6 (via extension header), or IPv4. In-situ OAM can be used to complement OAM mechanisms based on e.g. ICMP or other types of probe packets. "Simple Two-way Active Measurement Protocol", Gregory Mirsky, Guo Jun, Henrik Nydell, Richard Foote, 2019-10-31, This document describes a Simple Two-way Active Measurement Protocol which enables the measurement of both one-way and round-trip performance metrics like delay, delay variation, and packet loss. "Simple Two-way Active Measurement Protocol (STAMP) Data Model", Gregory Mirsky, Min Xiao, Wei Luo, 2019-10-25, This document specifies the data model for implementations of Session-Sender and Session-Reflector for Simple Two-way Active Measurement Protocol (STAMP) mode using YANG. "Advanced Unidirectional Route Assessment (AURA)", Jose Alvarez-Hamelin, Alfred Morton, Joachim Fabini, Carlos Pignataro, Ruediger Geib, 2019-12-11, This memo introduces an advanced unidirectional route assessment (AURA) metric and associated measurement methodology, based on the IP Performance Metrics (IPPM) Framework RFC 2330. This memo updates RFC 2330 in the areas of path-related terminology and path description, primarily to include the possibility of parallel subpaths between a given Source and Destination pair, owing to the presence of multi- path technologies. "Multipoint Alternate Marking method for passive and hybrid performance monitoring", Giuseppe Fioccola, Mauro Cociglio, Amedeo Sapio, Riccardo Sisto, 2019-11-04, The Alternate Marking method, as presented in RFC 8321 [RFC8321], can be applied only to point-to-point flows because it assumes that all the packets of the flow measured on one node are measured again by a single second node. This document aims to generalize and expand this methodology to measure any kind of unicast flows, whose packets can follow several different paths in the network, in wider terms a multipoint-to-multipoint network. For this reason the technique here described is called Multipoint Alternate Marking. Some definitions here introduced extend the scope of RFC 5644 [RFC5644] in the context of alternate marking schema. "Simple Two-way Active Measurement Protocol Optional Extensions", Gregory Mirsky, Min Xiao, Henrik Nydell, Richard Foote, Adi Masputra, Ernesto Ruffini, 2019-10-31, This document describes optional extensions to Simple Two-way Active Measurement Protocol (STAMP) which enable measurement performance metrics in addition to ones supported by the STAMP base specification. "In-situ OAM IPv6 Options", Shwetha Bhandari, Frank Brockners, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, Aviv Kfir, Barak Gafni, Petr Lapukhov, Mickey Spiegel, Suresh Krishnan, Rajiv Asati, 2019-09-26, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document outlines how IOAM data fields are encapsulated in IPv6. "In-situ OAM Direct Exporting", Haoyu Song, Barak Gafni, Tianran Zhou, Zhenbin Li, Frank Brockners, Shwetha Bhandari, Ramesh Sivakolundu, Tal Mizrahi, 2019-10-12, In-situ Operations, Administration, and Maintenance (IOAM) is used for recording and collecting operational and telemetry information. Specifically, IOAM allows telemetry data to be pushed into data packets while they traverse the network. This document introduces a new IOAM option type called the Direct Export (DEX) option, which is used as a trigger for IOAM data to be directly exported to a collector without being pushed into in-flight data packets. "In-situ OAM Flags", Tal Mizrahi, Frank Brockners, Shwetha Bhandari, Ramesh Sivakolundu, Carlos Pignataro, Aviv Kfir, Barak Gafni, Mickey Spiegel, Jennifer Lemon, 2019-10-12, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document presents new flags in the IOAM Trace Option headers. Specifically, the document defines the Loopback and Active flags. "Metrics and Methods for IP Capacity", Alfred Morton, Ruediger Geib, Len Ciavattone, 2019-11-04, This memo revisits the problem of Network Capacity metrics first examined in RFC 5136. The memo specifies a more practical Maximum IP-layer Capacity metric definition catering for measurement purposes, and outlines the corresponding methods of measurement. IP Security Maintenance and Extensions (ipsecme) ------------------------------------------------ "Group Key Management using IKEv2", Brian Weis, Valery Smyslov, 2019-07-08, This document presents a set of IKEv2 exchanges that comprise a group key management protocol. The protocol is in conformance with the Multicast Security (MSEC) key management architecture, which contains two components: member registration and group rekeying. Both components require a Group Controller/Key Server to download IPsec group security associations to authorized members of a group. The group members then exchange IP multicast or other group traffic as IPsec packets. This document obsoletes RFC 6407. "Framework to Integrate Post-quantum Key Exchanges into Internet Key Exchange Protocol Version 2 (IKEv2)", C. Tjhai, M. Tomlinson, grbartle@cisco.com, Scott Fluhrer, Daniel Van Geest, Oscar Garcia-Morchon, Valery Smyslov, 2019-07-09, This document describes how to extend Internet Key Exchange Protocol Version 2 (IKEv2) so that the shared secret exchanged between peers has resistance against quantum computer attacks. The basic idea is to exchange one or more post-quantum key exchange payloads in conjunction with the existing (Elliptic Curve) Diffie-Hellman payload. "Postquantum Preshared Keys for IKEv2", Scott Fluhrer, David McGrew, Panos Kampanakis, Valery Smyslov, 2019-11-27, The possibility of Quantum Computers poses a serious challenge to cryptographic algorithms deployed widely today. IKEv2 is one example of a cryptosystem that could be broken; someone storing VPN communications today could decrypt them at a later time when a Quantum Computer is available. It is anticipated that IKEv2 will be extended to support quantum-secure key exchange algorithms; however that is not likely to happen in the near term. To address this problem before then, this document describes an extension of IKEv2 to allow it to be resistant to a Quantum Computer, by using preshared keys. "Implicit IV for Counter-based Ciphers in Encapsulating Security Payload (ESP)", Daniel Migault, Tobias Guggemos, Yoav Nir, 2019-10-22, Encapsulating Security Payload (ESP) sends an initialization vector (IV) in each packet. The size of IV depends on the applied transform, being usually 8 or 16 octets for the transforms defined by the time this document is written. Some algorithms such as AES-GCM, AES-CCM and ChaCha20-Poly1305 when used with IPsec, take the IV to generate a nonce that is used as an input parameter for encrypting and decrypting. This IV must be unique but can be predictable. As a result, the value provided in the ESP Sequence Number (SN) can be used instead to generate the nonce. This avoids sending the IV itself, and saves in the case of AES-GCM, AES-CCM and ChaCha20-Poly1305 8 octets per packet. This document describes how to do this. "IKEv2 Notification Status Types for IPv4/IPv6 Coexistence", Mohamed Boucadair, 2019-10-21, This document specifies new IKEv2 notification status types to better manage IPv4 and IPv6 co-existence. This document updates RFC7296. "Labeled IPsec Traffic Selector support for IKEv2", Paul Wouters, Sahana Prasad, 2019-11-04, This document defines a new Traffic Selector (TS) Type for Internet Key Exchange version 2 to add support for negotiating Mandatory Access Control (MAC) security labels as a traffic selector of the Security Policy Database (SPD). Security Labels for IPsec are also known as "Labeled IPsec". The new TS type is TS_SECLABEL, which consists of a variable length opaque field specifying the security label. This document updates the IKEv2 TS negotiation specified in RFC 7296 Section 2.9. "Intermediate Exchange in the IKEv2 Protocol", Valery Smyslov, 2019-07-24, This documents defines a new exchange, called Intermediate Exchange, for the Internet Key Exchange protocol Version 2 (IKEv2). This exchange can be used for transferring large amount of data in the process of IKEv2 Security Association (SA) establishment. Introducing Intermediate Exchange allows re-using existing IKE Fragmentation mechanism, that helps to avoid IP fragmentation of large IKE messages, but cannot be used in the initial IKEv2 exchange. IP Wireless Access in Vehicular Environments (ipwave) ----------------------------------------------------- "Basic Support for IPv6 over IEEE Std 802.11 Networks Operating Outside the Context of a Basic Service Set", Nabil Benamar, Jerome Haerri, Jong-Hyouk Lee, Thierry Ernst, Thierry Ernst, 2019-08-09, This document provides methods and settings, for using IPv6 to communicate among nodes within range of one another over a single IEEE 802.11-OCB link. Support for these methods and settings require minimal changes to existing stacks. This document also describes limitations associated with using these methods. Optimizations and usage of IPv6 over more complex scenarios is not covered in this specification and is subject of future work. "IP Wireless Access in Vehicular Environments (IPWAVE): Problem Statement and Use Cases", Jaehoon Jeong, 2019-10-03, This document discusses the problem statement and use cases of IP- based vehicular networking for Intelligent Transportation Systems (ITS). The main scenarios of vehicular communications are vehicle- to-vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to- everything (V2X) communications. First, this document explains use cases using V2V, V2I, and V2X networking. Next, it makes a problem statement about key aspects in IP-based vehicular networking, such as IPv6 Neighbor Discovery, Mobility Management, and Security & Privacy. For each key aspect, this document specifies requirements in IP-based vehicular networking, and suggests the direction of solutions satisfying those requirements. JSON Mail Access Protocol (jmap) -------------------------------- "Handling Message Disposition Notification with JMAP", Raphael Ouazana, 2019-11-20, This document specifies a data model for handling [RFC8098] MDN messages with a server using JMAP. "A JSON Meta Application Protocol (JMAP) Subprotocol for WebSocket", Ken Murchison, 2019-11-17, This document defines a binding for the JSON Meta Application Protocol (JMAP) over a WebSocket transport layer. The WebSocket binding for JMAP provides higher performance than the current HTTP binding for JMAP. "JMAP for Calendars", Neil Jenkins, Michael Douglass, 2019-10-28, This document specifies a data model for synchronizing calendar data with a server using JMAP. "Extensions to JMAP for S/MIME signature verification", Alexey Melnikov, 2019-07-08, This document specifies extension to JMAP for returning S/MIME signature verification status. "JMAP for Quotas", Rene Cordier, Michael Bailly, 2019-09-30, This document specifies a data model for handling quotas on mailboxes with a server using JMAP. Common Authentication Technology Next Generation (kitten) --------------------------------------------------------- "SAML Enhanced Client SASL and GSS-API Mechanisms", Scott Cantor, Simon Josefsson, 2019-08-28, Security Assertion Markup Language (SAML) 2.0 is a generalized framework for the exchange of security-related information between asserting and relying parties. Simple Authentication and Security Layer (SASL) and the Generic Security Service Application Program Interface (GSS-API) are application frameworks to facilitate an extensible authentication model. This document specifies a SASL and GSS-API mechanism for SAML 2.0 that leverages the capabilities of a SAML-aware "enhanced client" to address significant barriers to federated authentication in a manner that encourages reuse of existing SAML bindings and profiles designed for non-browser scenarios. "SPAKE Pre-Authentication", Nathaniel McCallum, Simo Sorce, Robbie Harwood, Greg Hudson, 2018-08-21, This document defines a new pre-authentication mechanism for the Kerberos protocol that uses a password authenticated key exchange. This document has three goals. First, increase the security of Kerberos pre-authentication exchanges by making offline brute-force attacks infeasible. Second, enable the use of second factor authentication without relying on FAST. This is achieved using the existing trust relationship established by the shared first factor. Third, make Kerberos pre-authentication more resilient against time synchronization errors by removing the need to transfer an encrypted timestamp from the client. Lightweight Authenticated Key Exchange (lake) --------------------------------------------- "Requirements for a Lightweight AKE for OSCORE", Malisa Vucinic, Goeran Selander, John Mattsson, Dan Garcia-Carillo, 2019-12-09, This document compiles the requirements for a lightweight authenticated key exchange protocol for OSCORE. Limited Additional Mechanisms for PKIX and SMIME (lamps) -------------------------------------------------------- "Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS)", Panos Kampanakis, Quynh Dang, 2019-09-17, This document updates the "Cryptographic Message Syntax Algorithms" (RFC3370) and describes the conventions for using the SHAKE family of hash functions in the Cryptographic Message Syntax as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated signer public keys in CMS are also described. "Use of the HSS/LMS Hash-based Signature Algorithm in the Cryptographic Message Syntax (CMS)", Russ Housley, 2019-09-18, This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. "Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)", Russ Housley, 2019-08-23, The invention of a large-scale quantum computer would pose a serious challenge for the cryptographic algorithms that are widely deployed today. The Cryptographic Message Syntax (CMS) supports key transport and key agreement algorithms that could be broken by the invention of such a quantum computer. By storing communications that are protected with the CMS today, someone could decrypt them in the future when a large-scale quantum computer becomes available. Once quantum-secure key management algorithms are available, the CMS will be extended to support the new algorithms, if the existing syntax does not accommodate them. In the near-term, this document describes a mechanism to protect today's communication from the future invention of a large-scale quantum computer by mixing the output of key transport and key agreement algorithms with a pre-shared key. "Problem Statement and Requirements for Header Protection", Alexey Melnikov, Bernie Hoeneisen, 2019-10-29, Privacy and security issues with email header protection in S/MIME have been identified for some time. However, the desire to fix these issues has only recently been expressed in the IETF LAMPS Working Group. The existing S/MIME specification is likely to be updated regarding header protection. This document describes the problem statement, generic use cases, and requirements of header protection. Locator/ID Separation Protocol (lisp) ------------------------------------- "LISP-Security (LISP-SEC)", Fabio Maino, Vina Ermagan, Albert Cabellos-Aparicio, Damien Saucez, 2019-07-23, This memo specifies LISP-SEC, a set of security mechanisms that provides origin authentication, integrity and anti-replay protection to LISP's EID-to-RLOC mapping data conveyed via mapping lookup process. LISP-SEC also enables verification of authorization on EID- prefix claims in Map-Reply messages. "An Architectural Introduction to the Locator/ID Separation Protocol (LISP)", Albert Cabellos-Aparicio, Damien Saucez, 2015-04-02, This document describes the architecture of the Locator/ID Separation Protocol (LISP), making it easier to read the rest of the LISP specifications and providing a basis for discussion about the details of the LISP protocols. This document is used for introductory purposes, more details can be found in RFC6830, the protocol specification. "LISP YANG Model", Vina Ermagan, Alberto Rodriguez-Natal, Florin Coras, Carl Moberg, Reshad Rahman, Albert Cabellos-Aparicio, Fabio Maino, 2019-09-07, This document describes a YANG data model to use with the Locator/ID Separation Protocol (LISP). The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). "The Locator/ID Separation Protocol (LISP)", Dino Farinacci, Vince Fuller, David Meyer, Darrel Lewis, Albert Cabellos-Aparicio, 2019-11-17, This document describes the Data-Plane protocol for the Locator/ID Separation Protocol (LISP). LISP defines two namespaces, End-point Identifiers (EIDs) that identify end-hosts and Routing Locators (RLOCs) that identify network attachment points. With this, LISP effectively separates control from data, and allows routers to create overlay networks. LISP-capable routers exchange encapsulated packets according to EID-to-RLOC mappings stored in a local Map-Cache. LISP requires no change to either host protocol stacks or to underlay routers and offers Traffic Engineering, multihoming and mobility, among other features. This document obsoletes RFC 6830. "Locator/ID Separation Protocol (LISP) Control-Plane", Dino Farinacci, Fabio Maino, Vince Fuller, Albert Cabellos-Aparicio, 2019-11-17, This document describes the Control-Plane and Mapping Service for the Locator/ID Separation Protocol (LISP), implemented by two types of LISP-speaking devices -- the LISP Map-Resolver and LISP Map-Server -- that provides a simplified "front end" for one or more Endpoint ID to Routing Locator mapping databases. By using this Control-Plane service interface and communicating with Map-Resolvers and Map-Servers, LISP Ingress Tunnel Routers (ITRs) and Egress Tunnel Routers (ETRs) are not dependent on the details of mapping database systems, which facilitates modularity with different database designs. Since these devices implement the "edge" of the LISP Control-Plane infrastructure, connecting EID addressable nodes of a LISP site, their implementation and operational complexity reduces the overall cost and effort of deploying LISP. This document obsoletes RFC 6830 and RFC 6833. "LISP Traffic Engineering Use-Cases", Dino Farinacci, Michael Kowal, Parantap Lahiri, 2019-10-07, This document describes how LISP reencapsulating tunnels can be used for Traffic Engineering purposes. The mechanisms described in this document require no LISP protocol changes but do introduce a new locator (RLOC) encoding. The Traffic Engineering features provided by these LISP mechanisms can span intra-domain, inter-domain, or combination of both. "LISP Mobile Node", Dino Farinacci, Darrel Lewis, David Meyer, Chris White, 2019-09-03, This document describes how a lightweight version of LISP's ITR/ETR functionality can be used to provide seamless mobility to a mobile node. The LISP Mobile Node design described in this document uses standard LISP functionality to provide scalable mobility for LISP mobile nodes. "LISP Virtual Private Networks (VPNs)", Victor Moreno, Dino Farinacci, 2019-11-17, This document describes the use of the Locator/ID Separation Protocol (LISP) to create Virtual Private Networks (VPNs). LISP is used to provide segmentation in both the LISP data plane and control plane. These VPNs can be created over the top of the Internet or over private transport networks, and can be implemented by Enterprises or Service Providers. The goal of these VPNs is to leverage the characteristics of LISP - routing scalability, simply expressed Ingress site TE Policy, IP Address Family traversal, and mobility, in ways that provide value to network operators. "LISP L2/L3 EID Mobility Using a Unified Control Plane", Marc Portoles-Comeras, Vrushali Ashtaputre, Victor Moreno, Fabio Maino, Dino Farinacci, 2019-11-17, The LISP control plane offers the flexibility to support multiple overlay flavors simultaneously. This document specifies how LISP can be used to provide control-plane support to deploy a unified L2 and L3 overlay solution for End-point Identifier (EID) mobility, as well as analyzing possible deployment options and models. "LISP Predictive RLOCs", Dino Farinacci, Padma Pillay-Esnault, 2019-11-04, This specification describes a method to achieve near-zero packet loss when an EID is roaming quickly across RLOCs. "LISP EID Anonymity", Dino Farinacci, Padma Pillay-Esnault, Wassim Haddad, 2019-10-07, This specification will describe how ephemeral LISP EIDs can be used to create source anonymity. The idea makes use of frequently changing EIDs much like how a credit-card system uses a different credit-card numbers for each transaction. "Vendor Specific LISP Canonical Address Format (LCAF)", Alberto Rodriguez-Natal, Vina Ermagan, Anton Smirnov, Vrushali Ashtaputre, Dino Farinacci, 2019-09-30, This document describes a new LISP Canonical Address Format (LCAF), the Vendor Specific LCAF. This LCAF enables organizations to have internal encodings for LCAF addresses. "LISP Generic Protocol Extension", Fabio Maino, Jennifer Lemon, Puneet Agarwal, Darrel Lewis, Michael Smith, 2019-11-18, This document describes extentions to the Locator/ID Separation Protocol (LISP) Data-Plane, via changes to the LISP header, to support multi-protocol encapsulation. "Publish/Subscribe Functionality for LISP", Alberto Rodriguez-Natal, Vina Ermagan, Johnson Leong, Fabio Maino, Albert Cabellos-Aparicio, Sharon Barkai, Dino Farinacci, Mohamed Boucadair, Christian Jacquenet, Stefano Secci, 2019-09-11, This document specifies an extension to the use of Map-Request to enable Publish/Subscribe (PubSub) operation for LISP. "Locator/ID Separation Protocol (LISP) Map-Versioning", Luigi Iannone, Damien Saucez, Olivier Bonaventure, 2019-08-16, This document describes the LISP (Locator/ID Separation Protocol) Map-Versioning mechanism, which provides in-packet information about Endpoint ID to Routing Locator (EID-to-RLOC) mappings used to encapsulate LISP data packets. The proposed approach is based on associating a version number to EID-to-RLOC mappings and the transport of such a version number in the LISP-specific header of LISP-encapsulated packets. LISP Map-Versioning is particularly useful to inform communicating Ingress Tunnel Routers (ITRs) and Egress Tunnel Routers (ETRs) about modifications of the mappings used to encapsulate packets. The mechanism is optional and transparent to implementations not supporting this feature, since in the LISP- specific header and in the Map Records, bits used for Map-Versioning can be safely ignored by ITRs and ETRs that do not support or do not want to use the mechanism. This document obsoletes RFC 6834 "Locator/ID Separation Protocol (LISP) Map-Versioning", which is the initial experimental specifications of the mechanisms updated by this document. "LISP Control-Plane ECDSA Authentication and Authorization", Dino Farinacci, Erik Nordmark, 2019-09-16, This draft describes how LISP control-plane messages can be individually authenticated and authorized without a a priori shared- key configuration. Public-key cryptography is used with no new PKI infrastructure required. "Locator/ID Separation Protocol (LISP): Shared Extension Message & IANA Registry for Packet Type Allocations", Mohamed Boucadair, Christian Jacquenet, 2019-01-24, This document specifies a Locator/ID Separation Protocol (LISP) shared message type for defining future extensions and conducting experiments without consuming a LISP packet type codepoint for each extension. This document obsoletes RFC 8113. "Network-Hexagons: H3-LISP GeoState & Mobility Network", sbarkai@gmail.com, Bruno Fernandez-Ruiz, Sharon Barkai, Rotem Tamir, Alberto Rodriguez-Natal, Fabio Maino, Albert Cabellos-Aparicio, Dino Farinacci, 2019-12-09, This document specifies combined use of H3-LISP for geo-state & mobility: - Enabling real-time tile by tile indexed annotation of public roads - For sharing: hazards, blockages, conditions, maintenance, furniture.. - Between MobilityClients producing-consuming the geo-state information - Using addressable grid of channels for physical world current-state IPv6 over Low Power Wide-Area Networks (lpwan) ---------------------------------------------- "LPWAN Static Context Header Compression (SCHC) for CoAP", Ana Minaburo, Laurent Toutain, Ricardo Andreasen, 2019-12-10, This draft defines the way SCHC header compression can be applied to CoAP headers. The CoAP header structure differs from IPv6 and UDP protocols since CoAP uses a flexible header with a variable number of options, themselves of variable length. The CoAP protocol messages format is asymmetric: the request messages have a header format different from the one in the response messages. This document explains how to use the SCHC compression mechanism for CoAP. "Static Context Header Compression (SCHC) and fragmentation for LPWAN, application to UDP/IPv6", Ana Minaburo, Laurent Toutain, Carles Gomez, Dominique Barthel, Juan Zuniga, 2019-12-05, This document defines the Static Context Header Compression (SCHC) framework, which provides both a header compression mechanism and an optional fragmentation mechanism. SCHC has been designed for Low Power Wide Area Networks (LPWAN). SCHC compression is based on a common static context stored both in the LPWAN device and in the network infrastructure side. This document defines a generic header compression mechanism and its application to compress IPv6/UDP headers. This document also specifies an optional fragmentation and reassembly mechanism. It can be used to support the IPv6 MTU requirement over the LPWAN technologies. Fragmentation is needed for IPv6 datagrams that, after SCHC compression or when such compression was not possible, still exceed the layer-2 maximum payload size. The SCHC header compression and fragmentation mechanisms are independent of the specific LPWAN technology over which they are used. This document defines generic functionalities and offers flexibility with regard to parameter settings and mechanism choices. This document standardizes the exchange over the LPWAN between two SCHC entities. Settings and choices specific to a technology or a product are expected to be grouped into profiles, which are specified in other documents. Data models for the context and profiles are out of scope. "Static Context Header Compression (SCHC) over LoRaWAN", Olivier Gimenez, Ivaylo Petrov, 2019-11-04, The Static Context Header Compression (SCHC) specification describes generic header compression and fragmentation techniques for LPWAN (Low Power Wide Area Networks) technologies. SCHC is a generic mechanism designed for great flexibility so that it can be adapted for any of the LPWAN technologies. This document provides the adaptation of SCHC for use in LoRaWAN networks, and provides elements such as efficient parameterization and modes of operation. This is called a profile. "SCHC over Sigfox LPWAN", Juan Zuniga, Carles Gomez, Laurent Toutain, 2019-11-04, The Static Context Header Compression (SCHC) specification describes a header compression scheme and a fragmentation functionality for Low Power Wide Area Network (LPWAN) technologies. SCHC offers a great level of flexibility that can be tailored for different LPWAN technologies. The present document provides the optimal parameters and modes of operation when SCHC is implemented over a Sigfox LPWAN. "SCHC over NB-IoT", Edgar Ramos, Ana Minaburo, 2019-11-16, The Static Context Header Compression (SCHC) specification describes a header compression and fragmentation functionalities for LPWAN (Low Power Wide Area Networks) technologies. SCHC was designed to be adapted over any of the LPWAN technologies. This document describes the use of SCHC over the NB-IoT wireless access, and provides elements for an efficient parameterization. Link State Routing (lsr) ------------------------ "YANG Data Model for IS-IS Protocol", Stephane Litkowski, Derek Yeung, Acee Lindem, Zhaohui Zhang, Ladislav Lhotka, 2019-10-15, This document defines a YANG data model that can be used to configure and manage the IS-IS protocol on network elements. "YANG Data Model for OSPF Protocol", Derek Yeung, Yingzhen Qu, Zhaohui Zhang, Ing-Wher Chen, Acee Lindem, 2019-10-17, This document defines a YANG data model that can be used to configure and manage OSPF. The model is based on YANG 1.1 as defined in RFC 7950 and conforms to the Network Management Datastore Architecture (NMDA) as described in RFC 8342. "Signaling Entropy Label Capability and Entropy Readable Label-stack Depth Using OSPF", Xiaohu Xu, Sriganesh Kini, Peter Psenak, Clarence Filsfils, Stephane Litkowski, Matthew Bocci, 2019-10-25, Multiprotocol Label Switching (MPLS) has defined a mechanism to load- balance traffic flows using Entropy Labels (EL). An ingress Label Switching Router (LSR) cannot insert ELs for packets going into a given tunnel unless an egress LSR has indicated via signaling that it has the capability to process ELs, referred to as Entropy Label Capability (ELC), on that tunnel. In addition, it would be useful for ingress LSRs to know each LSR's capability of reading the maximum label stack depth and performing EL-based load-balancing, referred to as Entropy Readable Label Depth (ERLD). This document defines a mechanism to signal these two capabilities using OSPF and OSPFv3. These mechanism is particularly useful in the environment where Segment Routing (SR) is used, where label advertisements are done via protocols like OSPF and OSPFv3. "Signaling Entropy Label Capability and Entropy Readable Label Depth Using IS-IS", Xiaohu Xu, Sriganesh Kini, Peter Psenak, Clarence Filsfils, Stephane Litkowski, Matthew Bocci, 2019-10-21, Multiprotocol Label Switching (MPLS) has defined a mechanism to load- balance traffic flows using Entropy Labels (EL). An ingress Label Switching Router (LSR) cannot insert ELs for packets going into a given Label Switched Path (LSP) unless an egress LSR has indicated via signaling that it has the capability to process ELs, referred to as Entropy Label Capability (ELC), on that tunnel. In addition, it would be useful for ingress LSRs to know each LSR's capability for reading the maximum label stack depth and performing EL-based load- balancing, referred to as Entropy Readable Label Depth (ERLD). This document defines a mechanism to signal these two capabilities using IS-IS. These mechanisms are particularly useful, where label advertisements are done via protocols like IS-IS. "Host Router Support for OSPFv2", Keyur Patel, Padma Pillay-Esnault, Manish Bhardwaj, Serpil Bayraktar, 2019-11-16, The Open Shortest Path First Version 2 (OSPFv2) does not have a mechanism for a node to repel transit traffic if it is on the shortest path. This document defines a bit (Host-bit) that enables a router to advertise that it is a non-transit router. It also describes the changes needed to support the H-bit in the domain. In addition, this document updates RFC 6987 to advertise type-2 External and Not-So-Stubby-Area (NSSA) Link State Advertisements (LSAs) with a high cost in order to repel traffic effectively. "YANG Data Model for OSPF SR (Segment Routing) Protocol", Derek Yeung, Yingzhen Qu, Zhaohui Zhang, Ing-Wher Chen, Acee Lindem, 2019-08-13, This document defines a YANG data model that can be used to configure and manage OSPF Segment Routing. The model is based on YANG 1.1 as defined in RFC 7950 and conforms to the Network Management Datastore Architecture (NDMA) as described in RFC 8342. "YANG Data Model for IS-IS Segment Routing", Stephane Litkowski, Yingzhen Qu, Pushpasis Sarkar, Ing-Wher Chen, Jeff Tantsura, 2019-07-07, This document defines a YANG data model that can be used to configure and manage IS-IS Segment Routing. "IS-IS TE Attributes per application", Les Ginsberg, Peter Psenak, Stefano Previdi, Wim Henderickx, John Drake, 2019-10-30, Existing traffic engineering related link attribute advertisements have been defined and are used in RSVP-TE deployments. Since the original RSVP-TE use case was defined, additional applications (e.g., SRTE, LFA) have been defined which also make use of the link attribute advertisements. In cases where multiple applications wish to make use of these link attributes the current advertisements do not support application specific values for a given attribute nor do they support indication of which applications are using the advertised value for a given link. This draft introduces new link attribute advertisements which address both of these shortcomings. It also discusses backwards compatibility issues and how to minimize duplicate advertisements in the presence of routers which do not support the extensions defined in this document. "OSPF Link Traffic Engineering Attribute Reuse", Peter Psenak, Les Ginsberg, Wim Henderickx, Jeff Tantsura, John Drake, 2019-10-30, Various link attributes have been defined in OSPF in the context of the MPLS Traffic Engineering (TE) and GMPLS. Since the original RSVP-TE use case was defined, additional applications (e.g., SRTE, LFA) have been defined which also make use of the link attribute advertisements. This document defines how to distribute link attributes in OSPFv2 and OSPFv3 for applications other than MPLS TE or GMPLS. "IGP Flexible Algorithm", Peter Psenak, Shraddha Hegde, Clarence Filsfils, Ketan Talaulikar, Arkadiy Gulko, 2019-11-04, IGP protocols traditionally compute best paths over the network based on the IGP metric assigned to the links. Many network deployments use RSVP-TE based or Segment Routing based Traffic Engineering to enforce traffic over a path that is computed using different metrics or constraints than the shortest IGP path. This document proposes a solution that allows IGPs themselves to compute constraint based paths over the network. This document also specifies a way of using Segment Routing (SR) Prefix-SIDs and SRv6 locators to steer packets along the constraint-based paths. "Restart Signaling for IS-IS", Les Ginsberg, Paul Wells, 2019-09-19, This document describes a mechanism for a restarting router to signal to its neighbors that it is restarting, allowing them to reestablish their adjacencies without cycling through the down state, while still correctly initiating database synchronization. This document additionally describes a mechanism for a router to signal its neighbors that it is preparing to initiate a restart while maintaining forwarding plane state. This allows the neighbors to maintain their adjacencies until the router has restarted, but also allows the neighbors to bring the adjacencies down in the event of other topology changes. This document additionally describes a mechanism for a restarting router to determine when it has achieved Link State Protocol Data Unit (LSP) database synchronization with its neighbors and a mechanism to optimize LSP database synchronization, while minimizing transient routing disruption when a router starts. This document obsoletes RFC 5306. "IGP extension for PCEP security capability support in the PCE discovery", Diego Lopez, Qin WU, Dhruv Dhody, Zitao Wang, Daniel King, 2019-10-31, When a Path Computation Element (PCE) is a Label Switching Router (LSR) participating in the Interior Gateway Protocol (IGP), or even a server participating in IGP, its presence and path computation capabilities can be advertised using IGP flooding. The IGP extensions for PCE discovery (RFC 5088 and RFC 5089) define a method to advertise path computation capabilities using IGP flooding for OSPF and IS-IS respectively. However these specifications lack a method to advertise PCEP security (e.g., Transport Layer Security(TLS), TCP Authentication Option (TCP-AO)) support capability. This document proposes new capability flag bits for PCE-CAP-FLAGS sub-TLV that can be announced as attribute in the IGP advertisement to distribute PCEP security support information. In addition, this document updates RFC 5088 and RFC 5089 to allow advertisement of Key ID or Key Chain Name Sub-TLV to support TCP AO security capability. "IS-IS Routing for Spine-Leaf Topology", Naiming Shen, Les Ginsberg, Sanjay Thyamagundalu, 2019-09-02, This document describes a mechanism for routers and switches in a Spine-Leaf type topology to have non-reciprocal Intermediate System to Intermediate System (IS-IS) routing relationships between the leafs and spines. The leaf nodes do not need to have the topology information of other nodes and exact prefixes in the network. This extension also has application in the Internet of Things (IoT). "Dynamic Flooding on Dense Graphs", Tony Li, Peter Psenak, Les Ginsberg, Huaimo Chen, Tony Przygienda, Dave Cooper, Luay Jalil, Srinath Dontula, 2019-11-26, Routing with link state protocols in dense network topologies can result in sub-optimal convergence times due to the overhead associated with flooding. This can be addressed by decreasing the flooding topology so that it is less dense. This document discusses the problem in some depth and an architectural solution. Specific protocol changes for IS-IS, OSPFv2, and OSPFv3 are described in this document. "OSPF Prefix Originator Extension", Aijun Wang, Acee Lindem, Jie Dong, Peter Psenak, Ketan Talaulikar, 2019-11-24, This document defines Open Shortest Path First (OSPF) encodings to advertise the router-id of the originator of inter-area prefixes for OSPFv2 and OSPFv3 Link-State Advertisements (LSAs). The source originator is needed in several multi-area OSPF use cases. "IS-IS Extension to Support Segment Routing over IPv6 Dataplane", Peter Psenak, Clarence Filsfils, Ahmed Bashandy, Bruno Decraene, Zhibo Hu, 2019-10-04, Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of topological sub-paths, called "segments". Segment routing architecture can be implemented over an MPLS data plane as well as an IPv6 data plane. This draft describes the IS-IS extensions required to support Segment Routing over an IPv6 data plane. "Invalid TLV Handling in IS-IS", Les Ginsberg, Paul Wells, Tony Li, Tony Przygienda, Shraddha Hegde, 2019-07-22, Key to the extensibility of the Intermediate System to Intermediate System (IS-IS) protocol has been the handling of unsupported and/or invalid Type/Length/Value (TLV) tuples. Although there are explicit statements in existing specifications, deployment experience has shown that there are inconsistencies in the behavior when a TLV which is disallowed in a particular Protocol Data Unit (PDU) is received. This document discusses such cases and makes the correct behavior explicit in order to insure that interoperability is maximized. This document when approved updates RFC3563, RFC5305, RFC6232, and RFC6233. "OSPF YANG Model Augmentations for Additional Features - Version 1", Acee Lindem, Yingzhen Qu, 2019-10-22, This document defines YANG data modules augmenting the IETF OSPF YANG model to provide support for Traffic Engineering Extensions to OSPF Version 3 as defined in RF 5329, OSPF Two-Part Metric as defined in RFC 8042, OSPF Graceful Link Shutdown as defined in RFC 8379 and OSPF Link-Local Signaling (LLS) Extensions for Local Interface ID Advertisement as defined in RFC 8510. "YANG Model for OSPFv3 Extended LSAs", Acee Lindem, Sharmila Palani, Yingzhen Qu, 2019-10-22, This document defines a YANG data model augmenting the IETF OSPF YANG model to provide support for OSPFv3 Link State Advertisment (LSA) Extensibility as defined in RFC 8362. OSPFv3 Extended LSAs provide extensible TLV-based LSAs for the base LSA types defined in RFC 5340. "IS-IS Extended Hierarchy", Tony Li, Les Ginsberg, Paul Wells, 2019-10-30, The IS-IS routing protocol was originally defined with a two level hierarchical structure. This was adequate for the networks at the time. As we continue to expand the scale of our networks, it is apparent that additional hierarchy would be a welcome degree of flexibility in network design. This document defines IS-IS Levels 3 through 8. Link State Vector Routing (lsvr) -------------------------------- "Shortest Path Routing Extensions for BGP Protocol", Keyur Patel, Acee Lindem, Shawn Zandi, Wim Henderickx, 2019-12-10, Many Massively Scaled Data Centers (MSDCs) have converged on simplified layer 3 routing. Furthermore, requirements for operational simplicity have led many of these MSDCs to converge on BGP as their single routing protocol for both their fabric routing and their Data Center Interconnect (DCI) routing. This document describes a solution which leverages BGP Link-State distribution and the Shortest Path First (SPF) algorithm similar to Internal Gateway Protocols (IGPs) such as OSPF. "Usage and Applicability of Link State Vector Routing in Data Centers", Keyur Patel, Acee Lindem, Shawn Zandi, Gaurav Dawra, 2019-11-02, This document discusses the usage and applicability of Link State Vector Routing (LSVR) extensions in data center networks utilizing CLOS or Fat-Tree topologies. The document is intended to provide a simplified guide for the deployment of LSVR extensions. "Layer 3 Discovery and Liveness", Randy Bush, Rob Austein, Keyur Patel, 2019-11-02, In Massive Data Centers, BGP-SPF and similar routing protocols are used to build topology and reachability databases. These protocols need to discover IP Layer 3 attributes of links, such as logical link IP encapsulation abilities, IP neighbor address discovery, and link liveness. This Layer 3 Discovery and Liveness protocol collects these data, which may then be disseminated using BGP-SPF and similar protocols. Light-Weight Implementation Guidance (lwig) ------------------------------------------- "Building Power-Efficient CoAP Devices for Cellular Networks", Jari Arkko, Anders Eriksson, Ari Keranen, 2016-01-04, This memo discusses the use of the Constrained Application Protocol (CoAP) protocol in building sensors and other devices that employ cellular networks as a communications medium. Building communicating devices that employ these networks is obviously well known, but this memo focuses specifically on techniques necessary to minimize power consumption. "TCP Usage Guidance in the Internet of Things (IoT)", Carles Gomez, Jon Crowcroft, Michael Scharf, 2019-11-04, This document provides guidance on how to implement and use the Transmission Control Protocol (TCP) in Constrained-Node Networks (CNNs), which are a characterstic of the Internet of Things (IoT). Such environments require a lightweight TCP implementation and may not make use of optional functionality. This document explains a number of known and deployed techniques to simplify a TCP stack as well as corresponding tradeoffs. The objective is to help embedded developers with decisions on which TCP features to use. "Alternative Elliptic Curve Representations", Rene Struik, 2019-07-24, This document specifies how to represent Montgomery curves and (twisted) Edwards curves as curves in short-Weierstrass form and illustrates how this can be used to carry out elliptic curve computations using existing implementations of, e.g., ECDSA and ECDH using NIST prime curves. Mobile Ad-hoc Networks (manet) ------------------------------ "Dynamic Link Exchange Protocol (DLEP) Latency Range Extension", Bow-Nan Cheng, Lou Berger, 2019-11-20, This document defines an extension to the Dynamic Link Exchange Protocol (DLEP) to provide the range of latency that can be experienced on a link. "DLEP DiffServ Aware Credit Window Extension", Bow-Nan Cheng, David Wiggins, Lou Berger, 2019-11-19, This document defines an extension to the Dynamic Link Exchange Protocol (DLEP) that enables a DiffServ aware credit-window scheme for destination-specific and shared flow control. "DLEP Link Identifier Extension", Rick Taylor, Stan Ratliff, 2019-09-10, The Dynamic Link Exchange Protocol, RFC 8175, describes a protocol for modems to advertise the status of wireless links between reachable destinations to attached routers. The core specification of the protocol assumes that every modem in the radio network has an attached DLEP router, and requires that the MAC address of the DLEP interface on the attached router be used to identify the destination in the network, for purposes of reporting the state and quality of the link to that destination. This document describes a DLEP Extension allowing modems that do not meet the strict requirement above to use DLEP to describe link availability and quality to one or more destinations reachable beyond a device on the Layer 2 domain. "DLEP Credit-Based Flow Control Messages and Data Items", Bow-Nan Cheng, David Wiggins, Lou Berger, Stan Ratliff, 2019-11-19, This document defines new Dynamic Link Exchange Protocol (DLEP) Data Items that are used to support credit-based flow control. Credit window control is used to regulate when data may be sent to an associated virtual or physical queue. The Data Items are defined in an extensible and reusable fashion. Their use will be mandated in other documents defining specific DLEP extensions. "DLEP Traffic Classification Data Item", Bow-Nan Cheng, David Wiggins, Lou Berger, 2019-11-19, This document defines a new Dynamic Link Exchange Protocol (DLEP) Data Item that is used to support traffic classification. Traffic classification information is used to identify traffic flows based on frame/packet content such as destination address. The Data Item is defined in an extensible and reusable fashion. It's use will be mandated in other documents defining specific DLEP extensions. This document aloas introduces DLEP sub data items, and sub data items are defined to support DiffServ and Ethernet traffic classification. MBONE Deployment (mboned) ------------------------- "Multicast in the Data Center Overview", Mike McBride, Olufemi Komolafe, 2019-07-23, The volume and importance of one-to-many traffic patterns in data centers is likely to increase significantly in the future. Reasons for this increase are discussed and then attention is paid to the manner in which this traffic pattern may be judiously handled in data centers. The intuitive solution of deploying conventional IP multicast within data centers is explored and evaluated. Thereafter, a number of emerging innovative approaches are described before a number of recommendations are made. "Multicast Considerations over IEEE 802 Wireless Media", Charles Perkins, Mike McBride, Dorothy Stanley, Warren Kumari, Juan Zuniga, 2019-12-11, Well-known issues with multicast have prevented the deployment of multicast in 802.11 (wifi) and other local-area wireless environments. This document describes the problems of known limitations with wireless (primarily 802.11) Layer-2 multicast. Also described are certain multicast enhancement features that have been specified by the IETF, and by IEEE 802, for wireless media, as well as some operational choices that can be taken to improve the performance of the network. Finally, some recommendations are provided about the usage and combination of these features and operational choices. "Multicast YANG Data Model", Zheng Zhang, Cui(Linda) Wang, Ying Cheng, Xufeng Liu, Mahesh Sivakumar, 2019-09-12, This document intents to provide a general and all-round multicast YANG data model, which tries to stand at a high level to take full advantages of existed multicast protocol models to control the multicast network, and guides the deployment of multicast service. And also, there will define several possible RPCs about how to interact between multicast YANG data model and multicast protocol models. This multicast YANG data model is mainly used by the management tools run by the network operators in order to manage, monitor and debug the network resources used to deliver multicast service, as well as gathering some data from the network. "Deprecating ASM for Interdomain Multicast", Mikael Abrahamsson, Tim Chown, Leonard Giuliano, Toerless Eckert, 2019-09-04, This document recommends deprecation of the use of Any-Source Multicast (ASM) for interdomain multicast. It recommends the use of Source-Specific Multicast (SSM) for interdomain multicast applications and that hosts and routers in these deployments fully support SSM. The recommendations in this document do not preclude the continued use of ASM within a single organisation or domain and are especially easy to adopt in existing intradomain ASM/PIM-SM deployments. Requirements Language and Terminology "DNS Reverse IP AMT Discovery", Jake Holland, 2019-12-12, This document updates RFC 7450 (Automatic Multicast Tunneling, or AMT) by extending the relay discovery process to use a new DNS resource record named AMTRELAY when discovering AMT relays for source-specific multicast channels. The reverse IP DNS zone for a multicast sender's IP address is configured to use AMTRELAY resource records to advertise a set of AMT relays that can receive and forward multicast traffic from that sender over an AMT tunnel. Managed Incident Lightweight Exchange (mile) -------------------------------------------- "JSON binding of IODEF", Takeshi Takahashi, Roman Danyliw, Mio Suzuki, 2019-11-18, The Incident Object Description Exchange Format defined in RFC 7970 provides an information model and a corresponding XML data model for exchanging incident and indicator information. This draft gives implementers and operators an alternative format to exchange the same information by defining an alternative data model implementation in JSON and its encoding in CBOR. "Definition of ROLIE CSIRT Extension", Stephen Banghart, John Field, 2019-10-28, This document extends the Resource-Oriented Lightweight Information Exchange (ROLIE) core to add the Indicator and Incident information types, relevant categories, and related requirements needed to support Computer Security Incident Response Team (CSIRT) use cases. Additional supporting requirements are also defined that describe the use of specific formats and link relations pertaining to the new information types. "Definition of the ROLIE Vulnerability Extension", Stephen Banghart, 2019-10-28, This document extends the Resource-Oriented Lightweight Information Exchange (ROLIE) core to add the information type categories and related requirements needed to support Vulnerability use cases. Additional categories, properties, and requirements based on content type enables a higher level of interoperability between ROLIE implementations, and richer metadata for ROLIE consumers. In particular, usage of the Common Vulnerability Enumeration (CVE) [cve] format is discussed. Messaging Layer Security (mls) ------------------------------ "The Messaging Layer Security (MLS) Protocol", Richard Barnes, Benjamin Beurdouche, Jon Millican, Emad Omara, Katriel Cohn-Gordon, Raphael Robert, 2019-11-17, Messaging applications are increasingly making use of end-to-end security mechanisms to ensure that messages are only accessible to the communicating endpoints, and not to any servers involved in delivering messages. Establishing keys to provide such protections is challenging for group chat settings, in which more than two clients need to agree on a key but may not be online at the same time. In this document, we specify a key establishment protocol that provides efficient asynchronous group key establishment with forward secrecy and post-compromise security for groups in size ranging from two to thousands. "The Messaging Layer Security (MLS) Architecture", Emad Omara, Benjamin Beurdouche, Eric Rescorla, Srinivas Inguva, Albert Kwon, Alan Duric, 2019-09-13, This document describes the architecture and requirements for the Messaging Layer Security (MLS) protocol. MLS provides a security layer for group messaging applications with from two to a large number of clients. It is meant to protect against eavesdropping, tampering, and message forgery. "The Messaging Layer Security (MLS) Federation", Emad Omara, Raphael Robert, 2019-09-11, This document describes how the Messaging Layer Security (MLS) can be used in a federated environment where different MLS implementations can interoperate by defining the message format for user key retrieval. The document also describes some use cases where federation could be useful. Multiparty Multimedia Session Control (mmusic) ---------------------------------------------- "SDP: Session Description Protocol", Ali Begen, Paul Kyzivat, Colin Perkins, Mark Handley, 2019-08-09, This memo defines the Session Description Protocol (SDP). SDP is intended for describing multimedia sessions for the purposes of session announcement, session invitation, and other forms of multimedia session initiation. This document obsoletes RFC 4566. "Session Description Protocol (SDP) Offer/Answer Procedures For Stream Control Transmission Protocol (SCTP) over Datagram Transport Layer Security (DTLS) Transport.", Christer Holmberg, Roman Shpount, Salvatore Loreto, Gonzalo Camarillo, 2017-04-20, The Stream Control Transmission Protocol (SCTP) is a transport protocol used to establish associations between two endpoints. draft-ietf-tsvwg-sctp-dtls-encaps-09 specifies how SCTP can be used on top of the Datagram Transport Layer Security (DTLS) protocol, referred to as SCTP-over-DTLS. This specification defines the following new Session Description Protocol (SDP) protocol identifiers (proto values):'UDP/DTLS/SCTP' and 'TCP/DTLS/SCTP'. This specification also specifies how to use the new proto values with the SDP Offer/Answer mechanism for negotiating SCTP-over-DTLS associations. "Negotiating Media Multiplexing Using the Session Description Protocol (SDP)", Christer Holmberg, Harald Alvestrand, Cullen Jennings, 2018-12-14, This specification defines a new Session Description Protocol (SDP) Grouping Framework extension, 'BUNDLE'. The extension can be used with the SDP Offer/Answer mechanism to negotiate the usage of a single transport (5-tuple) for sending and receiving media described by multiple SDP media descriptions ("m=" sections). Such transport is referred to as a BUNDLE transport, and the media is referred to as bundled media. The "m=" sections that use the BUNDLE transport form a BUNDLE group. This specification updates RFC 3264, to also allow assigning a zero port value to a "m=" section in cases where the media described by the "m=" section is not disabled or rejected. This specification updates RFC 5888, to also allow an SDP 'group' attribute to contain an identification-tag that identifies a "m=" section with the port set to zero. This specification defines a new RTP Control Protocol (RTCP) source description (SDES) item and a new RTP header extension that can be used to correlate bundled RTP/RTCP packets with their appropriate "m=" section. This specification updates RFC 7941, by adding an exception, for the MID RTP header extension, to the requirement regarding protection of an SDES RTP header extension carrying an SDES item for the MID RTP header extension. "WebRTC MediaStream Identification in the Session Description Protocol", Harald Alvestrand, 2018-12-13, This document specifies a Session Description Protocol (SDP) Grouping mechanism for RTP media streams that can be used to specify relations between media streams. This mechanism is used to signal the association between the SDP concept of "media description" and the WebRTC concept of "MediaStream" / "MediaStreamTrack" using SDP signaling. This document is a work item of the MMUSIC WG, whose discussion list is mmusic@ietf.org. "Session Description Protocol (SDP) Offer/Answer procedures for Interactive Connectivity Establishment (ICE)", Marc Petit-Huguenin, Suhas Nandakumar, Christer Holmberg, Ari Keranen, Roman Shpount, 2019-08-13, This document describes Session Description Protocol (SDP) Offer/ Answer procedures for carrying out Interactive Connectivity Establishment (ICE) between the agents. This document obsoletes RFC 5245. "A Framework for SDP Attributes when Multiplexing", Suhas Nandakumar, 2018-02-28, The purpose of this specification is to provide a framework for analyzing the multiplexing characteristics of Session Description Protocol (SDP) attributes when SDP is used to negotiate the usage of single 5-tuple for sending and receiving media associated with multiple media descriptions. This specification also categorizes the existing SDP attributes based on the framework described herein. "A Session Initiation Protocol (SIP) Usage for Incremental Provisioning of Candidates for the Interactive Connectivity Establishment (Trickle ICE)", Emil Ivov, Thomas Stach, Enrico Marocco, Christer Holmberg, 2018-06-23, The Interactive Connectivity Establishment (ICE) protocol describes a Network Address Translator (NAT) traversal mechanism for UDP-based multimedia sessions established with the Offer/Answer model. The ICE extension for Incremental Provisioning of Candidates (Trickle ICE) defines a mechanism that allows ICE Agents to shorten session establishment delays by making the candidate gathering and connectivity checking phases of ICE non-blocking and by executing them in parallel. This document defines usage semantics for Trickle ICE with the Session Initiation Protocol (SIP). The document also defines a new SIP Info Package to support this usage together with the corresponding media type. Additionally, a new SDP 'end-of- candidates' attribute and a new SIP Option Tag 'trickle-ice' are defined. "Using Simulcast in SDP and RTP Sessions", Bo Burman, Magnus Westerlund, Suhas Nandakumar, Mo Zanaty, 2019-03-05, In some application scenarios it may be desirable to send multiple differently encoded versions of the same media source in different RTP streams. This is called simulcast. This document describes how to accomplish simulcast in RTP and how to signal it in SDP. The described solution uses an RTP/RTCP identification method to identify RTP streams belonging to the same media source, and makes an extension to SDP to relate those RTP streams as being different simulcast formats of that media source. The SDP extension consists of a new media level SDP attribute that expresses capability to send and/or receive simulcast RTP streams. "SDP-based Data Channel Negotiation", Keith Drage, Maridi Makaraju, Richard Ejzak, Jerome Marcon, Roni Even, 2019-05-11, Data channel setup can be done using either the in-band Data Channel Establishment Protocol (DCEP) or using some out-of-band non-DCEP protocol. This document specifies how the SDP (Session Description Protocol) offer/answer exchange can be used to achieve an out-of-band non-DCEP negotiation for establishing a data channel. "MSRP over Data Channels", Keith Drage, Maridi Makaraju, Juergen Stoetzer-Bradler, Richard Ejzak, Jose Recio, 2019-12-09, This document specifies how the Message Session Relay Protocol (MSRP) can be instantiated as a data channel sub-protocol, using the SDP offer/answer exchange-based generic data channel negotiation framework. Two network configurations are documented: a WebRTC end- to-end configuration (connecting two MSRP over data channel endpoints), and a gateway configuration (connecting an MSRP over data channel endpoint with an MSRP over TCP or TLS endpoint). "Session Description Protocol (SDP) Offer/Answer Considerations for Datagram Transport Layer Security (DTLS) and Transport Layer Security (TLS)", Christer Holmberg, Roman Shpount, 2017-10-29, This document defines the Session Description Protocol (SDP) offer/ answer procedures for negotiating and establishing a Datagram Transport Layer Security (DTLS) association. The document also defines the criteria for when a new DTLS association must be established. The document updates RFC 5763 and RFC 7345, by replacing common SDP offer/answer procedures with a reference to this specification. This document defines a new SDP media-level attribute, 'tls-id'. This document also defines how the 'tls-id' attribute can be used for negotiating and establishing a Transport Layer Security (TLS) connection, in conjunction with the procedures in RFC 4145 and RFC 8122. "RTP Payload Format Restrictions", Adam Roach, 2018-05-15, In this specification, we define a framework for specifying restrictions on RTP streams in the Session Description Protocol. This framework defines a new "rid" ("restriction identifier") SDP attribute to unambiguously identify the RTP Streams within an RTP Session and restrict the streams' payload format parameters in a codec-agnostic way beyond what is provided with the regular Payload Types. This specification updates RFC4855 to give additional guidance on choice of Format Parameter (fmtp) names, and on their relation to the restrictions defined by this document. "Indicating Exclusive Support of RTP/RTCP Multiplexing using SDP", Christer Holmberg, 2017-05-05, This document defines a new SDP media-level attribute, 'rtcp-mux- only', that can be used by an endpoint to indicate exclusive support of RTP/RTCP multiplexing. The document also updates RFC 5761, by clarifying that an offerer can use a mechanism to indicate that it is not able to send and receive RTCP on separate ports. "Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)", Martin Thomson, Eric Rescorla, 2019-08-09, This document describes unknown key-share attacks on the use of Datagram Transport Layer Security for the Secure Real-Time Transport Protocol (DTLS-SRTP). Similar attacks are described on the use of DTLS-SRTP with the identity bindings used in Web Real-Time Communications (WebRTC) and SIP identity. These attacks are difficult to mount, but they cause a victim to be mislead about the identity of a communicating peer. Mitigation techniques are defined that implementations of RFC 8122 are encouraged to deploy. "T.140 Real-time Text Conversation over WebRTC Data Channels", Christer Holmberg, 2019-12-10, This document specifies how a WebRTC data channel can be used as a transport mechanism for Real-time text using the ITU-T Protocol for multimedia application text conversation (Recommendation ITU-T T.140), and how the SDP offer/answer mechanism can be used to negotiate such data channel, referred to as T.140 data channel. The document updates RFC 8373. Multiprotocol Label Switching (mpls) ------------------------------------ "Bidirectional Forwarding Detection (BFD) Directed Return Path", Gregory Mirsky, Jeff Tantsura, Ilya Varlashkin, Mach Chen, 2019-08-21, Bidirectional Forwarding Detection (BFD) is expected to be able to monitor a wide variety of encapsulations of paths between systems. When a BFD session monitors an explicitly routed unidirectional path there may be a need to direct egress BFD peer to use a specific path for the reverse direction of the BFD session. "Resilient MPLS Rings", Kireeti Kompella, Luis Contreras, 2019-10-23, This document describes the use of the MPLS control and data planes on ring topologies. It describes the special nature of rings, and proceeds to show how MPLS can be effectively used in such topologies. It describes how MPLS rings are configured, auto-discovered and signaled, as well as how the data plane works. Companion documents describe the details of discovery and signaling for specific protocols. "Definitions of Managed Objects for the LDP Point-to-Multipoint and Multipoint-to-Multipoint Label Switched Paths", Kishore Tiruveedhula, Uwe Joorde, Arvind Venkateswaran, 2019-07-07, This memo defines a portion of the Management Information Base (MIB) for use with network management protocols. In particular it defines objects for managing multicast LDP point-to-multipoint (P2MP) and multipoint-to-multipoint (MP2MP) Label Switched Paths. The MIB module defined in this document is extension of LDP MIB defined in RFC3815 which supports only for LDP point-to-point LSPs. "A YANG Data Model for MPLS Base", Tarek Saad, Kamran Raza, Rakesh Gandhi, Xufeng Liu, Vishnu Beeram, 2019-09-12, This document contains a specification of the MPLS base YANG model. The MPLS base YANG model serves as a base framework for configuring and managing an MPLS switching subsystem on an MPLS-enabled router. It is expected that other MPLS YANG models (e.g. MPLS LSP Static, LDP or RSVP-TE YANG models) will augment the MPLS base YANG model. "A YANG Data Model for MPLS Static LSPs", Tarek Saad, Rakesh Gandhi, Xufeng Liu, Vishnu Beeram, Igor Bryskin, 2019-09-12, This document contains the specification for the MPLS Static Label Switched Paths (LSPs) YANG model. The model allows for the provisioning of static LSP(s) on Label Edge Router(s) LER(s) and Label Switched Router(s) LSR(s) devices along a LSP path without the dependency on any signaling protocol. The MPLS Static LSP model augments the MPLS base YANG model with specific data to configure and manage MPLS Static LSP(s). "Refresh-interval Independent FRR Facility Protection", Chandrasekar R, Tarek Saad, Ina Minei, Dante Pacella, 2019-09-03, RSVP-TE Fast ReRoute extensions specified in RFC 4090 defines two local repair techniques to reroute Label Switched Path (LSP) traffic over pre-established backup tunnel. Facility backup method allows one or more LSPs traversing a connected link or node to be protected using a bypass tunnel. The many-to-one nature of local repair technique is attractive from scalability point of view. This document enumerates facility backup procedures in RFC 4090 that rely on refresh timeout and hence make facility backup method refresh- interval dependent. The RSVP-TE extensions defined in this document will enhance the facility backup protection mechanism by making the corresponding procedures refresh-interval independent and hence compatible with Refresh-interval Independent RSVP (RI-RSVP) specified in RFC 8370. Hence, this document updates RFC 4090 in order to support RI-RSVP capability specified in RFC 8370. "YANG Data Model for MPLS LDP", Kamran Raza, Rajiv Asati, Xufeng Liu, Santosh Esale, Xia Chen, Himanshu Shah, 2019-11-04, This document describes a YANG data model for Multi-Protocol Label Switching (MPLS) Label Distribution Protocol (LDP). The model also serves as the base model to define Multipoint LDP (mLDP) model. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). "RFC6374 Synonymous Flow Labels", Stewart Bryant, Mach Chen, Zhenbin Li, George Swallow, Siva Sivabalan, Gregory Mirsky, Giuseppe Fioccola, 2019-07-29, This document describes a method of making RFC6374 performance measurements on flows carried over an MPLS Label Switched path. This allows loss and delay measurements to be made on multi-point to point LSPs and allows the measurement of flows within an MPLS construct using RFC6374. "Synonymous Flow Label Framework", Stewart Bryant, Mach Chen, Zhenbin Li, George Swallow, Siva Sivabalan, Gregory Mirsky, 2019-10-09, RFC 8372 describes the requirement for introducing flow identities within the MPLS architecture. This document describes a method of accomplishing this by using a technique called Synonymous Flow Labels in which labels which mimic the behaviour of other labels provide the identification service. These identifiers can be used to trigger per-flow operations on the packet at the receiving label switching router. "RSVP-TE Summary Fast Reroute Extensions for LSP Tunnels", Mike Taillon, Tarek Saad, Rakesh Gandhi, Abhishek Deshmukh, Markus Jork, Vishnu Beeram, 2019-12-11, This document updates the Resource Reservation Protocol (RSVP) Traffic-Engineering (TE) procedures that are defined in RFC 4090 for facility backup protection. The updates include extensions that reduce the amount of signaling and processing that occurs during Fast Reroute (FRR), and subsequently, improves scalability when undergoing FRR convergence after a link or node failure. These extensions allow the RSVP message exchange between the Point of Local Repair (PLR) and the Merge Point (MP) to be independent of the number of protected Label Switched Paths (LSPs) traversing between them when facility bypass FRR protection is used. The signaling extensions are fully backwards compatible with nodes that do not support them. "Special Purpose Label terminology", Loa Andersson, Kireeti Kompella, Adrian Farrel, 2019-11-21, This document discusses and recommends a terminology that may be used when MPLS Special Purpose Labels (SPL) are specified and documented. This document updates RFC 7274 and RFC 3032. "Resilient MPLS Rings and Multicast", Zhaohui Zhang, Santosh Esale, 2019-08-13, With Resilient MPLS Rings (RMR), although all existing multicast procedures and solutions can work as is, there are optimizations that could be done for RSVP-TE P2MP tunnel signaling and Fast-ReRouting for both mLDP and RSVP-TE P2MP tunnels. This document describes RMR multicast on a high level, with detailed protocol procedure for RSVP- TE P2MP optimizations specified in a separate document. This document also discusses end to end multicast when there are RMRs. "Updating the IANA MPLS LSP Ping Parameters", Loa Andersson, Tarek Saad, Mach Chen, Carlos Pignataro, 2019-10-17, This document updates RFC 8029 and RFC 8611 that define IANA registries for MPLS LSP Ping. The updates are mostly for clarification and to align this registry with recent developments.. Multipath TCP (mptcp) --------------------- "TCP Extensions for Multipath Operation with Multiple Addresses", Alan Ford, Costin Raiciu, Mark Handley, Olivier Bonaventure, Christoph Paasch, 2019-06-08, TCP/IP communication is currently restricted to a single path per connection, yet multiple paths often exist between peers. The simultaneous use of these multiple paths for a TCP/IP session would improve resource usage within the network and, thus, improve user experience through higher throughput and improved resilience to network failure. Multipath TCP provides the ability to simultaneously use multiple paths between peers. This document presents a set of extensions to traditional TCP to support multipath operation. The protocol offers the same type of service to applications as TCP (i.e., reliable bytestream), and it provides the components necessary to establish and use multiple TCP flows across potentially disjoint paths. This document specifies v1 of Multipath TCP, obsoleting v0 as specified in RFC6824, through clarifications and modifications primarily driven by deployment experience. Meeting Venue (mtgvenue) ------------------------ "IETF Plenary Meeting Venue Selection Process", Eliot Lear, 2018-06-14, The IASA has responsibility for arranging IETF plenary meeting Venue selection and operation. This memo specifies IETF community requirements for meeting venues, including hotels and meeting room space. It directs the IASA to make available additional process documents that describe the current meeting selection process. "High level guidance for the meeting policy of the IETF", Suresh Krishnan, 2018-07-02, This document describes a meeting location policy for the IETF and the various stakeholders for realizing such a policy. Network Configuration (netconf) ------------------------------- "YANG Groupings for TLS Clients and TLS Servers", Kent Watsen, Gary Wu, Liang Xia, 2019-11-20, This document defines three YANG modules: the first defines groupings for a generic TLS client, the second defines groupings for a generic TLS server, and the third defines common identities and groupings used by both the client and the server. It is intended that these groupings will be used by applications using the TLS protocol. "RESTCONF Client and Server Models", Kent Watsen, 2019-11-20, This document defines two YANG modules, one module to configure a RESTCONF client and the other module to configure a RESTCONF server. Both modules support the TLS transport protocol with both standard RESTCONF and RESTCONF Call Home connections. Editorial Note (To be removed by RFC Editor) This draft contains many placeholder values that need to be replaced with finalized values at the time of publication. This note summarizes all of the substitutions that are needed. No other RFC Editor instructions are specified elsewhere in this document. This document contains references to other drafts in progress, both in the Normative References section, as well as in body text throughout. Please update the following references to reflect their final RFC assignments: o I-D.ietf-netconf-keystore o I-D.ietf-netconf-tcp-client-server o I-D.ietf-netconf-tls-client-server o I-D.ietf-netconf-http-client-server Artwork in this document contains shorthand references to drafts in progress. Please apply the following replacements: o "XXXX" --> the assigned RFC value for this draft o "AAAA" --> the assigned RFC value for I-D.ietf-netconf-tcp-client- server o "BBBB" --> the assigned RFC value for I-D.ietf-netconf-tls-client- server o "CCCC" --> the assigned RFC value for I-D.ietf-netconf-http- client-server Artwork in this document contains placeholder values for the date of publication of this draft. Please apply the following replacement: o "2019-11-20" --> the publication date of this draft The following Appendix section is to be removed prior to publication: o Appendix B. Change Log "YANG Groupings for SSH Clients and SSH Servers", Kent Watsen, Gary Wu, Liang Xia, 2019-11-20, This document defines three YANG modules: the first defines groupings for a generic SSH client, the second defines groupings for a generic SSH server, and the third defines common identities and groupings used by both the client and the server. It is intended that these groupings will be used by applications using the SSH protocol. "NETCONF Client and Server Models", Kent Watsen, 2019-11-20, This document defines two YANG modules, one module to configure a NETCONF client and the other module to configure a NETCONF server. Both modules support both the SSH and TLS transport protocols, and support both standard NETCONF and NETCONF Call Home connections. Editorial Note (To be removed by RFC Editor) This draft contains many placeholder values that need to be replaced with finalized values at the time of publication. This note summarizes all of the substitutions that are needed. No other RFC Editor instructions are specified elsewhere in this document. This document contains references to other drafts in progress, both in the Normative References section, as well as in body text throughout. Please update the following references to reflect their final RFC assignments: o I-D.ietf-netconf-keystore o I-D.ietf-netconf-tcp-client-server o I-D.ietf-netconf-ssh-client-server o I-D.ietf-netconf-tls-client-server Artwork in this document contains shorthand references to drafts in progress. Please apply the following replacements: o "XXXX" --> the assigned RFC value for this draft o "AAAA" --> the assigned RFC value for I-D.ietf-netconf-tcp-client- server o "YYYY" --> the assigned RFC value for I-D.ietf-netconf-ssh-client- server o "ZZZZ" --> the assigned RFC value for I-D.ietf-netconf-tls-client- server Artwork in this document contains placeholder values for the date of publication of this draft. Please apply the following replacement: o "2019-11-20" --> the publication date of this draft The following Appendix section is to be removed prior to publication: o Appendix B. Change Log "A YANG Data Model for a Keystore", Kent Watsen, 2019-11-20, This document defines a YANG 1.1 module called "ietf-keystore" that enables centralized configuration of both symmetric and asymmetric keys. The secret value for both key types may be encrypted. Asymmetric keys may be associated with certificates. Notifications are sent when certificates are about to expire. Editorial Note (To be removed by RFC Editor) This draft contains many placeholder values that need to be replaced with finalized values at the time of publication. This note summarizes all of the substitutions that are needed. No other RFC Editor instructions are specified elsewhere in this document. Artwork in this document contains shorthand references to drafts in progress. Please apply the following replacements: o "AAAA" --> the assigned RFC value for [I-D.ietf-netconf-crypto-types]. o "XXXX" --> the assigned RFC value for this draft Artwork in this document contains placeholder values for the date of publication of this draft. Please apply the following replacement: o "2019-11-20" --> the publication date of this draft The following Appendix section is to be removed prior to publication: o Appendix A. Change Log "Notification Message Headers and Bundles", Eric Voit, Tim Jenkins, Henk Birkholz, Andy Bierman, Alexander Clemm, 2019-11-17, This document defines a new notification message format. Included are: o a new notification mechanism and encoding to replace the one way operation of RFC-5277 o a set of common, transport agnostic message header objects. o how to bundle multiple event records into a single notification message. o how to ensure these new capabilities are only used with capable receivers. "Common YANG Data Types for Cryptography", Kent Watsen, HAIGUANG Wang, 2019-11-20, This document defines four YANG modules for types useful to cryptographic applications. The modules defined include: o ietf-crypto-types o iana-symmetric-algs o iana-asymmetric-algs o iana-hash-algs "A YANG Data Model for a Truststore", Kent Watsen, 2019-11-20, This document defines a YANG 1.1 data model for configuring global sets of X.509 certificates, SSH host-keys, raw public keys, and PSKs (pairwise-symmetric or pre-shared keys) that can be referenced by other data models for trust. While the SSH host-keys are uniquely for the SSH protocol, certificates, raw public keys, and PSKs may have multiple uses, including authenticating protocol peers and verifying signatures. "YANG-Push Notification Capabilities", Balazs Lengyel, Alexander Clemm, Benoit Claise, 2019-12-09, This document proposes a YANG module that allows a publisher to specify capabilities related to "Subscription to YANG Datastores" (YANG-Push). It proposes to use YANG Instance Data to document this information and make it already available at implementation-time, but also allow it to be reported at run-time. The YANG module is also prepared to contain other system capabilities, for future augmentations. "YANG Groupings for TCP Clients and TCP Servers", Kent Watsen, Michael Scharf, 2019-10-18, This document defines three YANG modules: the first defines a grouping for configuring a generic TCP client, the second defines a grouping for configuring a generic TCP server, and the third defines a grouping common to the TCP clients and TCP servers. "An HTTPS-based Transport for Configured Subscriptions", Mahesh Jethanandani, Kent Watsen, 2019-10-30, This document defines a YANG data module for configuring HTTPS based configured subscription, as defined in Subscribed Notifications (RFC8639). The use of HTTPS maximizes transport-level interoperability, while allowing for encoding selection from text, e.g. XML or JSON, to binary. "YANG Groupings for HTTP Clients and HTTP Servers", Kent Watsen, 2019-11-20, This document defines two YANG modules: the first defines a minimal grouping for configuring an HTTP client, and the second defines a minimal grouping for configuring an HTTP server. It is intended that these groupings will be used to help define the configuration for simple HTTP-based protocols (not for complete webservers or browsers). Network Modeling (netmod) ------------------------- "A YANG Data Model for Syslog Configuration", Clyde Wildes, Kiran Koushik, 2018-03-16, This document defines a YANG data model for the configuration of a syslog process. It is intended this model be used by vendors who implement syslog in their systems. "Common Interface Extension YANG Data Models", Robert Wilton, David Ball, tapsingh@cisco.com, Selvakumar Sivaraj, 2019-11-04, This document defines two YANG modules that augment the Interfaces data model defined in the "YANG Data Model for Interface Management" with additional configuration and operational data nodes to support common lower layer interface properties, such as interface MTU. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA) defined in RFC 8342. "Sub-interface VLAN YANG Data Models", Robert Wilton, David Ball, tapsingh@cisco.com, Selvakumar Sivaraj, 2019-11-04, This document defines YANG modules to add support for classifying traffic received on interfaces as Ethernet/VLAN framed packets to sub-interfaces based on the fields available in the Ethernet/VLAN frame headers. These modules allow configuration of Layer 3 and Layer 2 sub-interfaces (e.g. attachment circuits) that can interoperate with IETF based forwarding protocols; such as IP and L3VPN services; or L2VPN services like VPWS, VPLS, and EVPN. The sub-interfaces also interoperate with VLAN tagged traffic orginating from an IEEE 802.1Q compliant bridge. The model differs from an IEEE 802.1Q bridge model in that the configuration is interface/sub-interface based as opposed to being based on membership of an 802.1Q VLAN bridge. The YANG data models in this document conforms to the Network Management Datastore Architecture (NMDA) defined in RFC 8342. "YANG Data Structure Extensions", Andy Bierman, Martin Bjorklund, Kent Watsen, 2019-12-09, This document describes YANG mechanisms for defining abstract data structures with YANG. "YANG Module Tags", Christian Hopps, Lou Berger, Dean Bogdanovic, 2019-09-25, This document provides for the association of tags with YANG modules. The expectation is for such tags to be used to help classify and organize modules. A method for defining, reading and writing a modules tags is provided. Tags may be registered and assigned during module definition; assigned by implementations; or dynamically defined and set by users. This document also provides guidance to future model writers; as such, this document updates RFC8407. "Comparison of NMDA datastores", Alexander Clemm, Yingzhen Qu, Jeff Tantsura, Andy Bierman, 2019-11-04, This document defines an RPC operation to compare management datastores that comply with the NMDA architecture. "Handling Long Lines in Inclusions in Internet-Drafts and RFCs", Kent Watsen, Erik Auerswald, Adrian Farrel, Qin WU, 2019-11-04, This document defines two strategies for handling long lines in width-bounded text content. One strategy is based on the historical use of a single backslash ('\') character to indicate where line- folding has occurred, with the continuation occurring with the first non-space (' ') character on the next line. The second strategy extends the first strategy by adding a second backslash character to identify where the continuation begins and is thereby able to handle cases not supported by the first strategy. Both strategies use a self-describing header enabling automated reconstitution of the original content. "YANG Instance Data File Format", Balazs Lengyel, Benoit Claise, 2019-12-04, There is a need to document data defined in YANG models when a live server is not available. Data is often needed already at design or implementation time or needed by groups that do not have a live running server available. This document specifies a standard file format for YANG instance data (which follows the syntax and semantic from existing YANG models, re-using the same format as the reply to a operation/request) and annotates it with metadata. "YANG Module Versioning Requirements", Joe Clarke, 2019-07-03, This document describes the problems that can arise because of the YANG language module update rules, that require all updates to YANG module preserve strict backwards compatibility. It also defines the requirements on any solution designed to solve the stated problems. This document does not consider possible solutions, nor endorse any particular solution. "Common YANG Data Types", Juergen Schoenwaelder, 2019-11-04, This document introduces a collection of common data types to be used with the YANG data modeling language. This document obsoletes RFC 6991. "YANG Geo Location", Christian Hopps, 2019-11-04, This document defines a generic geographical location object YANG grouping. The geographical location grouping is intended to be used in YANG models for specifying a location on or in reference to the Earth or any other astronomical object. "Factory Default Setting", Qin WU, Balazs Lengyel, Ye Niu, 2019-12-06, This document defines a method to reset a server to its factory- default content. The reset operation may be used, e.g., when the existing configuration has major errors so re-starting the configuration process from scratch is the best option. A new factory-reset RPC is defined. When resetting a datastore, all previous configuration settings will be lost and replaced by the factory-default content. A new optional "factory-default" read-only datastore is defined, that contains the data that will be copied over to the running datastore at reset. Internet Video Codec (netvc) ---------------------------- "Video Codec Requirements and Evaluation Methodology", Alexey Filippov, Andrey Norkin, jose.roberto.alvarez@huawei.com, 2019-11-21, This document provides requirements for a video codec designed mainly for use over the Internet. In addition, this document describes an evaluation methodology needed for measuring the compression efficiency to ensure whether the stated requirements are fulfilled or not. "Video Codec Testing and Quality Measurement", Thomas Daede, Andrey Norkin, Ilya Brailovskiy, 2019-01-25, This document describes guidelines and procedures for evaluating a video codec. This covers subjective and objective tests, test conditions, and materials used for the test. Network File System Version 4 (nfsv4) ------------------------------------- "Integrity Measurement for Network File System version 4", Chuck Lever, 2019-10-01, This document specifies an OPTIONAL extension to NFS version 4 minor version 2 that enables Linux Integrity Measurement Architecture metadata (IMA) to be conveyed between NFS version 4.2 servers and clients. Integrity measurement authenticates the creator of a file's content and helps guarantee the content's integrity end-to-end from creation to use. "RDMA Connection Manager Private Data For RPC-Over-RDMA Version 1", Chuck Lever, 2019-11-15, This document specifies the format of RDMA-CM Private Data exchanged between RPC-over-RDMA version 1 peers as part of establishing a connection. The addition of the private data payload specified in this document is an optional extension that does not alter the RPC- over-RDMA version 1 protocol. This document updates RFC 8166. "Towards Remote Procedure Call Encryption By Default", Trond Myklebust, Chuck Lever, 2019-11-17, This document describes a mechanism that, through the use of opportunistic Transport Layer Security (TLS), enables encryption of in-transit Remote Procedure Call (RPC) transactions while interoperating with ONC RPC implementations that do not support this mechanism. This document updates RFC 5531. "Network File System (NFS) Version 4 Minor Version 1 Protocol", David Noveck, Chuck Lever, 2019-10-20, This document describes the Network File System (NFS) version 4 minor version 1, including features retained from the base protocol (NFS version 4 minor version 0, which is specified in RFC 7530) and protocol extensions made subsequently. The later minor version has no dependencies on NFS version 4 minor version 0, and is considered a separate protocol. This document obsoletes RFC5661. It substantialy revises the treatment of features relating to multi-server namesapce superseding the description of those features appearing in RFC5661. "Extending the Opening of Files in NFSv4.2", Thomas Haynes, Trond Myklebust, 2019-07-25, The Network File System v4 (NFSv4) allows a client to both open a file and be granted a delegation of that file. This provides the client the right to cache metadata on the file locally. This document presents several refinements to both the opening and delegating of the file to the client. "RPC-over-RDMA Version 2 Protocol", Chuck Lever, David Noveck, 2019-11-17, This document specifies the second version of a protocol that conveys Remote Procedure Call (RPC) messages on transports capable of Remote Direct Memory Access (RDMA). This version of the protocol is extensible. "Network File System (NFS) Upper Layer Binding To RPC-Over-RDMA Version 2", Chuck Lever, 2019-11-17, This document specifies Upper Layer Bindings of Network File System (NFS) protocol versions to RPC-over-RDMA version 2. Individual Submissions (none) ----------------------------- "The ARK Identifier Scheme", John Kunze, Emmanuelle Bermes, 2019-06-22, The ARK (Archival Resource Key) naming scheme is designed to facilitate the high-quality and persistent identification of information objects. A founding principle of the ARK is that persistence is purely a matter of service and is neither inherent in an object nor conferred on it by a particular naming syntax. The best that an identifier can do is to lead users to the services that support robust reference. The term ARK itself refers both to the scheme and to any single identifier that conforms to it. An ARK has five components: [http://NMAH/]ark:[/]NAAN/Name[Qualifier] an optional and mutable Name Mapping Authority Hostport (usually a hostname), the "ark:" label, the Name Assigning Authority Number (NAAN), the assigned Name, and an optional and possibly mutable Qualifier supported by the NMA. The NAAN and Name together form the immutable persistent identifier for the object independent of the URL hostname. An ARK is a special kind of URL that connects users to three things: the named object, its metadata, and the provider's promise about its persistence. When entered into the location field of a Web browser, the ARK leads the user to the named object. That same ARK, inflected by appending a single question mark (`?'), returns a brief metadata record that is both human- and machine- readable. When the ARK is inflected by appending dual question marks (`??'), the returned metadata contains a commitment statement from the current provider. Tools exist for minting, binding, and resolving ARKs. "An IPv4 Flowlabel Option", Thomas Dreibholz, 2019-09-10, This draft defines an IPv4 option containing a flowlabel that is compatible to IPv6. It is required for simplified usage of IntServ and interoperability with IPv6. "EAP Support in Smartcard", Pascal Urien, Guy Pujolle, 2019-06-14, This document describes the functional interface, based on the ISO7816 standard, to EAP methods, fully and securely executed in smart cards. This class of tamper resistant device may deliver client or server services; it can compute Root Keys from an Extended Master Session Key (EMSK). "Prepaid Extensions to Remote Authentication Dial-In User Service (RADIUS)", Avi Lior, Parviz Yegani, Kuntal Chowdhury, Hannes Tschofenig, Andreas Pashalidis, 2013-02-25, This document specifies an extension to the Remote Authentication Dial-In User Service (RADIUS) protocol that enables service providers to charge for prepaid services. The supported charging models supported are volume-based, duration-based, and based on one-time events. "Apple's DNS Long-Lived Queries protocol", Stuart Cheshire, Marc Krochmal, 2019-08-22, Apple's DNS Long-Lived Queries protocol (LLQ) is a protocol for extending the DNS protocol to support change notification, thus allowing clients to learn about changes to DNS data without polling the server. From 2005 onwards, LLQ was implemented in Apple products including Mac OS X, Bonjour for Windows, and AirPort wireless base stations. In 2019, the LLQ protocol was superseded by the IETF Standards Track RFC xxxx [[RFC Editor note: Please replace xxxx with RFC number]] "DNS Push Notifications", which builds on experience gained with the LLQ protocol to create a superior replacement. The existing LLQ protocol deployed and used from 2005 to 2019 is documented here to give background regarding the operational experience that informed the development of DNS Push Notifications, and to help facilitate a smooth transition from LLQ to DNS Push Notifications. "Applicability of Reliable Server Pooling for Real-Time Distributed Computing", Thomas Dreibholz, 2019-09-10, This document describes the applicability of the Reliable Server Pooling architecture to manage real-time distributed computing pools and access the resources of such pools. "Secure SCTP", Carsten Hohendorf, Esbold Unurkhaan, Thomas Dreibholz, 2019-09-10, This document explains the reason for the integration of security functionality into SCTP, and gives a short description of S-SCTP and its services. S-SCTP is fully compatible with SCTP defined in RFC4960, it is designed to integrate cryptographic functions into SCTP. "Applicability of Reliable Server Pooling for SCTP-Based Endpoint Mobility", Thomas Dreibholz, Jobin Pulinthanath, 2019-09-10, This document describes a novel mobility concept based on a combination of SCTP with Dynamic Address Reconfiguration extension and Reliable Server Pooling (RSerPool). "Reliable Server Pooling (RSerPool) Bakeoff Scoring", Thomas Dreibholz, Michael Tuexen, 2019-09-10, This memo describes some of the scoring to be used in the testing of Reliable Server Pooling protocols ASAP and ENRP at upcoming bakeoffs. "Handle Resolution Option for ASAP", Thomas Dreibholz, 2019-09-10, This document describes the Handle Resolution option for the ASAP protocol. "Definition of a Delay Measurement Infrastructure and Delay-Sensitive Least-Used Policy for Reliable Server Pooling", Thomas Dreibholz, Xing Zhou, 2019-09-10, This document contains the definition of a delay measurement infrastructure and a delay-sensitive Least-Used policy for Reliable Server Pooling. "BGP Extended Community for QoS Marking", Thomas Knoll, 2019-07-25, This document specifies a simple signalling mechanism for inter- domain QoS marking using several instances of a new BGP Extended Community. Class based packet marking and forwarding is currently performed independently within ASes. The new QoS marking community makes the targeted Per Hop Behaviour within the IP prefix advertising AS and the currently applied marking at the interconnection point known to all access and transit ASes. This enables individual (re-)marking and possibly forwarding treatment adaptation to the original QoS class setup of the respective originating AS. The extended community provides the means to signal QoS markings on different layers, which are linked together in QoS Class Sets. It provides inter-domain and cross-layer insight into the QoS class mapping of the source AS with minimal signalling traffic. "BGP Class of Service Interconnection", Thomas Knoll, 2019-11-18, This document focuses on Class of Service Interconnection at inter- domain interconnection points. It specifies two new transitive attributes, which enable adjacent peers to signal Class of Service Capabilities and certain Class of Service admission control Parameters. The new "CoS Capability" is deliberately kept simple and denotes the general EF, AF Group BE and LE forwarding support across the advertising AS. The second "CoS Parameter Attribute" is of variable length and contains a more detailed description of available forwarding behaviours using the PHB id Code encoding. Each PHB id Code is associated with rate and size based traffic parameters, which will be applied in the ingress AS Border Router for admission control purposes to a given forwarding behaviour. "Takeover Suggestion Flag for the ENRP Handle Update Message", Thomas Dreibholz, Xing Zhou, 2019-09-10, This document describes the Takeover Suggestion Flag for the ENRP_HANDLE_UPDATE message of the ENRP protocol. "The i;codepoint collation", Bjoern Hoehrmann, 2010-09-14, This memo describes the "i;codepoint" collation. Character strings are compared based on the Unicode scalar values of the characters. The collation supports equality, substring, and ordering operations. "A Uniform Resource Name (URN) Namespace for Sources of Law (LEX)", PierLuigi Spinosa, Enrico Francesconi, Caterina Lupo, 2018-06-06, This document describes a Uniform Resource Name (URN) Namespace Identification (NID) convention as prescribed by the Internet Engineering Task Force (IETF) for identifying, naming, assigning, and managing persistent resources in the legal domain. "Xon/Xoff State Control for Telnet Com Port Control Option", Grant Edwards, 2010-03-23, This document defines new values for use with the telnet com port control option's SET-CONTROL sub-command defined in RFC2217. These new values provide a mechanism for the telnet client to control and query the outbound Xon/Xoff flow control state of the telnet server's physical serial port. This capability is exposed in the serial port API on some operating systems and is needed by telnet clients that implement a port-redirector service which provides applications local to the redirector/telnet-client with transparent access to the remote serial port on the telnet server. "Load Sharing for the Stream Control Transmission Protocol (SCTP)", Paul Amer, Martin Becke, Thomas Dreibholz, Nasif Ekiz, Jana Iyengar, Preethi Natarajan, Randall Stewart, Michael Tuexen, 2019-07-22, The Stream Control Transmission Protocol (SCTP) supports multi-homing for providing network fault tolerance. However, mainly one path is used for data transmission. Only timer-based retransmissions are carried over other paths as well. This document describes how multiple paths can be used simultaneously for transmitting user messages. "Intelligent OSPF Link State Database Exchange", Huaimo Chen, 2019-10-02, This document presents an intelligent database exchange mechanism for the database exchange procedure in OSPFv2 and OSPFv3. This mechanism is backward compatible. It eliminates the unnecessary database exchanges through using the existing reachability information calculated from the link state database and the un-reachability information about routers recorded. It significantly speeds up the establishment of the full adjacency between two routers in some situations. "Clarification of Proper Use of "@" (at sign) in URI-style Components", Robert Simpson, 2010-07-30, Defacto standards have evolved that conflict with existing standards, specifically RFC 3986. This document clarifies the use of the "@" (at sign) in URIs and partial URI-like addresses. "Hosts with Any Network Connectivity Using "Bump-in-the-API"(BIA)", Ala Hamarsheh, 2011-01-19, This document specifies a mechanism for hosts with any network connectivity (IPv4 only, IPv6 only, or dual IPv4/IPv6 connectivity) to run applications of any capability (IPv4 only, IPv6 only, or dual IPv4/IPv6) without any modification to those applications. It is a generalisation of a previous experimental protocol called "Bump-in-the-API" (BIA) [RFC3338]. New mechanism of BIA allows a changeover between the application layer and the IP communication layers from IPv4 to IPv6 and vice versa or IPv6 to IPv4 and vice versa, without requiring those applications to be converted in addressing capabilities, effectively shielding the application layer from IPv4 or IPv6 connectivity. This is considered by the authors to be one of the essential conditions for the transition to IPv6 in the Internet to be successful. "Hypertext Transfer Protocol (HTTP) Digest Authentication Using GSM 2G Authentication and Key Agreement (AKA)", Lionel Morand, 2014-04-14, This document specifies a one-time password generation mechanism for Hypertext Transfer Protocol (HTTP) Digest access authentication based on Global System for Mobile Communications (GSM) authentication and key generation functions A3 and A8, also known as GSM AKA or 2G AKA. The HTTP Authentication Framework includes two authentication schemes: Basic and Digest. Both schemes employ a shared secret based mechanism for access authentication. The GSM AKA mechanism performs user authentication and session key distribution in GSM and Universal Mobile Telecommunications System (UMTS) networks. GSM AKA is a challenge-response based mechanism that uses symmetric cryptography. "OSPF Abnormal State Information", Huaimo Chen, 2019-10-02, This document describes a couple of options for an OSPF router to advertise its abnormal state information in a routing domain. "Extensions to Path Computation Element Communication Protocol (PCEP) for Backup Ingress of a Traffic Engineering Label Switched Path", Huaimo Chen, 2019-07-07, This document presents extensions to the Path Computation Element Communication Protocol (PCEP) for a PCC to send a request for computing a backup ingress for an MPLS TE P2MP LSP or an MPLS TE P2P LSP to a PCE and for a PCE to compute the backup ingress and reply to the PCC with a computation result for the backup ingress. "Extensions to the Path Computation Element Communication Protocol (PCEP) for Backup Egress of a Traffic Engineering Label Switched Path", Huaimo Chen, 2019-07-07, This document presents extensions to the Path Computation Element Communication Protocol (PCEP) for a PCC to send a request for computing a backup egress for an MPLS TE P2MP LSP or an MPLS TE P2P LSP to a PCE and for a PCE to compute the backup egress and reply to the PCC with a computation result for the backup egress. "SCTP Socket API Extensions for Concurrent Multipath Transfer", Thomas Dreibholz, Martin Becke, Hakim Adhari, 2019-09-10, This document describes extensions to the SCTP sockets API for configuring the CMT-SCTP and CMT/RP-SCTP extensions. "Sender Queue Info Option for the SCTP Socket API", Thomas Dreibholz, Robin Seggelmann, Martin Becke, 2019-09-10, This document describes an extension to the SCTP sockets API for querying information about the sender queue. "Encoding the graphemes of the SignWriting Script with the x-ISWA-2010", Stephen Slevinski, Valerie Sutton, 2011-01-03, For concreteness, because the universal character set is not yet universal, because an undocumented and unlabeled coded character set hampers information interchange, a 12-bit coded character set has been created that encodes the graphemes of the SignWriting script as described in the open standard of the International SignWriting Alphabet 2010. The x-ISWA-2010 coded character set is defined with hexadecimal characters and described with Unicode characters, either proposed characters on plane 1 or interchange characters on plane 15. This memo defines a standard coded character set for the Internet community. It is published for reference, examination, implementation, and evaluation. Distribution of this memo is unlimited. "The Quality for Service Protocol", Jose Aranda, Monica Cortes, Joaquin Salvachua, Tecnalia Innovation, Inaki Sarriegui, 2019-07-05, This memo describes an application level protocol for the communication of end-to-end QoS compliance information based on the Hypertext Transfer Protocol (HTTP) and the Session Description Protocol (SDP). The Quality for Service Protocol (Q4S) provides a mechanism to negotiate and monitor latency, jitter, bandwidth, and packet, and to alert whenever one of the negotiated conditions is violated. Implementation details on the actions to be triggered upon reception/detection of QoS alerts exchanged by the protocol are out of scope of this document, it is application dependent (e.g., act to increase quality or reduce bit-rate) or network dependent (e.g., change connection's quality profile). This protocol specification is the product of research conducted over a number of years, and is presented here as a permanent record and to offer a foundation for future similar work. It does not represent a standard protocol and does not have IETF consensus. "A Forward-Search P2P TE LSP Inter-Domain Path Computation", Huaimo Chen, 2019-07-07, This document presents a forward search procedure for computing paths for Point-to-Point (P2P) Traffic Engineering (TE) Label Switched Paths (LSPs) crossing a number of domains using multiple Path Computation Elements (PCEs). In addition, extensions to the Path Computation Element Communication Protocol (PCEP) for supporting the forward search procedure are described. "Route Flap Damping Deployment Status Survey", Shishio Tsuchiya, Seiichi Kawamura, Randy Bush, Cristel Pelsser, 2012-06-21, BGP Route Flap Damping [RFC2439] is a mechanism that targets route stability. It penalyzes routes that flap with the aim of reducing CPU load on the routers. But it has side-effects. Thus, in 2006, RIPE recommended not to use Route Flap Damping (see [RIPE-378]). Now, some researchers propose to turn RFD, with less aggressive parameters, back on [draft-ymbk-rfd-usable]. This document describes results of a survey conducted among service provider on their use of BGP Route Flap Damping. "A Forward-Search P2MP TE LSP Inter-Domain Path Computation", Huaimo Chen, 2019-07-07, This document presents a forward search procedure for computing a path for a Point-to-MultiPoint (P2MP) Traffic Engineering (TE) Label Switched Path (LSP) crossing a number of domains through using multiple Path Computation Elements (PCEs). In addition, extensions to the Path Computation Element Communication Protocol (PCEP) for supporting the forward search procedure are described. "A SAVI Solution for WLAN", Jun Bi, Jianping Wu, You Wang, Tao Lin, 2019-11-17, This document describes a source address validation solution for WLAN enabling 802.11i or other security mechanisms. This mechanism snoops NDP and DHCP packets to bind IP address to MAC address, and relies on the security of MAC address guaranteed by 802.11i or other mechanisms to filter IP spoofing packets. It can work in the special situations described in the charter of SAVI(Source Address Validation Improvements) workgroup, such as multiple MAC addresses on one interface. This document describes three different deployment scenarios, with solutions for migration of binding entries when hosts move from one access point to another. "A Taxonomy on Private Use Fields in Protocols", Chris Lonvick, 2019-10-17, This document discusses how private use fields in IETF protocols are used. "An Extension Language for the DNS", John Levine, Paul Vixie, 2019-10-12, Adding new RRTYPEs to the DNS has required that DNS servers and provisioning software be upgraded to support each new RRTYPE in Master files. This document defines a DNS extension language intended to allow most new RRTYPEs to be supported by adding entries to configuration data read by the DNS software, with no software changes needed for each RRTYPE. "Unified User-Agent String", Mateusz Karcz, 2014-11-10, User-Agent is a HTTP request-header field. It contains information about the user agent originating the request, which is often used by servers to help identify the scope of reported interoperability problems, to work around or tailor responses to avoid particular user agent limitations, and for analytics regarding browser or operating system use. Over the years contents of this field got complicated and ambiguous. That was the reaction for sending altered version of websites to web browsers other than popular ones. During the development of the WWW, authors of the new web browsers used to construct User-Agent strings similar to Netscape's one. Nowadays contents of the User-Agent field are much longer than 15 years ago. This Memo proposes the Uniform User-Agent String as a way to simplify the User-Agent field contents, while maintaining the previous possibility of their use. "SNMPD to use cache and shared database based on MIB Classification", Haresh Khandelwal, 2012-03-29, This memo defines classification of SNMP MIBs to either use SNMP cache database and shared database (SDB) mechanism to reduce high CPU usage while SNMP GET REQUEST, GETNEXT REQUEST, GETBULK REQUEST are continuously performed from network management system (NMS)/SNMP manager/SNMP MIB browser to managed device. "Analysis of Algorithms For Deriving Port Sets", Tina Tsou, Tetsuya Murakami, Simon Perreault, 2013-05-17, This memo analyzes some port set definition algorithms used for stateless IPv4 to IPv6 transition technologies. The transition technologies using port set algorithms can be divided into two categories: fully stateless approach and binding approach. Some algorithms can work for both approaches. "The Applicability of the PCE to Computing Protection and Recovery Paths for Single Domain and Multi-Domain Networks.", Huaimo Chen, 2019-10-02, The Path Computation Element (PCE) provides path computation functions in support of traffic engineering in Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) networks. A link or node failure can significantly impact network services in large-scale networks. Therefore it is important to ensure the survivability of large scale networks which consist of various connections provided over multiple interconnected networks with varying technologies. This document examines the applicability of the PCE architecture, protocols, and procedures for computing protection paths and restoration services, for single and multi-domain networks. This document also explains the mechanism of Fast Re-Route (FRR) where a point of local repair (PLR) needs to find the appropriate merge point (MP) to do bypass path computation using PCE. "An FTP Application Layer Gateway (ALG) for IPv4-to-IPv6 Translation", Tina Tsou, Simon Perreault, Jing Huang, 2013-09-16, An FTP ALG for NAT64 was defined in RFC 6384. Its scope was limited to an IPv6 client connecting to an IPv4 server. This memo supports the case of an IPv4 client connecting to an IPv6 server. "Web Cache Communication Protocol V2, Revision 1", Douglas McLaggan, 2012-08-02, This document describes version 2 of the Web Cache Communication Protocol (WCCP). The WCCP V2 protocol specifies interactions between one or more routers and one or more web-caches. The interaction may take place within an IPv4 or IPv6 network. The purpose of the interaction is to establish and maintain the transparent redirection of selected types of traffic flowing through a group of routers (or similar devices). The selected traffic is redirected to a group of web-caches (or other traffic optimisation devices) with the aim of optimising resource usage and lowering response times. The protocol does not specify any interaction between the web-caches within a group or between a web-cache and a web-server. "Design Discussion and Comparison of Protection Mechanisms for Replay Attack and Withdrawal Suppression in BGPsec", Kotikalapudi Sriram, Doug Montgomery, 2019-10-22, In the context of BGPsec, a withdrawal suppression occurs when an adversary AS suppresses a prefix withdrawal with the intension of continuing to attract traffic for that prefix based on a previous (signed and valid) BGPsec announcement that was earlier propagated. Subsequently if the adversary AS had a BGPsec session reset with a neighboring BGPsec speaker and when the session is restored, the AS replays said previous BGPsec announcement (even though it was withdrawn), then such a replay action is called a replay attack. The BGPsec protocol should incorporate a method for protection from Replay Attack and Withdrawal Suppression (RAWS), at least to control the window of exposure. This informational document provides design discussion and comparison of multiple alternative RAWS protection mechanisms weighing their pros and cons. This is meant to be a companion document to the standards track draft-ietf-sidrops-bgpsec- rollover that will specify a method to be used with BGPsec for RAWS protection. "The application/stream+json Media Type", James Snell, 2012-10-11, This specification defines and registers the application/stream+json Content Type for the JSON Activity Streams format. "Cryptographic Security Characteristics of 802.11 Wireless LAN Access Systems", Stephen Orr, Anthony Grieco, Dan Harkins, 2012-10-15, This note identifies all of the places that cryptography is used in Wireless Local Area Network (WLAN) architectures, to simplify the task of selecting the protocols, algorithms, and key sizes needed to achieve a consistent security level across the entire architecture. "Observations on the experience and nature of Large Interim Meetings", Joel Jaeggli, Jari Arkko, 2013-01-14, Planning, particpipation and conclusions from the experience of participating in the IETF LIM activity on september 29th 2012. "I-PAKE: Identity-Based Password Authenticated Key Exchange", Taekyoung Kwon, Hyojin Yoon, Sang Kim, 2013-05-03, Although password authentication is the most widespread user authentication method today, cryptographic protocols for mutual authentication and key agreement, i.e., password authenticated key exchange (PAKE), in particular authenticated key exchange (AKE) based on a password only, are not actively used in the real world. This document introduces a quite novel form of PAKE protocols that employ a particular concept of ID-based encryption (IBE). The resulting cryptographic protocol is the ID-based password authenticated key exchange (I-PAKE) protocol which is a secure and efficient PAKE protocol in both soft- and hard-augmented models. I-PAKE achieves the security goals of AKE, PAKE, and hard-augmented PAKE. I-PAKE also achieves the great efficiency by allowing the whole pre-computation of the ephemeral Diffie-Hellman public keys by both server and client. "remoteStorage", Michiel de Jong, F. Kooman, 2019-12-09, This draft describes a protocol by which client-side applications, running inside a web browser, can communicate with a data storage server that is hosted on a different domain name. This way, the provider of a web application need not also play the role of data storage provider. The protocol supports storing, retrieving, and removing individual documents, as well as listing the contents of an individual folder, and access control is based on bearer tokens. "A Format for Self-published IP Geolocation Feeds", Erik Kline, Krzysztof Duleba, Zoltan Szamonek, Stefan Moser, Warren Kumari, 2019-11-04, This document records a format whereby a network operator can publish a mapping of IP address prefixes to simplified geolocation information, colloquially termed a geolocation "feed". Interested parties can poll and parse these feeds to update or merge with other geolocation data sources and procedures. This format intentionally only allows specifying coarse level location. Some technical organizations operating networks that move from one conference location to the next have already experimentally published small geolocation feeds. This document describes a currently deployed format. At least one consumer (Google) has incorporated these feeds into a geolocation data pipeline, and a significant number of ISPs are using it to inform them where their prefixes should be geolocated. [RFC Ed - Please remove publication: The IETF Meeting network currently publishes a feed in this format at: https://noc.ietf.org/geo/google.csv -- this has significantly cut down on the number of "Gah! Why does the network believe I'm in Montreal, that was last meeting! How am I supposed to find a pub?!" complaints. A number of other meeting networks, including RIPE and ICANN publish this information as well, see below. ] [ Ed note: Text inside square brackets ([]) is additional background information, answers to frequently asked questions, general musings, etc. They will be removed before publication.] [ This document is being collaborated on in Github at: https://github.com/google/self-published-geo . The most recent version of the document, open issues, etc should all be available here. The authors (gratefully) accept pull requests ] "Ruoska Encoding", Jukka-Pekka Makela, 2013-10-12, This document describes hierarchically structured binary encoding format called Ruoska Encoding (later RSK). The main design goals are minimal resource usage, well defined structure with good selection of widely known data types, and still extendable for future usage. The main benefit when compared to non binary hierarchically structured formats like XML is simplicity and minimal resource demands. Even basic XML parsing is time and memory consuming operation. When compared to other binary formats like BER encoding of ASN.1 the main benefit is simplicity. ASN.1 with many different encodings is complex and even simple implementation needs a lot of effort. RSK is also more efficient than BER. "Topology-Transparent Zone", Huaimo Chen, Alvaro Retana, Renwei Li, Ning So, Vic liu, Mehmet Toy, Lei Liu, 2019-10-09, This document presents a topology-transparent zone in an area. A zone is a block/piece of an area, which comprises a group of routers and a number of circuits connecting them. It is abstracted as a virtual entity such as a single pseudo node or zone edges mess. Any router outside of the zone is not aware of the zone. The information about the circuits and routers inside the zone is not distributed to any router outside of the zone. "ICANN Registry Interfaces", Gustavo Lozano, Eduardo Alvarez, 2019-09-23, This document describes the technical details of the interfaces provided by the Internet Corporation for Assigned Names and Numbers (ICANN) to its contracted parties in order to fulfill reporting requirements. The interfaces provided by ICANN to Data Escrow Agents and Registry Operators to fulfill the requirements of Specifications 2 and 3 of the gTLD Base Registry Agreement are also described in this document. "Signing HTTP Messages", Mark Cavage, Manu Sporny, 2019-10-21, When communicating over the Internet using the HTTP protocol, it can be desirable for a server or client to authenticate the sender of a particular message. It can also be desirable to ensure that the message was not tampered with during transit. This document describes a way for servers and clients to simultaneously add authentication and message integrity to HTTP messages by using a digital signature. "Connectivity Provisioning Negotiation Protocol (CPNP)", Mohamed Boucadair, Christian Jacquenet, Dacheng Zhang, Panos Georgatsos, 2019-12-10, This document specifies the Connectivity Provisioning Negotiation Protocol (CPNP) which is designed for dynamic negotiation of service parameters. CPNP is a generic protocol that can be used for various negotiation purposes that include (but are not necessarily limited to) connectivity provisioning services, storage facilities, Content Delivery Networks footprint, etc. The protocol can be extended with new Information Elements. "Binary Encodings for JavaScript Object Notation: JSON-B, JSON-C, JSON-D", Phillip Hallam-Baker, 2019-10-23, Three binary encodings for JavaScript Object Notation (JSON) are presented. JSON-B (Binary) is a strict superset of the JSON encoding that permits efficient binary encoding of intrinsic JavaScript data types. JSON-C (Compact) is a strict superset of JSON-B that supports compact representation of repeated data strings with short numeric codes. JSON-D (Data) supports additional binary data types for integer and floating-point representations for use in scientific applications where conversion between binary and decimal representations would cause a loss of precision. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-jsonbcd.html [1] . "QoS-level aware Transmission Protocol (QTP) for virtual networks", Julong Lan, Dongnian Cheng, Yuxiang Hu, Guozhen Cheng, Tong Duan, 2019-09-17, This document provides a QoS-level aware Transmission Protocol (QTP) for virtual networks. "Multicast Traceroute for MVPNs", Robert Kebler, Pavan Kurapati, Saud Asif, mankamana mishra, Stig Venaas, 2019-10-21, Mtrace is a tool used to troubleshoot issues in a network deploying Multicast service. When multicast is used within a VPN service offering, the base Mtrace specification does not detect the failures. This document specifies a method of using multicast traceroute in a network offering Multicast in VPN service. "DNSWL Email Authentication Method Extension", Alessandro Vesely, 2019-11-16, This document describes an additional Email Authentication Method compliant with RFC 8601. The method consists in looking up the sender's IP address in a DNS whitelist. This document is provided for information in case the method is seen in the field, as well as to suggest a useful practice and register the relevant keywords. This document does not consider black lists. "Remote APDU Call Secure (RACS)", Pascal Urien, 2019-06-14, This document describes the Remote APDU Call Protocol Secure (RACS) protocol, dedicated to Grid of Secure Elements (GoSE). These servers host Secure Elements (SE), i.e. tamper resistant chips offering secure storage and cryptographic resources. Secure Elements are microcontrollers whose chip area is about 25mm2; they deliver trusted computing services in constrained environments. RACS supports commands for GoSE inventory and data exchange with secure elements. It is designed according to the representational State Transfer (REST) architecture. RACS resources are identified by dedicated URIs. An HTTP interface is also supported. An open implementation is available (https://github.com/purien) for various OS. "Use of the WebSocket Protocol as a Transport for the Remote Framebuffer Protocol", Nicholas Wilson, 2013-10-07, The Remote Framebuffer protocol (RFB) enables clients to connect to and control remote graphical resources. This document describes a transport for RFB using the WebSocket protocol, and defines a corresponding WebSocket subprotocol, enabling an RFB server to offer resources to clients with WebSocket connectivity, such as web- browsers. "Metadata Query Protocol", Ian Young, 2019-07-22, This document defines a simple protocol for retrieving metadata about named entities, or named collections of entities. The goal of the protocol is to profile various aspects of HTTP to allow requesters to rely on certain, rigorously defined, behaviour. This document is a product of the Research and Education Federations (REFEDS) Working Group process. "Ideas for a Next Generation of the Reliable Server Pooling Framework", Thomas Dreibholz, 2019-09-10, This document collects some idea for a next generation of the Reliable Server Pooling framework. "The Applicability of Reliable Server Pooling (RSerPool) for Virtual Network Function Resource Pooling (VNFPOOL)", Thomas Dreibholz, Michael Tuexen, Melinda Shore, Ning Zong, 2019-09-10, This draft describes the application of Reliable Server Pooling (RSerPool) for Virtual Network Function Resource Pooling (VNFPOOL). "Extensions to PCEP for Distributing Label Cross Domains", Huaimo Chen, Autumn Liu, Mehmet Toy, Vic liu, 2019-07-07, This document specifies extensions to PCEP for distributing labels crossing domains for an inter-domain Point-to-Point (P2P) or Point- to-Multipoint (P2MP) Traffic Engineering (TE) Label Switched Path (LSP). "Informational Add-on for HTTP over the Secure Sockets Layer (SSL) Protocol and/or the Transport Layer Security (TLS) Protocol", Walter Hoehlhubmer, 2013-11-25, This document describes an Add-on for websites providing encrypted connectivity (HTTP over TLS). The Add-on has two parts, one for the Domain Name System (DNS) - storing the X.509 certificate hashes - and one for the webserver itself - an additional webpage providing specific informations. "Generic Fault-avoidance Routing Protocol for Data Center Networks", Bin Liu, Yantao Sun, Jing Cheng, Yichen Zhang, Bhumip Khasnabish, 2019-11-23, This draft describes a generic routing method and protocol for a regular data center network, named the Fault-Avoidance Routing (FAR) protocol. The FAR protocol provides a generic routing method for all types of regular topology network architectures that have been proposed for large-scale cloud-based data centers over the past few years. The FAR protocol is designed to leverage any regularity in the topology and compute its routing table in a simplistic manner. Fat-tree is taken as an example architecture to illustrate how the FAR protocol can be applied in real operational scenarios. "SAML Profile for the Metadata Query Protocol", Ian Young, 2019-07-22, This document profiles the Metadata Query Protocol for use with SAML metadata. This document is a product of the Research and Education Federations (REFEDS) Working Group process. Editorial Note (To be removed by RFC Editor before publication) Discussion of this draft takes place on the MDX mailing list (mdx@lists.iay.org.uk), which is accessed from [MDX.list]. XML versions, latest edits and the issues list for this document are available from [md-query]. The changes in this draft are summarized in Appendix A.12. "Scalable-Group Tag eXchange Protocol (SXP)", Michael Smith, Rakesh Kandula, Syam Appala, 2019-10-21, This document discusses scalable-group tag exchange protocol (SXP), a control protocol to propagate IP address to Scalable Group Tag (SGT) binding information across network devices. "BGP Auto Discovery", Robert Raszuk, Jon Mitchell, Warren Kumari, Keyur Patel, John Scudder, 2019-12-11, This document describes a method for automating portions of a router's BGP configuration via discovery of BGP peers with which to establish further sessions from an initial "bootstrap" router. This method can apply for establishment of either Internal or External BGP peering sessions. "Operational recommendations for management of DNSSEC Validator", Daniel Migault, Edward Lewis, Dan York, 2019-11-16, The DNS Security Extensions define a process for validating received data and assert them authentic and complete as opposed to forged. This document is focused clarifying the scope and responsibilities of DNSSEC Resolver Operators (DRO) as well as operational recommendations that DNSSEC validators operators SHOULD put in place in order to implement sufficient Trust that makes DNSSEC validation output accurate. The recommendations described in this document include, provisioning mechanisms as well as monitoring and management mechanisms. "Extensions to the Path Computation Element Protocol (PCEP) to Support Resource Sharing-based Path Computation", Xian Zhang, Haomian Zheng, Oscar de Dios, Victor Lopezalvarez, Yunbin Xu, 2019-10-23, Resource sharing in a network means two or more Label Switched Paths (LSPs) use common pieces of resource along their paths. This can help save network resources and is useful in scenarios such as LSP recovery or when two LSPs do not need to be active at the same time. A Path Computation Element (PCE) is responsible for path computation with such requirement. Existing extensions to the Path Computation Element Protocol (PCEP) allow one path computation request for an LSP to be associated with other (existing) LSPs through the use of the PCEP Association Object. This document extends PCEP in order to support resource-sharing- based path computation as another use of the Association Object to enable better efficiency in the computation and in the resultant paths and network resource usage. "An Architectural Framework of the Internet for the Real IP World", Shyam Bandyopadhyay, 2019-07-05, This document tries to propose an architectural framework of the internet in the real IP world. It describes how a three-tier mesh structured hierarchy can be established in a large address space based on fragmenting it into some regions and some sub regions inside each of them. It shows how to make a transition from private IP to real IP without making significant changes with the existing network. It introduces VLSM tree routing protocol. It introduces another protocol for host identification with provider independent address. With the useful works done through IPv6, it provides all necessary inputs based on which a specification of IP with 64 bit address space may be emerged. "Security Mechanism Names for Media", Peter Dawes, 2019-11-26, Negotiating the security mechanisms used between a Session Initiation Protocol (SIP) user agent and its next-hop SIP entity is described in [2]. This document adds the capability to distinguish security mechanisms that apply to the media plane by defining a new Session Initiation Protocol (SIP) header field parameter to label such security mechanisms. "WebRTC Dependencies", Cullen Jennings, 2019-10-02, This draft will never be published as an RFC and is meant purely to help track the IETF dependencies from the W3C WebRTC documents. "A DNS Resource Record for Confidential Comments (NOTE RR)", Evan Hunt, Dan Mahoney, 2019-07-06, While the DNS zone master file format has always allowed comments, there is no existing mechanism to preserve comments once the zone has been loaded into memory or converted to a binary representation. This note proposes a new RR type "NOTE", to be allocated from the Covert-RR type range proposed in [I-D.krecicki-dns-covert], so that confidential comments can be stored alongside zone data, and included in zone transfers when Covert semantics are supported by the secondary. "A JSON Encoding for HTTP Header Field Values", Julian Reschke, 2019-11-20, This document establishes a convention for use of JSON-encoded field values in HTTP header fields. "TFO support for Multipath TCP", Sebastien Barre, Gregory Detal, Olivier Bonaventure, Christoph Paasch, 2019-11-20, TCP Fast Open (TFO) is a TCP extension that allows sending data in the SYN, instead of waiting until the TCP connection is established. This document describes what parts of Multipath TCP must be adapted to support it, and how TFO and MPTCP can operate together. "Ideas for a Next Generation of the Stream Control Transmission Protocol (SCTP)", Thomas Dreibholz, 2019-09-10, This document collects some ideas for a next generation of the Stream Control Transmission Protocol (SCTP) for further discussion. It is a result of lessons learned from more than one decade of SCTP deployment. "Service Function Path Establishment", Julong Lan, Yuxiang Hu, Guozhen Cheng, Peng Wang, Tong Duan, 2019-09-17, Service Function Chain architecture leads to more adaptive network nodes. It allows splitting the network function into fine-grained build blocks --- service function, and combining the network functions into service function chain to formulate complicated services. Further, the service function chain should be instantiated by selecting the optimal instance from the candidates for each service function in it. This document discusses the required components during the instantiation of service function chain in the network. "LISP RLOC Membership Distribution", Johnson Leong, Darrel Lewis, Gregg Schudel, Anton Smirnov, Chris Cassar, Isidor Kouvelas, 2019-09-10, The Locator/ID Separation Protocol (LISP) operation is based on EID to RLOC mappings that are exchanged through a mapping system. The mapping system can use the RLOCs included in mapping registrations to construct the complete set of RLOC addresses across all xTRs that are members of the LISP deployment. This set can then be made available by the mapping system to all the member xTRs. An xTR can use the RLOC set to optimise protocol operation as well as to implement new functionality. This document describes the use of the LISP reliable transport session between an xTR and a Map-Server to communicate the contents of the RLOC membership set. "Responsibility for Authoritative DNS and DNSSEC Mistakes", Jason Livingood, 2019-08-13, DNS Security Extensions (DNSSEC) validation by recursive DNS resolvers has been deployed at scale. However, domain signing tools and processes are not yet as mature and reliable as is the case for non-DNSSEC-related domain administration tools and processes. This sometimes results in DNSSEC-validation failures, for which operators of validating resolvers are often blamed. This is similar to other, non-DNSSEC-related authoritative DNS errors, for which individual recursive DNS operators are sometimes incorrectly blamed. This document makes clear that responsibility for any and all authoritative DNS failures rests squarely with authoritative domain name operators, who are the only party that can properly maintain their domain names and rectify associated authoritative DNS errors. "In Case of DNSSEC Validation Failures, Do Not Change Resolvers", Jason Livingood, 2019-08-13, DNS Security Extensions (DNSSEC) validation by recursive DNS resolvers has been deployed at scale. However, domain signing tools and processes are not yet as mature and reliable as is the case for non-DNSSEC-related domain administration tools and processes. This sometimes results in DNSSEC validation failures, for which operators of validating resolvers are often blamed. When these failures do occur, end users should not change to a non-validating DNS resolver, as that would downgrade their security. They should instead wait until the authoritative domain operator updates their DNS records to resolve the error and that change propagates across the Internet's DNS resolvers, the timing of which may be dependent upon the Time To Live (TTL) settings in the old and/or erroneous DNS resource records. "Additional XML Security Uniform Resource Identifiers (URIs)", Donald Eastlake, 2019-07-02, This document updates and corrects the IANA registry for the list of URIs intended for use with XML digital signatures, encryption, canonicalization, and key management. These URIs identify algorithms and types of information. This document corrrects three errata against and obsoletes RFC 6931. The intent is to keep this draft alive while it accumulates updates until it seems reasonable to publish the next version. "A Simple Control Protocol for MPLS SFLs", Stewart Bryant, George Swallow, Siva Sivabalan, 2019-07-29, In draft-ietf-mpls-sfl-framework the concept of MPLS synonymous flow labels (SFL) was introduced. This document describes a control protocol that runs over an associated control header to request, withdrawn and extend the lifetime of such labels. "TE LSP Crossing Topology-Transparent Zones", Huaimo Chen, Renwei Li, Gregory Cauchie, Alvaro Retana, Ning So, Fengman Xu, Mehmet Toy, Vic liu, Lei Liu, 2019-10-02, A topology-transparent zone is virtualized as the edges of the zone fully connected. This document presents the procedures for the establishment of Traffic Engineering (TE) LSPs crossing Topology- Transparent Zones. "Simple Certificate Enrolment Protocol", Peter Gutmann, 2019-06-09, This document specifies the Simple Certificate Enrolment Protocol (SCEP), a PKI protocol that leverages existing technology by using CMS (formerly known as PKCS #7) and PKCS #10 over HTTP. SCEP is the evolution of the enrolment protocol sponsored by Cisco Systems, which enjoys wide support in both client and server implementations, as well as being relied upon by numerous other industry standards that work with certificates. "Multiple Upstream Interface Support for IGMP/MLD Proxy", Hitoshi Asaeda, Luis Contreras, 2019-11-04, This document describes the way of supporting multiple upstream interfaces for an IGMP/MLD proxy device. The proposed extension enables an IGMP/MLD proxy device to receive multicast sessions/ channels through the different upstream interfaces. The upstream interface is selected based on the subscriber address prefixes, channel/session IDs, and interface priority values. A mechanism for upstream interface takeover that enables to switch from an inactive upstream interface to an active upstream interface is also described. "MPTCP Experiences in the NorNet Testbed", Thomas Dreibholz, Simone Ferlin, ozgu@simula.no, Ahmed Elmokashfi, Ioana Livadariu, Xing Zhou, 2019-12-03, This document collects some experiences of Multi-Path TCP (MPTCP) evaluations in the NorNet testbed. "Encapsulating IP in UDP", Xiaohu Xu, Hamid Assarpour, Shaowen Ma, daniel.bernier@bell.ca, Darren Dukes, Shraddha Hegde, Yiu Lee, Fan Yongbing, 2019-12-13, Existing IP-in-IP encapsulation technologies are not adequate for efficient load balancing of IP-in-IP traffic across IP networks. This document specifies additional IP-in-IP encapsulation technology, referred to as IP-in-UDP (User Datagram Protocol), which can facilitate the load balancing of IP-in-IP traffic across IP networks. "TLS and DTLS Security Modules", Pascal Urien, 2019-06-14, Security and trust are very critical topics in the context of the anywhere, anytime, anything internet connectivity. TLS and DTLS are two major IETF protocols widely used to secure IP exchanges. According to CoAP, DTLS is the protocol used by constraint nodes in the Internet of Things (IoT) context. In this draft we specify an ISO7816 interface for TLS and DTLS secure modules based on ISO7816 secure chips, which are today manufactured per billions every year. Secure elements are cheap secure microcontrollers whose size is about 25mm2 and whose security is ranked by evaluations typically according to Common Criteria (CC) standards. The support of TLS and DTLS is based on the EAP-TLS protocol, and the IETF draft "EAP Support in smartcard" describing EAP-TLS support for secure elements. First implementation demonstrates that such low cost security modules are realistic, with a setup time for handshake completion under the second. "BULK DNS Resource Records", john.woodworth@centurylink.com, Dean Ballew, Shashwath Raghavan, David Lawrence, 2019-07-22, The BULK DNS resource record type defines a method of pattern-based creation of DNS resource records based on numeric substrings of query names. The intent of BULK is to simplify generic assignments in a memory-efficient way that can be easily shared between the primary and secondary nameservers for a zone. "Extensions to OSPF for Temporal LSP", Huaimo Chen, Mehmet Toy, Vic liu, Lei Liu, 2019-10-02, This document specifies extensions to OSPF for distributing Traffic Engineering (TE) information on a link in a sequence of time intervals. "BGP Extensions for Routing Policy Distribution (RPD)", Zhenbin Li, Liang Ou, Yujia Luo, Sujian Lu, Huaimo Chen, Shunwan Zhuang, Haibo Wang, 2019-07-07, It is hard to adjust traffic and optimize traffic paths on a traditional IP network from time to time through manual configurations. It is desirable to have an automatic mechanism for setting up routing policies, which adjust traffic and optimize traffic paths automatically. This document describes BGP Extensions for Routing Policy Distribution (BGP RPD) to support this. "LISP support for Multi-Tuple EIDs", Alberto Rodriguez-Natal, Albert Cabellos-Aparicio, Sharon Barkai, Vina Ermagan, Darrel Lewis, Fabio Maino, Dino Farinacci, 2019-10-07, This document describes extensions for LISP to support EIDs based on tuples of multiple elements. "LISP Map Server Reliable Transport", Johnson Leong, Darrel Lewis, Balaji Venkatachalapathy, Chris Cassar, Isidor Kouvelas, Jesus Arango, 2019-08-08, The communication between LISP ETRs and Map-Servers is based on unreliable UDP message exchange coupled with periodic message transmission in order to maintain soft state. The drawback of periodic messaging is the constant load imposed on both the ETR and the Map-Server. New use cases for LISP have increased the amount of state that needs to be communicated with requirements that are not satisfied by the current mechanism. This document introduces the use of a reliable transport for ETR to Map-Server communication in order to eliminate the periodic messaging overhead, while providing reliability, flow-control and endpoint liveness detection. "The Internet is for End Users", Mark Nottingham, 2019-07-22, This document explains why the IAB believes the IETF should consider end-users as its highest priority concern, and how that can be done. "SMTP Service Extension for Client Identity", William Storey, 2019-12-09, This document defines an extension for the Simple Mail Transfer Protocol (SMTP) called "CLIENTID" to provide a method for clients to indicate an identity to the server. This identity is an additional token that may be used for security and/or informational purposes, and with it a server may optionally apply heuristics using this token. "Asynchronous Management Protocol", Edward Birrane, 2019-07-07, This document describes a binary encoding of the Asynchronous Management Model (AMM) and a protocol for the exchange of these encoded items over a network. This Asynchronous Management Protocol (AMP) does not require transport-layer sessions, operates over unidirectional links, and seeks to reduce the energy and compute power necessary for performing network management on resource constrained devices. "Annotated Example SDP for WebRTC", Suhas Nandakumar, Cullen Jennings, 2018-10-09, The Real-Time Communications in WEB-browsers (Rtcweb) working group is charged to provide protocol support for direct interactive rich communication using audio, video and data between two peers' web browsers. With in the Rtcweb framework, Session Description protocol (SDP) is used for negotiating session capabilities between the peers. Such a negotiation happens based on the SDP Offer/Answer exchange mechanism. This document provides an informational reference in describing the role of SDP and the Offer/Answer exchange mechanism for the most common Rtcweb use-cases. "RFC Origins of Domain Names", Edward Lewis, 2019-08-06, Is the concept of Domain Names owned by the DNS protocol or does the DNS protocol exist to support the concept of Domain Names? This question has become pertinent in light of proposals to use Domain Names in protocols in ways incompatible with the DNS protocol and the operational environment built to run the protocol. This document is intended to help answer this question by presenting a look into the recorded history of relevant Requests for Comments. This document comprises the research and views of the author and has benefited from review and input from many IETF experts, but it does not represent the consensus opinion of the IETF. "PCEP Extension for Distribution of Link-State and TE Information.", Dhruv Dhody, Young Lee, Daniele Ceccarelli, 2019-10-21, In order to compute and provide optimal paths, Path Computation Elements (PCEs) require an accurate and timely Traffic Engineering Database (TED). Traditionally this TED has been obtained from a link state (LS) routing protocol supporting traffic engineering extensions. This document extends the Path Computation Element Communication Protocol (PCEP) with Link-State and TE Information. "MS-originated SMRs", Alberto Rodriguez-Natal, Albert Cabellos-Aparicio, Vina Ermagan, Fabio Maino, Sharon Barkai, 2019-10-07, This document extends [I-D.ietf-lisp-rfc6833bis] to allow Map Servers to send SMR messages. This extension is intended to be used in some SDN deployments that use LISP as a southbound protocol with (P)ITRs that are compliant with [I-D.ietf-lisp-rfc6833bis]. In this use-case mapping updates do not come from ETRs, but rather from a centralized controller that pushes the updates directly to the Mapping System. In such deployments, Map Servers will benefit from having a mechanism to inform directly (P)ITRs about updates in the mappings they are serving. Although implementations of this extension exist, this extension is deprecated by [I-D.ietf-lisp-pubsub] and it is being documented for informational purposes. Newer implementations should look into [I-D.ietf-lisp-pubsub] to support PubSub in LISP deployments. "Quantum Relief for TLS with Kerberos", Rick van Rein, Tom Vrancken, 2019-08-16, This specification adds Kerberos to the TLS protocol, both as a method of authentication and to insert entropy into the key schedule from a source that does not start in public key cryptography. This brings relief from attacks by quantum computers, and that is specified as part of a more general framework, to make it easier for other technologies to achieve similar benefits. "Node Potential Oriented Multi-NextHop Routing Protocol", Julong Lan, Jianhui Zhang, Bin Wang, Wenfen Liu, Tong Duan, 2019-09-17, The Node Potential Oriented Multi-Nexthop Routing Protocol (NP-MNRP) bases on the idea of "hop-by-hop routing forwarding, multi-backup next hop" and combines with the phenomena that water flows from higher place to lower. NP-MNRP defines a metric named as node potential, which is based on hop count and the actual link bandwidth, and calculates multiple next-hops through the potential difference between the nodes. "PCEP Extensions for BIER-TE", Ran Chen, Zheng Zhang, Senthil Dhanaraj, Fengwei Qin, 2019-11-03, Bit Index Explicit Replication (BIER)-TE shares architecture and packet formats with BIER as described in [RFC8279]. BIER-TE forwards and replicates packets based on a BitString in the packet header, but every BitPosition of the BitString of a BIER-TE packet indicates one or more adjacencies as described in [I-D.ietf-bier-te-arch].BIER-TE Path can be derived from a Path Computation Element (PCE). This document specifies extensions to the Path Computation Element Protocol (PCEP) that allow a PCE to compute and initiate the path for the BIER-TE. "BGP Based Multicast", Zhaohui Zhang, Leonard Giuliano, Keyur Patel, IJsbrand Wijnands, mankamana mishra, Arkadiy Gulko, 2019-10-29, This document specifies a BGP address family and related procedures that allow BGP to be used for setting up multicast distribution trees. This document also specifies procedures that enable BGP to be used for multicast source discovery, and for showing interest in receiving particular multicast flows. Taken together, these procedures allow BGP to be used as a replacement for other multicast routing protocols, such as PIM or mLDP. The BGP procedures specified here are based on the BGP multicast procedures that were originally designed for use by providers of Multicast Virtual Private Network service. "Multiple Ethernet - IPv6 address mapping encapsulation - fixed prefix", Naoki Matsuhira, 2019-12-02, This document specifies Multiple Ethernet - IPv6 address mapping encapsulation - fixed prefix (ME6E-FP) base specification. ME6E-FP makes expantion ethernet network over IPv6 backbone network with encapsuation technoogy. And also, E6ME-FP can stack multiple Ethernet networks. ME6E-FP work on own routing domain. "Multiple Ethernet - IPv6 address mapping encapsulation - prefix resolution", Naoki Matsuhira, 2019-12-02, This document specifies Multiple Ethernet - IPv6 address mapping encapsulation - Prefix Resolution (ME6E-PR) specification. ME6E-PR makes expantion ethernet network over IPv6 backbone network with encapsuation technoogy. And also, E6ME-PR can stack multiple Ethernet networks. ME6E-PR work on non own routing domain. "Information Distribution in Autonomic Networking", Bing Liu, Xun Xiao, Artur Hecker, Sheng Jiang, Zoran Despotovic, 2019-12-12, This document proposes a solution for information distribution in autonomic networks. Information distribution is categorized into two different modes: 1) instantaneous distribution; 2) publication for retrieval. In the former case, the information is sent, propagates and is disposed of after reception. In the latter case, information needs to be stored in the network. The capabilities to distribute information are basic and fundamental needs for an autonomous network (cf. ANI [I-D.ietf-anima-reference- model]). This document describes typical use cases of information distribution in ANI and requirements to ANI, such that rich information distribution can be natively supported. The document proposes extensions to the autonomic nodes and suggests an implementation based on GRASP extensions as a protocol on the wire. "BGP Extensions for Enhanced VPN Auto Discovery", Shunwan Zhuang, Zhenbin Li, Donald Eastlake, Lucy Yong, 2019-07-23, A variety of VPN technologies have been widely deployed to bear different services. As new applications develop, a requirement has been proposed for auto-discovery of Layer 3 Virtual Private Networks (L3VPN) and enhanced auto-discovery requirements for other VPN technologies that already have basic auto-discovery mechanisms. This document identifies some possible applications of these auto- discovery requirements and defines a new BGP NLRI, called the BGP- VPN-INSTANCE NLRI, to satisfy the requirement for auto-discovery of BGP VPN instances. It also defines a new type of extended community, called the Import Route Target, which can be applied to auto- discovery mechanisms of multiple VPN technologies. "BGP Extensions for IDs Allocation", Huaimo Chen, Zhenbin Li, Zhenqiang Li, Yanhe Fan, Mehmet Toy, Lei Liu, 2019-10-30, This document describes extensions to the BGP for IDs allocation. The IDs are SIDs for segment routing (SR), including SR for IPv6 (SRv6). They are distributed to their domains if needed. "IPv6 Prefix Delegation and Multi-Addressing Models", Fred Templin, 2019-06-24, Requesting nodes typically acquire IPv6 prefixes from a prefix delegation service for the network. The requesting node can provision the prefix according to whether it acts as a router on behalf of any downstream networks and/or as a host on behalf of its local applications. In the latter case, the requesting node can use portions of the delegated prefix for its own multi-addressing purposes. This document therefore considers prefix delegation models for both the classic routing and various multi-addressing use cases. "Using compression in the Internet Key Exchange Protocol Version 2 (IKEv2)", Valery Smyslov, 2019-09-04, This document describes a method for reducing the size of the IKEv2 messages by using lossless compression. Making IKEv2 messages smaller is desirable for low power consumption battery powered devices. It also helps to avoid IP fragmentation of IKEv2 messages. This document describes how compression is negotiated maintaining backward compatibility and how it is used in IKEv2. "A MILP Model to Solve the Problem of Loading Balance of Routing and Wavelength Assignment for Optical Transport Networks", Shan Yin, Shanguo Huang, Dajiang Wang, Xuan Wang, Yu Zhang, 2019-10-17, The RWA problem can be formulated as a Mixed-Integer linear program. Load balancing is a key factor for the optical transport networks. However, the existed approaches using mixed-Integer linear program to solve the RWA problem are not perfect enough without considering the load balancing of the networks. This documentary provides a model of Mixed-Integer Linear Programming to solve the problem of load balancing needed by routing and wavelength assignment (RWA) process in optical transport networks. "Mathematical Mesh 3.0 Part I: Architecture Guide", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that makes computers easier to use by making them more secure. The Mesh provides a set of protocol and cryptographic building blocks that enable encrypted data stored in the cloud to be accessed, managed and exchanged between users with the same or better ease of use than traditional approaches which leave the data vulnerable to attack. This document provides an overview of the Mesh data structures, protocols and examples of its use. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh- architecture.html [1] . "Mathematical Mesh: Reference Implementation", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. This document describes the Mesh reference code and how to install, run and make use of it in applications. It does not form a part of the Mesh specifications and is not normative. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-developer.html [1] . "Special Use Domain Name 'ipv4only.arpa'", Stuart Cheshire, David Schinazi, 2019-11-04, The specification for how a client discovers its local network's NAT64 prefix [RFC7050] defines the special name 'ipv4only.arpa' for this purpose, but in its Domain Name Reservation Considerations section that specification indicates that the name actually has no particularly special properties would require special handling, and does not request IANA to record the name in the Special-Use Domain Names registry. Consequently, despite the well articulated special purpose of the name, 'ipv4only.arpa' was not recorded in the Special-Use Domain Names registry as a name with special properties. As a result of this omission, in cases where software needs to give this name special treatment in order for it to work correctly, there was no clear mandate authorizing software authors to implement that special treatment. Software implementers were left with the choice between not implementing the special behavior necessary for the name queries to work correctly, or implementing the special behavior and being accused of being noncompliant with some RFC. This document describes the special treatment required, formally declares the special properties of the name, and adds similar declarations for the corresponding reverse mapping names. "The Use of Registries", Erik Wilde, 2019-07-30, Registries for Internet and Web protocols fulfill a wide range of tasks, ranging from low-level networking aspects such as packet type identifiers, all the way up to application-level protocols and standards. This document summarizes some of the reasons of why, when, and how to use registries. It serves as an informative reference for specification writers considering whether to create and manage a registry, allowing them to better understand some of the issues associated with certain design and operational decisions. "Multiple IPv4 - IPv6 mapped IPv6 address (M46A)", Naoki Matsuhira, 2019-12-02, This document specifies Multiple IPv4 - IPv6 mapped IPv6 address(M46A) spefification. M46A is IPv4 mapped IPv6 address with plane ID. Unique allocation of plane id value enable IPv4 private address unique in IPv6 address space. This address may use IPv4 over IPv6 encapsulation and IPv4 - IPv6 translation. "Multiple IPv4 - IPv6 address mapping encapsulation - fixed prefix (M46E-FP)", Naoki Matsuhira, 2019-12-02, This document specifies Multiple IPv4 - IPv6 address mapping encapsulation - fixed prefix (M46E-FP) specification. M46E-FP makes backbone network to IPv6 only. And also, M46E-FP can stack many IPv4 networks, i.e. the networks using same IPv4 (private) addresses, without interdependence. "Multiple IPv4 - IPv6 address mapping encapsulation - prefix resolution (M46E-PR)", Naoki Matsuhira, 2019-12-02, This document specifies M46E Prefix Resolution (M46E-PR) specification. M46E-PR connect IPv4 stub networks between IPv6 backbone network. And also, M46E-PR can stack many IPv4 networks, i.e. the nwtworks using same IPv4 private addresses without interdependence. "Multiple IPv4 - IPv6 address mapping encapsulation - prefix translator (M46E-PT)", Naoki Matsuhira, 2019-12-02, This document specifies Multiple IPv4 - IPv6 mapping encapsulation - Prefix Translator (M46E-PT) specification. M46E-PT expand IPv4 network plane by connecting M46E-FP domain and M46E-PR domain. M46E-PT translate prefix part of M46E-FP address and M46E-PR address both are IPv6 address. M46E-PT does not translate IPv4 packet which is encapsulated, so transparency of IPv4 packet is not broken. "Multiple IPv4 - IPv6 address mapping translator (M46T)", Naoki Matsuhira, 2019-12-02, This document specifies Multiple IPv4 - IPv6 address mapping Translator (M46T) specification. M46T enable access to IPv4 only host from IPv6 host. IPv4 host is identified as M46 address in IPv6 address space. The address assigned to IPv4 host may be global IPv4 address or private IPv4 address. M46T does not support access to IPv6 host from IPv4 only host. "Multiple IPv4 address and port number - IPv6 address mapping encapsulation (M4P6E)", Naoki Matsuhira, 2019-12-02, This document specifies Multiple IPv4 address and port number - IPv6 address mapping encapulation (M4P6E) specification. "Nimble out-of-band authentication for EAP (EAP-NOOB)", Tuomas Aura, Mohit Sethi, 2019-10-30, Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. This EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have a minimal user interface and no pre-configured authentication credentials. The method makes use of a user-assisted one-directional OOB channel between the peer device and authentication server. "Multi-Stage Transparent Server Load Balancing", Naoki Matsuhira, 2019-12-02, This document specifies Multi-Stage Transparent Server Load Balancing (MSLB) specification. MSLB make server load balancing over Layer3 network without packet header change at client and server. MSLB make server load balancing with any protocol and protocol with encription such as IPsec ESP, SSL/TLS. "Conveying Vendor-Specific Information in the Path Computation Element (PCE) Communication Protocol (PCEP) extensions for stateful PCE.", Cheng Li, Haomian Zheng, Siva Sivabalan, 2019-07-08, A Stateful Path Computation Element (PCE) maintains information on the current network state, including: computed Label Switched Path (LSPs), reserved resources within the network, and pending path computation requests. This information may then be considered when computing new traffic engineered LSPs, and for associated and dependent LSPs, received from Path Computation Clients (PCCs). RFC 7470 defines a facility to carry vendor-specific information in PCEP. This document extends this capability for the stateful PCE messages. "Packet-Optical Integration in Segment Routing", Madhukar Anand, Sanjoy Bardhan, Ramesh Subrahmaniam, Jeff Tantsura, Utpal Mukhopadhyaya, Clarence Filsfils, 2019-07-29, This document illustrates a way to integrate a new class of nodes and links in segment routing to represent transport/optical networks in an opaque way into the segment routing domain. An instance of this class would be optical networks that are typically transport centric by having very few devices with the capability to process packets. In the IP centric network, this will help in defining a common control protocol for packet optical integration that will include optical paths as 'transport segments' or sub-paths as an augmentation to packet paths. The transport segment option also defines a general mechanism to allow for future extensibility of segment routing into non-packet domains. "A YANG model to manage the optical parameters for in a WDM network", Gabriele Galimberti, Ruediger Kunze, Dharini Hiremagalur, Gert Grammel, 2019-09-10, This memo defines a Yang model that translate the information model to support Impairment-Aware (IA) Routing and Wavelength Assignment (RWA) functionality. The information model is defined in draft-ietf- ccamp-wson-iv-info and draft-martinelli-ccamp-wson-iv-encode. This document defines proper encoding and extend to the models defined in draft-lee-ccamp-wson-yang tu support Impairment-Aware (IA) Routing and Wavelength Assignment (RWA) functions The Yang model defined in this memo can be used for Optical Parameters monitoring and/or configuration of the multivendor Endpoints and ROADMs. The use of this model does not guarantee interworking of transceivers over a DWDM. Optical path feasibility and interoperability has to be determined by means outside the scope of this document. The purpose of this model is to program interface parameters to consistently configure the mode of operation of transceivers. "Methodology for VNF Benchmarking Automation", Raphael Rosa, Christian Rothenberg, Manuel Peuster, Holger Karl, 2019-11-04, This document describes a common methodology for the automated benchmarking of Virtualized Network Functions (VNFs) executed on general-purpose hardware. Specific cases of automated benchmarking methodologies for particular VNFs can be derived from this document. Two open source reference implementations are reported as running code embodiments of the proposed, automated benchmarking methodology. "Node Protection for SR-TE Paths", Shraddha Hegde, Chris Bowers, Stephane Litkowski, Xiaohu Xu, Feng Xu, 2019-07-05, Segment routing supports the creation of explicit paths using adjacency-sids, node-sids, and binding-sids. It is important to provide fast reroute (FRR) mechanisms to respond to failures of links and nodes in the Segment-Routed Traffic-Engineered(SR-TE) path. A point of local repair (PLR) can provide FRR protection against the failure of a link in an SR-TE path by examining only the first (top) label in the SR label stack. In order to protect against the failure of a node, a PLR may need to examine the second label in the stack as well, in order to determine SR-TE path beyond the failed node. This document specifies how a PLR can use the first and second label in the label stack describing an SR-TE path to provide protection against node failures. "Secure IoT Bootstrapping: A Survey", Behcet Sarikaya, Mohit Sethi, Dan Garcia-Carillo, 2019-07-26, This document presents a survey of secure bootstrapping mechanisms available for smart objects that are part of an Internet of Things (IoT) network. It aims to provide a structured classification of the available mechanisms. The document does not prescribe any one secure bootstrapping mechanism and rather presents IoT developers with different options to choose from, depending on their use-case, security requirements and the user interface available on their smart objects. "LISP Distinguished Name Encoding", Dino Farinacci, 2019-09-03, This draft defines how to use the AFI=17 Distinguished Names in LISP. "LISP Geo-Coordinate Use-Cases", Dino Farinacci, 2019-10-07, This draft describes how Geo-Coordinates can be used in the LISP Architecture and Protocols. "Multiple Ethernet - IPv6 mapped IPv6 address (ME6A)", Naoki Matsuhira, 2019-12-02, This document specifies Multiple Ethernet - IPv6 mapped IPv6 address(ME6A) spefification. ME6A is Ethernet mapped IPv6 address with plane ID. Unique allocation of plane id value enable duplicated MAC address unique in IPv6 address space. This address may use Ethernet over IPv6 encapsulation. "Routing Optimization with SDN in Data Center Networks", Qian Kong, Tao Gao, Dajiang Wang, Zhenyu Wang, Jiayu Wang, Bingli Guo, Shanguo Huang, 2019-10-07, With the open and standard programmatic interface and the flexibility of controlling network, Software Defined Network (SDN) can obviously simplify and integrate operation and business support systems. As a consequence, to satisfy the rising switching demand in the data center network, it is a good option to adopt SDN technology. In addition, current architecture of data center network is far from ideality, which results in the low utilization rate in bandwidth resource. For example, mice flow cannot be well effectively served in the conventional Wavelength Division Multiplexing (WDM) optical network with at least 50GHz spectrum interval. From a data center network perspective, it is necessary to further improve the resource utilization efficiency and the flexibility of coping with different traffic. This document described an optical data center interconnect, which comprises both the fixed and flexible grid transceivers. A traffic monitor is implemented in the SDN-based data center network to evaluate the coming traffic demands and allocate appropriate spectrum for the request. For instance, mice flow can be served by fixed grid transceivers, well the elephant flows can be transmitted by the flexi-grid transceiver using multiple subcarriers to form a superchannel. Thus, spectrum efficiency is optimized and bandwidth utilization is improved dramatically. "Path Table based Routing Mechanism in Software-Defined Optical Transport Networks (SD-OTN)", Li Xin, Yu Zhou, Dajiang Wang, Zhenyu Wang, Jiayu Wang, Wenzhe Li, Shan Yin, Shanguo Huang, 2019-10-07, The dynamic establishment and removal of an end-to-end light-path consume a lot of time which are also the main burden of control plane in optical transport networks. With the frequent arrival and departure of services, the control plane needs to handle a large number of control and management messages to conduct path computation, resource reservation and cross connection configuration. This draft proposes a novel routing mechanism based on Path Table for software-defined optical transport networks (SD-OTN). The Path Table reserves partial activated established light-paths that can be directly used by subsequent requests for subsequent services. This new routing mechanism can reduce the network load and save routing time for some services. "OpenPGP Web Key Directory", Werner Koch, 2019-11-18, This specification describes a service to locate OpenPGP keys by mail address using a Web service and the HTTPS protocol. It also provides a method for secure communication between the key owner and the mail provider to publish and revoke the public key. "SSH Agent Protocol", Damien Miller, 2019-12-10, This document describes a key agent protocol for use in the Secure Shell (SSH) protocol. "HTTP/2 "Dropped Frame" Frame", Matthew Kerwin, 2019-08-08, This document defines an extension to the Hypertext Transfer Protocol Version 2 (HTTP/2) that allows an endpoint to signal to its peer that an unsupported extension frame was discarded. Note to Readers The issues list for this draft can be found at The most recent (often unpublished) draft is at "Hybrid Hierarchical Multi-Domain Service Function chaining", Guanglei Li, Guanwen Li, Qi Xu, Hua-chun Zhou, Bohao Feng, Xu Feng, Zhigang Yu, 2019-09-23, This document describes a Hybrid Hierarchical Multi-Domain Service Function Chaining (hhSFC) architecture that extends Service Function Chaining (SFC) to multiple domains with different technology, administration or ownership. The goals of Hybrid Hierarchical SFC are to reduce the complexity of the control plane in a multi-domain scene and make the negotiation between different domains possible. "Identity Modules for CoAP", Pascal Urien, 2019-06-28, This document defines identity modules based on Secure Elements processing DTLS/TLS stacks for CoAP devices. The expected benefits of these secure microcontrollers are the following : - Secure storage of pre-share keys or private keys - Trusted simple or mutual authentication between CoAP devices and CoAP clients. - The device identity is enforced by a non cloneable chip. - Trusted cryptographic support. - Low power consumption for DTLS/TLS processing. "One Way Latency Considerations for MPTCP", Fei Song, Hong-Ke Zhang, Anthony Chan, Anni Wei, 2019-06-18, This document discusses the use of One Way Latency (OWL) for enhancing multipath TCP (MPTCP). Several usages of OWL, such as retransmission policy and crucial data scheduling are analyzed. Two kinds of OWL measurement approaches are also provided and compared. More explorations related with OWL will be contribute to the performance of MPTCP. "DoD Common Cryptographic MIB (CCMIB)", Jeffrey Sun, Mike Irani, Tom Nguyen, rpurvis@mitre.org, Sean Turner, 2019-09-30, This document defines a portion of the Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects for key management implementations including asymmetric keys, symmetric keys, trust anchors, and cryptographic-related firmware. This profile applies to the capabilities, configuration, and operation of all components of US National Security Systems (SP 800-59). It is also appropriate for other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments. "Fault Management for EVPN networks", Vengada Govindan, Mallik Mudigonda, Ali Sajassi, Gregory Mirsky, Donald Eastlake, 2019-07-06, This document specifies proactive, in-band network OAM mechanisms to detect loss of continuity and miss-connection faults that affect unicast and multi-destination paths (used by Broadcast, Unknown Unicast and Multicast traffic) in an Ethernet VPN (EVPN) network. The mechanisms specified in the draft are based on the widely adopted Bidirectional Forwarding Detection (BFD) protocol. "OpenPGP Message Format", Werner Koch, brian carlson, Ronald Tse, Derek Atkins, Daniel Gillmor, 2019-09-06, { Work in progress to update the OpenPGP specification from RFC4880 } This document specifies the message formats used in OpenPGP. OpenPGP provides encryption with public-key or symmetric cryptographic algorithms, digital signatures, compression and key management. This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does, however, discuss implementation issues necessary to avoid security flaws. "Hierarchical PCE Determination", Huaimo Chen, Mehmet Toy, Xufeng Liu, Lei Liu, Zhenqiang Li, 2019-07-07, This document presents extensions to the Path Computation Element Communication Protocol (PCEP) for determining parent child relations and exchanging the information between a parent and a child PCE in a hierarchical PCE system. "PCEP Link State Abstraction", Huaimo Chen, Mehmet Toy, Xufeng Liu, Lei Liu, Zhenqiang Li, 2019-07-07, This document presents extensions to the Path Computation Element Communication Protocol (PCEP) for a child PCE to abstract its domain information to its parent for supporting a hierarchical PCE system. "Static PCEP Link State", Huaimo Chen, Mehmet Toy, Xufeng Liu, Lei Liu, Zhenqiang Li, 2019-07-07, This document presents extensions to the Path Computation Element Communication Protocol (PCEP) for a PCC to advertise the information about the links without running IGP and for a PCE to build a TED based on the information received. "Flow Classification in Information Centric Networking", Ilya Moiseenko, David Oran, 2019-07-25, For the ubiquitous and highly important Internet protocols (TCP, UDP, IP), flows are conventionally identified by the "5-tuple" of source and destination IP addresses, source and destination port, and protocol type in an IP packet. Information Centric Networking (ICN) is a new paradigm where network communications are accomplished by requesting named content, instead of sending packets to destination addresses. This document describes mechanisms allowing ICN forwarders, consumers, producers and other ICN nodes to encode, decode, and process equivalence class identifiers (flows) at any desired granularity of a routable name prefix and beyond the routable name prefix. This document is a product of the IRTF Information- Centric Networking Research Group (ICNRG). "ICN Ping Protocol Specification", Spyridon Mastorakis, Jim Gibson, Ilya Moiseenko, Ralph Droms, David Oran, 2019-08-19, This document presents the design of an ICN Ping protocol. It includes the operations both on the client and the forwarder side. "PCEP Extension for Distribution of Link-State and TE information for Optical Networks", Young Lee, Haomian Zheng, Daniele Ceccarelli, Wei Wang, Peter Park, Bin-Yeong Yoon, 2019-09-02, In order to compute and provide optimal paths, Path Computation Elements (PCEs) require an accurate and timely Traffic Engineering Database (TED). Traditionally this Link State and TE information has been obtained from a link state routing protocol (supporting traffic engineering extensions). This document extends the Path Communication Element Communication Protocol (PCEP) with Link-State and TE information for optical networks. "ICN Traceroute Protocol Specification", Spyridon Mastorakis, Jim Gibson, Ilya Moiseenko, Ralph Droms, David Oran, 2019-08-19, This document presents the design of an ICN Traceroute protocol. This includes the operations both on the client and the forwarder side. "Mathematical Mesh: Platform Configuration", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. This document describes how Mesh profiles are stored for application access on Windows, Linux and OSX platforms. This document is also available online at http://prismproof.org/Documents/draft-hallambaker-mesh-platform.html [1] . "Guidelines for Autonomic Service Agents", Brian Carpenter, Laurent Ciavaglia, Sheng Jiang, Peloso Pierre, 2019-07-06, This document proposes guidelines for the design of Autonomic Service Agents for autonomic networks. It is based on the Autonomic Network Infrastructure outlined in the ANIMA reference model, making use of the Autonomic Control Plane and the Generic Autonomic Signaling Protocol. "Formal SignWriting", Stephen Slevinski, 2019-08-30, Sutton SignWriting is the universal and complete solution for written sign language, ISO 15924 script code "Sgnw". It has been applied by a wide and deep international community of sign language users. Sutton SignWriting is an international standard for writing sign languages by hand or with computers. From education to research, from entertainment to religion, SignWriting has proven useful because people are using it to write signed languages. Formal SignWriting is one particular computerized design for Sutton SignWriting that envisions a sign as a two part word. Each word is written as a string of characters that can be recognized and processed by regular expressions. The design has been optimized for display, searching, sorting, text flow, and other character processing. Where as American Sign Language is a natural language, Formal SignWriting is a formal language. A formal language is useful in mathematics, computer science, and linguistics. This memo defines a conceptual character encoding map for the Internet community. It is published for reference, examination, implementation, and evaluation. Distribution of this memo is unlimited. "Compact Format of IKEv2 Payloads", Valery Smyslov, 2019-09-30, This document describes a method for reducing the size of the Internet Key Exchange version 2 (IKEv2) messages by using an alternative format for IKE payloads. Standard format of many IKE payloads contains a lot of redundancy. This document takes advantage of this fact and specifies a way to eliminate some redundancy by using denser encoding. Reducing size of IKEv2 messages is desirable for low power consumption battery powered devices. It also helps to avoid IP fragmentation of IKEv2 messages. "MISP core format", Alexandre Dulaunoy, Andras Iklody, 2019-08-28, This document describes the MISP core format used to exchange indicators and threat information between MISP (Malware Information and threat Sharing Platform) instances. The JSON format includes the overall structure along with the semantic associated for each respective key. The format is described to support other implementations which reuse the format and ensuring an interoperability with existing MISP [MISP-P] software and other Threat Intelligence Platforms. "Inter Stateful Path Computation Element (PCE) Communication Procedures.", Stephane Litkowski, Siva Sivabalan, Cheng Li, Haomian Zheng, 2019-07-07, The Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Clients (PCCs) requests. The stateful PCE extensions allow stateful control of Multi-Protocol Label Switching (MPLS) Traffic Engineering Label Switched Paths (TE LSPs) using PCEP. A Path Computation Client (PCC) can synchronize an LSP state information to a Stateful Path Computation Element (PCE). The stateful PCE extension allows a redundancy scenario where a PCC can have redundant PCEP sessions towards multiple PCEs. In such a case, a PCC gives control on a LSP to only a single PCE, and only one PCE is responsible for path computation for this delegated LSP. The document does not state the procedures related to an inter-PCE stateful communication. There are some use cases, where an inter-PCE stateful communication can bring additional resiliency in the design, for instance when some PCC-PCE sessions fails. The inter-PCE stateful communication may also provide a faster update of the LSP states when such an event occurs. Finally, when, in a redundant PCE scenario, there is a need to compute a set of paths that are part of a group (so there is a dependency between the paths), there may be some cases where the computation of all paths in the group is not handled by the same PCE: this situation is called a split-brain. This split-brain scenario may lead to computation loops between PCEs or suboptimal path computation. This document describes the procedures to allow a stateful communication between PCEs for various use-cases and also the procedures to prevent computations loops. "Extension to the Link Management Protocol (LMP/DWDM -rfc4209) for Dense Wavelength Division Multiplexing (DWDM) Optical Line Systems to manage the application code of optical interface parameters in DWDM application", Dharini Hiremagalur, Gert Grammel, Gabriele Galimberti, Ruediger Kunze, 2019-11-04, This experimental memo defines extensions to LMP(rfc4209) for managing Optical parameters associated with Wavelength Division Multiplexing (WDM) adding a set of parameters related to multicarrier DWDM interfaces to be used in Spectrum Switched Optical Networks (sson). "Terminology for Constrained-Node Networks", Carsten Bormann, Mehmet Ersue, Ari Keranen, Carles Gomez, 2019-09-02, The Internet Protocol Suite is increasingly used on small devices with severe constraints on power, memory, and processing resources, creating constrained-node networks. This document provides a number of basic terms that have been useful in the standardization work for constrained-node networks. "BIER in BABEL", Zheng Zhang, Tony Przygienda, 2019-11-03, BIER introduces a novel multicast architecture. It does not require a signaling protocol to explicitly build multicast distribution trees, nor does it require intermediate nodes to maintain any per- flow state. Babel defines a distance-vector routing protocol that operates in a robust and efficient fashion both in wired as well as in wireless mesh networks. This document defines a way to carry necessary BIER signaling information in Babel. "Service Function Chaining Use Cases in Fog RAN", Carlos Bernardos, Akbar Rahman, Alain Mourad, 2019-09-07, Fog Radio Access Networks (RAN) refers to the part of the RAN that is virtualized at the very edge of the network, even at the end-user device. Fog RAN support is considered critical for the 5G mobile network architectures currently being developed in various research, standardization and industry forums. Since fog RAN builds on top of virtualization and can involve several virtual functions running on different virtualized resources, Service function chaining (SFC) support for the fog RAN will be critical. This document describes the overall fog RAN approach and also gives some use cases. Finally it proposes some requirements to be considered in the development of the SFC architecture and related protocols. "Equal-Cost Multipath Considerations for BGP", Petr Lapukhov, Jeff Tantsura, 2019-11-04, BGP (Border Gateway Protocol) [RFC4271] employs tie-breaking logic to select a single best path among multiple paths available, known as BGP best path selection. At the same time, it has become a common practice to allow for "equal-cost multipath" (ECMP) selection and programming of multiple next-hops in routing tables. This document summarizes some common considerations for the ECMP logic when BGP is used as the routing protocol, with the intent of providing common reference for otherwise unstandardized set of features. "Thing-to-Thing Data Hub", Klaus Hartke, 2019-11-04, A "Thing-to-Thing Data Hub" is a RESTful, hypermedia-driven Web application that can be used in Thing-to-Thing communications to share data items such as thing descriptions, configurations, resource descriptions, or firmware updates at a central location. "Adaptive IPv4 Address Space", Abraham Chen, Ramamurthy Ati, Abhay Karandikar, David Crowe, 2019-12-01, This document describes a solution to the Internet address depletion issue through the use of an existing Option mechanism that is part of the original IPv4 protocol. This proposal, named EzIP (phonetic for Easy IPv4), outlines the IPv4 public address pool expansion and the Internet system architecture enhancement considerations. EzIP may expand an IPv4 address by a factor of 256M without affecting the existing IPv4 based Internet, or the current private networks. It is in full conformance with the IPv4 protocol, and supports not only both direct and private network connectivity, but also their interoperability. EzIP deployments may coexist with existing Internet traffic and the IoT (Internet of Things) operations without perturbing their setups, while offering end-users the freedom to indepdently choose which service. EzIP may be implemented as a software or firmware enhancement to Internet edge routers or private network routing gateways, wherever needed, or simply installed as an inline adjunct hardware module between the two, enabling a seamless introduction. The 256M case detailed here establishes a complete spherical layer of routers for interfacing between the Internet fabic (core plus edge routers) and the end user premises. Incorporating caching proxy technology in the gateway, a fairly large geographical region may enjoy address expansion based on as little as one ordinary IPv4 public address utilizing IP packets with degenerated EzIP header. If IPv4 public pool allocations were reorganized, the assignable pool could be multiplied 512M fold or even more. EzIP will immediately resolve local IPv4 address shortages, while being transparent to the rest of the Internet. Under the Dual-Stack environment, these proposed interim facilities will relieve the IPv4 address shortage issue, while affording IPv6 more time to reach maturity and to provide the availability levels required for delivering a long-term general service. "Mobility Capability Negotiation and Protocol Selection", Zhiwei Yan, Guanggang Geng, Jong-Hyouk Lee, Anthony Chan, 2019-09-19, Based on different requirements, multiple mobility management protocols have been developed. Different protocols have different functional requirements on the network element or the host and then a scheme should be used in order to support the negotiation and selection of adopted mobility management protocol when a host accesses to a new network. In this draft, this issue is analyzed. "BGP Neighbor Discovery", Xiaohu Xu, Ketan Talaulikar, Kunyang Bi, Jeff Tantsura, Nikos Triantafillis, 2019-11-26, BGP is being used as the underlay routing protocol in some large- scaled data centers (DCs). Most popular design followed is to do hop-by-hop external BGP (EBGP) session configurations between neighboring routers on a per link basis. The provisioning of BGP neighbors in routers across such a DC brings its own operational complexity. This document introduces a BGP neighbor discovery mechanism that greatly simplifies BGP operations in such DC and other networks by automatic setup of BGP sessions between neighbor routers using this mechanism. "Slipmux: Using an UART interface for diagnostics, configuration, and packet transfer", Carsten Bormann, Tobias Kaupat, 2019-11-04, Many research and maker platforms for Internet of Things experimentation offer a serial interface. This is often used for programming, diagnostic output, as well as a crude command interface ("AT interface"). Alternatively, it is often used with SLIP (RFC1055) to transfer IP packets only. The present report describes how to use a single serial interface for diagnostics, configuration commands and state readback, as well as packet transfer. "Route Information Options in IPv6 Neighbor Discovery", Fred Templin, james woodyatt, 2019-06-24, The IPv6 Neighbor Discovery (ND) protocol allows nodes to discover neighbors on the same link. Router Advertisement (RA) messages can also convey routing information by including a non-zero (default) Router Lifetime, and/or Route Information Options (RIOs). This document specifies backward-compatible extensions that permit nodes to include RIOs in other IPv6 ND messages to support the discovery of more-specific routes among neighbors on the link. "Constrained YANG Module Library", Michel Veillette, Ivaylo Petrov, 2019-07-08, This document describes a constrained version of the YANG library that provides information about the YANG modules, datastores, and datastore schemas used by a constrained network management server (e.g., a CORECONF server). "Hypertext Transfer Protocol (HTTP) over multicast QUIC", Lucas Pardue, Richard Bradbury, Sam Hurst, 2019-08-08, This document specifies a profile of the QUIC protocol and the HTTP/3 mapping that facilitates the transfer of HTTP resources over multicast IP using the QUIC transport as its framing and packetisation layer. Compatibility with the QUIC protocol's syntax and semantics is maintained as far as practical and additional features are specified where this is not possible. "A Definition of the Term "Soon" for Use in Discussions with Working Group Chairs and Area Directors", Adrian Farrel, 2019-10-08, Many discussions with IETF Area Directors and Working Group Chairs utilize the word "Soon" to qualify a commitment to action. This document attempts to provide a definition of that term so that common expectations may be realistically set. "RFC Style Guide", Heather Flanagan, Editor Rfc, 2019-10-01, This document describes the fundamental and unique style conventions and editorial policies currently in use for the RFC Series. It captures the RFC Editor's basic requirements and offers guidance regarding the style and structure of an RFC. Additional guidance is captured on a website that reflects the experimental nature of that guidance and prepares it for future inclusion in the RFC Style Guide. This document obsoletes RFC 7322, "RFC Style Guide". "The OAuth 2.0 Authorization Framework: JWT Pop Token Usage", Nat Sakimura, Kepeng Li, John Bradley, 2019-07-22, This specification describes how to use JWT POP (Jpop) tokens that were obtained through [POPKD] in HTTP requests to access OAuth 2.0 protected resources. Only the party in possession of the corresponding cryptographic key for the Jpop token can use it to get access to the associated resources unlike in the case of the bearer token described in [RFC6750] where any party in posession of the access token can access the resource. "Compressed BGP Update Message", Tony Przygienda, Avinash Lingala, Csaba Mate, Jeff Tantsura, 2019-08-19, This document provides specification of an optional compressed BGP update message format to allow family independent reduction in BGP control traffic volume. "IGP-TE Extensions for DetNet Information Distribution", Xuesong Geng, Mach Chen, Zhenqiang Li, Fengwei Qin, Li Qiang, 2019-07-08, This document extends the IGP-TE, including OSPF-TE and ISIS-TE, to support DetNet by specifying new information that can be placed in Link State Protocol Data Units (LSP). This information describes additional details regarding the state of the network that are useful for DetNet computations. "CoAP Pub-Sub Profile for Authentication and Authorization for Constrained Environments (ACE)", Francesca Palombini, 2019-11-04, This specification defines an application profile for authentication and authorization for publishers and subscribers in a pub-sub setting scenario in a constrained environment, using the ACE framework. This profile relies on transport layer or application layer security to authorize the publisher to the broker. Moreover, it relies on application layer security for publisher-broker and subscriber-broker communication. "User-Plane Protocols for Multiple Access Management Service", Jing Zhu, SungHoon Seo, Satish Kanugovi, Shuping Peng, 2019-10-01, Today, a device can be simultaneously connected to multiple communication networks based on different technology implementations and network architectures like WiFi, LTE, and DSL. In such multi- connectivity scenario, it is desirable to combine multiple access networks or select the best one to improve quality of experience for a user and improve overall network utilization and efficiency. This document presents the u-plane protocols for a multi access management services (MAMS) framework that can be used to flexibly select the combination of uplink and downlink access and core network paths having the optimal performance, and user plane treatment for improving network utilization and efficiency and enhanced quality of experience for user applications. "Vehicular Neighbor Discovery for IP-Based Vehicular Networks", Jaehoon Jeong, Yiwen Shen, Zhong Xiang, Sandra Cespedes, 2019-11-04, This document specifies a Vehicular Neighbor Discovery (VND) as an extension of IPv6 Neighbor Discovery (ND) for IP-based vehicular networks. An optimized Address Registration and a multihop Duplicate Address Detection (DAD) mechanism are performed for having operation efficiency and also saving both wireless bandwidth and vehicle energy. Also, three new ND options for prefix discovery, service discovery, and mobility information report are defined to announce the network prefixes and services inside a vehicle (i.e., a vehicle's internal network). "DNS Name Autoconfiguration for Internet-of-Things Devices in IP-Based Vehicular Networks", Jaehoon Jeong, Sejun Lee, J., PARK, 2019-11-04, This document specifies an autoconfiguration scheme for device discovery and service discovery in IP-based vehicular networks. Through the device discovery, this document supports the global (or local) DNS naming of Internet-of-Things (IoT) devices, such as sensors, actuators, and in-vehicle units. By this scheme, the DNS name of an IoT device can be autoconfigured with the device's model information in wired and wireless target networks (e.g., vehicle, road network, home, office, shopping mall, and smart grid). Through the service discovery, IoT users (e.g., drivers, passengers, home residents, and customers) in the Internet (or local network) can easily identify each device for monitoring and remote-controlling it in a target network. "Signaling extensions for Media Channel sub-carriers configuration in Spectrum Switched Optical Networks (SSON) in Lambda Switch Capable (LSC) Optical Line Systems.", Gabriele Galimberti, Domenico Fauci, Andrea Zanardi, Lorenzo Galvagni, 2019-11-04, This memo defines the signaling extensions for managing Spectrum Switched Optical Network (SSON) parameters shared between the Client and the Network and inside the Network in accordance to the model described in RFC 7698. The extensions are in accordance and extending the parameters defined in ITU-T Recommendation G.694.1.[ITU.G694.1] and its extensions and G.872.[ITU.G872]. "OSPF Extensions for Broadcast Inter-AS TE Link", Huaimo Chen, Mehmet Toy, Xufeng Liu, Lei Liu, Zhenqiang Li, Yi Yang, 2019-07-08, This document presents extensions to the Open Shortest Path First (OSPF) for advertising broadcast inter-AS Traffic Engineering (TE) links. "ISIS Extensions for Broadcast Inter-AS TE Link", Huaimo Chen, Mehmet Toy, Xufeng Liu, Lei Liu, Zhenqiang Li, Yi Yang, 2019-07-08, This document presents extensions to the ISIS protocol for advertising broadcast inter-AS Traffic Engineering (TE) links. "BGP Logical Link Discovery Protocol (LLDP) Peer Discovery", Acee Lindem, Keyur Patel, Shawn Zandi, Jeffrey Haas, Xiaohu Xu, 2019-11-20, Link Layer Discovery Protocol (LLDP) or IEEE Std 802.1AB is implemented in networking equipment from many vendors. It is natural for IETF protocols to avail this protocol for simple discovery tasks. This document describes how BGP would use LLDP to discover directly connected and 2-hop peers when peering is based on loopback addresses. "Virtual Hub-and-Spoke in BGP EVPNs", Keyur Patel, Ali Sajassi, John Drake, Zhaohui Zhang, Wim Henderickx, 2019-09-02, Ethernet Virtual Private Network (EVPN) solution is becoming pervasive for Network Virtualization Overlay (NVO) services in data center (DC) applications and as the next generation virtual private LAN services in service provider (SP) applications. The use of host IP default route and host unknown MAC route within a DC is well understood in order to ensure that leaf nodes within a DC only learn and store host MAC and IP addresses for that DC. All other host MAC and IP addresses from remote DCs are learned and stored in DC GW nodes thus alleviating leaf nodes from learning host MAC and IP addresses from the remote DCs. This draft further optimizes the MAC and IP address learning at the leaf nodes such that a leaf node within a DC only needs to learn and store MAC and IP addresses associated with the sites directly connected to it. A leaf node does not need to learn and store MAC and IP addresses from any other leaf nodes thus reducing the number of learned MACs and IP addresses per EVI substantially. The modifications provided by this draft updates and extends RFC7024 for BGP EVPN Address Family. "SWORN: Secure Wake on Radio Nudging", Carsten Bormann, 2019-10-20, Normally off devices (RFC7228) would need to expend considerable energy resources to be reachable at all times. Instead, MAC layer mechanisms are often employed that allow the last hop router of the device to "wake" the device via radio when needed. Activating these devices even for a short time still does expend energy and thus should be available to authorized correspondents only. Traditionally, this has been achieved by heavy firewalling, allowing only authorized hosts to reach the device at all. This may be too inflexible for an Internet of Things. The present report describes how to use a combination of currently standardized (or in progress) technologies to securely effect this authorization. "Registries for Web Authentication (WebAuthn)", Jeff Hodges, Giridhar Mandyam, Michael Jones, 2019-12-12, This specification defines IANA registries for W3C Web Authentication attestation statement format identifiers and extension identifiers. "Deployments With Insertion of IPv6 Segment Routing Headers", Daniel Voyer, Clarence Filsfils, Darren Dukes, Satoru Matsushima, John Leddy, Zhenbin Li, Jim Guichard, 2019-11-19, SRv6 is deployed in multiple provider networks. This document describes the usage of SRH insertion and deletion within the SR domain and how security and end-to-end integrity is guaranteed. "The Hashed Token SASL Mechanism", Florian Schmaus, Christoph Egger, 2019-11-01, This document specifies the family of Hashed Token SASL mechanisms which enable a proof-of-possession-based authentication scheme and are meant to be used for quick re-authentication of a previous session. The Hashed Token SASL mechanism's authentication sequence consists of only one round-trip. The usage of short-lived, exclusively ephemeral hashed tokens is achieving the single round- trip property. The SASL mechanism specified herin further provides hash agility, mutual authentication and is secured by channel binding. "The 'payto' URI scheme for payments", Florian Dold, Christian Grothoff, 2019-11-04, This document defines the 'payto' Uniform Resource Identifier (URI) scheme for designating targets for payments. "NEAT Sockets API", Thomas Dreibholz, 2019-07-22, This document describes a BSD Sockets-like API on top of the callback-based NEAT User API. This facilitates porting existing applications to use a subset of NEAT's functionality. "Specification of DNS over Dedicated QUIC Connections", Christian Huitema, Melinda Shore, Allison Mankin, Sara Dickinson, Jana Iyengar, 2019-09-07, This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of- line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DNS/QUIC) has privacy properties similar to DNS over TLS specified in RFC7858, and performance similar to classic DNS over UDP. "Neighbor Vehicle Discovery and Service in IP-Based Vehicular Networks", Zhiwei Yan, Jong-Hyouk Lee, Jaehoon Jeong, 2019-11-17, For Cooperative Adaptive Cruise Control (C-ACC), platooning and other typical use cases in ITS, direct IP communication between neighbor vehicles poses the following two issues: 1) how to discover a neighbor vehicle and the demanded service; and 2) how to discover the link-layer address of the neighbor vehicle and selected server. This document presents a solution to these problems based on DNS-SD/mDNS [RFC6762][RFC6763]. "Performance Measurement (PM) with Alternate Marking Method in Service Function Chaining (SFC) Domain", Gregory Mirsky, Giuseppe Fioccola, Tal Mizrahi, 2019-06-18, This document describes how the alternate marking method can be used as the efficient performance measurement method taking advantage of the actual data flows in a Service Function Chaining (SFC) domain. "BFD for Multipoint Networks over Point-to-Multi-Point MPLS LSP", Gregory Mirsky, 2019-11-26, This document describes procedures for using Bidirectional Forwarding Detection (BFD) for multipoint networks to detect data plane failures in Multiprotocol Label Switching (MPLS) point-to-multipoint (p2mp) Label Switched Paths (LSPs). It also describes the applicability of LSP Ping, as in-band, and the control plane, as out-band, solutions to bootstrap a BFD session in this environment. "Bidirectional Forwarding Detection (BFD) in Segment Routing Networks Using MPLS Dataplane", Gregory Mirsky, Jeff Tantsura, Ilya Varlashkin, Mach Chen, 2019-08-02, Segment Routing (SR) architecture leverages the paradigm of source routing. It can be realized in the Multiprotocol Label Switching (MPLS) network without any change to the data plane. A segment is encoded as an MPLS label, and an ordered list of segments is encoded as a stack of labels. Bidirectional Forwarding Detection (BFD) is expected to monitor any existing path between systems. This document defines how to use Label Switched Path Ping to bootstrap a BFD session, control path in reverse direction of the SR-MPLS tunnel and applicability of BFD Demand mode in the SR-MPLS domain. "Loop avoidance using Segment Routing", Ahmed Bashandy, Clarence Filsfils, Stephane Litkowski, Pierre Francois, Peter Psenak, 2019-07-06, This document presents a mechanism aimed at providing loop avoidance in the case of IGP network convergence event. The solution relies on the temporary use of SR policies ensuring loop-freeness over the post-convergence paths from the converging node to the destination. "Service Redundancy using BFD", Sami Boutros, Ankur Dubey, Reshad Rahman, 2019-07-02, In a data center, when multiple routing/service nodes are providing single active redundancy for a set of L2, L3 and/or L4-L7 services. Both non-revertive and revertive fail over modes are required for the services. This draft describes a method to achieve the non-revertive and revertive fail over modes for services using Bidirectional Forwarding Detection (BFD). "Responder Initiated IP Addresses Update in MOBIKE", Valery Smyslov, 2019-11-27, IKEv2 Mobility and Multihoming Protocol (MOBIKE), defined in [RFC4555] allows peers to update their IP addresses without re- establishing IKE and IPsec Security Associations (SAs). In the MOBIKE protocol it is the Initiator of the IKE SA, who is responsible for selecting new SA addresses and for initiating the IP addresses update procedure. This document presents an extension to the MOBIKE protocol that allows the Responder to initiate IP address update. The document updates [RFC4555]. "The AERO Address", Fred Templin, 2019-06-24, IPv6 interfaces are required to have a link-local address that is unique on the link. Nodes normally derive a link local address through the use of IPv6 Stateless Address Autoconfiguration (SLAAC) and employ Duplicate Address Detection (DAD) to ensure uniqueness. This document presents a method for a node that obtains a delegated prefix to statelessly construct a link-local address (known as the "AERO address") that is assured to be unique on the link. "A Message Header to Identify Subscription Form Mail", John Levine, 2019-11-26, Many organizations have web forms that provoke an e-mail confirmation to the e-mail address provided in the form. Malicious entities do bulk form submissions with forged addresses, resulting in mail floods to the holders of those addresses. This document defines a message header to identify mail sent in response to web forms, so that recipient mail systems can better recognize and mitigate the mail floods. "BFD in Demand Mode over Point-to-Point MPLS LSP", Gregory Mirsky, 2019-06-21, This document describes procedures for using Bidirectional Forwarding Detection (BFD) in Demand mode to detect data plane failures in Multiprotocol Label Switching (MPLS) point-to-point Label Switched Paths. "pretty Easy privacy (pEp): Privacy by Default", Volker Birk, Hernani Marques, Bernie Hoeneisen, 2019-11-04, The pretty Easy privacy (pEp) model and protocols describe a set of conventions for the automation of operations traditionally seen as barriers to the use and deployment of secure, privacy-preserving end- to-end interpersonal messaging. These include, but are not limited to, key management, key discovery, and private key handling (including peer-to-peer synchronization of private keys and other user data across devices). Human Rights-enabling principles like Data Minimization, End-to-End and Interoperability are explicit design goals. For the goal of usable privacy, pEp introduces means to verify communication between peers and proposes a trust-rating system to denote secure types of communications and signal the privacy level available on a per-user and per-message level. Significantly, the pEp protocols build on already available security formats and message transports (e.g., PGP/MIME with email), and are written with the intent to be interoperable with already widely- deployed systems in order to ease adoption and implementation. This document outlines the general design choices and principles of pEp. "SFC OAM for path consistency", Ting Ao, Gregory Mirsky, Zhonghua Chen, Kent Leung, 2019-12-01, Service Function Chain (SFC) defines an ordered set of service functions (SFs) to be applied to packets and/or frames and/or flows selected as a result of classification. SFC Operation, Administration and Maintenance can monitor the continuity of the SFC, i.e., that all elements of the SFC are reachable to each other in the downstream direction. But SFC OAM must support verification that the order of traversing these SFs corresponds to the state defined by the SFC control plane or orchestrator, the metric referred in this document as the path consistency of the SFC. This document defines a new SFC active OAM method to support SFC consistency check, i.e. verification that all elements of the given SFC are being traversed in the expected order. "Controlled Return Path for Service Function Chain (SFC) OAM", Ting Ao, Gregory Mirsky, Zhonghua Chen, 2019-12-01, This document defines an extension to the Service Function Chain (SFC) Operation, Administration and Maintenance (OAM) that enables control of the Echo Reply return path directing it over a Reverse Service Function Path. Enforcing the specific return path can be used to verify the bidirectional connectivity of SFC and increase the robustness of SFC OAM. "SOCKS Protocol Version 6", Vladimir Olteanu, Dragos Niculescu, 2019-11-04, The SOCKS protocol is used primarily to proxy TCP connections to arbitrary destinations via the use of a proxy server. Under the latest version of the protocol (version 5), it takes 2 RTTs (or 3, if authentication is used) before data can flow between the client and the server. This memo proposes SOCKS version 6, which reduces the number of RTTs used, takes full advantage of TCP Fast Open, and adds support for 0-RTT authentication. "MPT Network Layer Multipath Library", Gabor Lencse, Szabolcs Szilagyi, Ferenc Fejes, Marius Georgescu, 2019-12-12, Although several contemporary IT devices have multiple network interfaces, communication sessions are restricted to use only one of them at a time due to the design of the TCP/IP protocol stack: the communication endpoint is identified by an IP address and a TCP or UDP port number. The simultaneous use of these multiple interfaces for a communication session would improve user experience through higher throughput and improved resilience to network failures. MPT is a network layer multipath solution, which provides a tunnel over multiple paths using the GRE-in-UDP specification, thus being different from both MPTCP and Huawei's GRE Tunnel Bonding Protocol. MPT can also be used as a router, routing the packets among several networks between the tunnel endpoints, thus establishing a multipath site-to-site connection. The version of tunnel IP and the version of path IP are independent from each other, therefore MPT can also be used for IPv6 transition purposes. "PCEP Procedures and Protocol Extensions for Using PCE as a Central Controller (PCECC) of SR-LSPs", Quintin Zhao, Zhenbin Li, Mahendra Negi, Chao Zhou, 2019-07-09, The Path Computation Element (PCE) is a core component of Software- Defined Networking (SDN) systems. It can compute optimal paths for traffic across a network and can also update the paths to reflect changes in the network or traffic demands. PCE was developed to derive paths for MPLS Label Switched Paths (LSPs), which are supplied to the head end of the LSP using the Path Computation Element Communication Protocol (PCEP). But SDN has a broader applicability than signaled (G)MPLS traffic-engineered (TE) networks, and the PCE may be used to determine paths in a range of use cases. PCEP has been proposed as a control protocol for use in these environments to allow the PCE to be fully enabled as a central controller. A PCE-based central controller (PCECC) can simplify the processing of a distributed control plane by blending it with elements of SDN and without necessarily completely replacing it. Thus, the LSP can be calculated/setup/initiated and the label forwarding entries can also be downloaded through a centralized PCE server to each network devices along the path while leveraging the existing PCE technologies as much as possible. This document specifies the procedures and PCEP protocol extensions when a PCE-based controller is also responsible for configuring the forwarding actions on the routers, in addition to computing the paths for packet flows in a segment routing network and telling the edge routers what instructions to attach to packets as they enter the network. "QUIC Interdomain Troubleshooting", Stephan Emile, Mathilde Cayla, Arnaud Braud, Frederic Fieau, Alexandre Ferrieux, Marcus Ihlar, 2019-07-08, On-path network performance measurements methods currently deployed contribute to the ossification of the Internet because they are expensive to deploy and to maintain. This draft motivates the exposure of QUIC header fields for on-path network measurements and their specification in the QUIC core protocol as a solution to avoid on-path network performance measurements to ossify the IP stack in the future. "Loop Protection in EVPN networks", Jorge Rabadan, Senthil Sathappan, Kiran Nagaraj, Julio Bueno, Jose Crespo, 2019-08-05, Ethernet Virtual Private Networks (EVPN) is becoming the de-facto standard-based control plane solution for Data Center and layer-2 Service Provider applications. The risk of loops caused by backdoor paths accidentally created within the same broadcast domain, is a general common concern, especially among Service Providers in large Layer-2 networks. While other layer-2 Ethernet technologies use Spanning Tree based Protocols (xSTP) to provide a network-wide loop protection, EVPN has the right tools to detect and protect the network against loops in an efficient and effective way. This document describes a mechanism to provide global loop protection in EVPN networks. "Intelligent Reinforcement-learning-based Network Management", Min-Suk Kim, Youn-Hee Han, Yong-Geun Hong, 2019-07-08, This document presents intelligent network management based on Artificial Intelligent (AI) such as reinforcement-learning approaches. In a heterogeneous network, intelligent management with Artificial Intelligent should usually provide real-time connectivity, the type of network management with the quality of real-time data, and transmission services generated by an application service. With that reason intelligent management system is needed to support real- time connection and protection through efficient management of interfering network traffic for high-quality network data transmission in the both cloud and IoE network systems. Reinforcement-learning is one of the machine learning algorithms that can intelligently and autonomously provide to management systems over a communication network. Reinforcement-learning has developed and expanded with deep learning technique based on model-driven or data- driven technical approaches so that these trendy techniques have been widely to intelligently attempt an adaptive networking models with effective strategies in environmental disturbances over variety of networking areas. For Network AI with the intelligent and effective strategies, intent-based network (IBN) can be also considered to continuously and automatically evaluate network status under required policy for dynamic network optimization. The key element for the intent-based network is that it provides a verification of whether the represented network intent is implementable or currently implemented in the network. Additionally, this approach need to provide to take action in real time if the desired network state and actual state are inconsistent. "Problem Statement and Considerations for ROAs issued with Multiple Prefixes", Zhiwei Yan, Randy Bush, Guanggang Geng, Jiankang Yao, 2019-09-10, The address space holder needs to issue an ROA object when it authorizes one or more ASes to originate routes to multiple prefixes. During the process of ROA issuance, the address space holder needs to specify an origin AS for a list of IP prefixes. Besides, the address space holder has a free choice to put multiple prefixes into a single ROA or issue separate ROAs for each prefix based on the current specification. This memo analyzes and presents some operational problems which may be caused by the misconfigurations of ROAs containing multiple IP prefixes. Some suggestions and considerations also have been proposed. "Linkset: Media Types and a Link Relation Type for Link Sets", Erik Wilde, Herbert Van de Sompel, 2019-08-28, This specification defines two media types and a link relation type for sets of links. The media types can be used to represents links in a standalone fashion, in one case in the native format as used in the HTTP Link header, and in the other case in a JSON-based format. The link relation type can be used by a resource to point at another resource that provides a set of links, including links in which the former resource participates. One typical scenario is when the number of links to put in an HTTP Link header becomes too big, and thus these links should be provided in another way. "IPv6-only Terminology Definition", Jordi Palet, 2019-07-03, This document defines the terminology regarding the usage of expressions such as "IPv6-only", in order to avoid confusions when using them in IETF and other documents. The goal is that the reference to "IPv6-only" describes the actual native functionality being used, not the actual protocol support. "LISP for the Mobile Network", Dino Farinacci, Padma Pillay-Esnault, Uma Chunduri, 2019-09-09, This specification describes how the LISP architecture and protocols can be used in a LTE/5G mobile network to support session survivable EID mobility. A recommendation is provided to SDOs on how to integrate LISP into the mobile network. "Reassignment of System Ports to the IESG", Mirja Kuehlewind, Sabrina Tanamal, 2019-06-06, In the IANA Service Name and Transport Protocol Port Number Registry, a large number of System Ports is currently assigned to individuals or companies who have registered the port for the use with a certain protocol before RFC6335 was published. For some of these ports, RFCs exist that describe the respective protocol; for others, RFCs are under development that define, re-define, or assign the protocol used for the respective port, e.g. in case of so-far unused UDP ports that have been registered together with the respective TCP port. In these cases the IESG has the change control about the protocol used on the port (as described in an RFC) but does not have the change control about the port usage itself. Currently, to transfer the change control to the IESG, the original assignee has to be contacted to initialize this transfer. As it is not always possible to get in touch with the original assignee, e.g. because of out-dated contact information or other reasons, and the current practice of case-by- case changes does not scale well, this document instructs IANA to perform actions with the goal to reassigns all System Ports to the IESG that have been assigned to individuals prior to the publication of RFC6335. "Guide for building an ECC pki", Robert Moskowitz, Henk Birkholz, Liang Xia, Michael Richardson, 2019-08-13, This memo provides a guide for building a PKI (Public Key Infrastructure) using openSSL. All certificates in this guide are ECDSA, P-256, with SHA256 certificates. Along with common End Entity certificates, this guide provides instructions for creating IEEE 802.1AR iDevID Secure Device certificates. "Signed HTTP Exchanges", Jeffrey Yasskin, 2019-11-04, This document specifies how a server can send an HTTP exchange--a request URL, content negotiation information, and a response--with signatures that vouch for that exchange's authenticity. These signatures can be verified against an origin's certificate to establish that the exchange is authoritative for an origin even if it was transferred over a connection that isn't. The signatures can also be used in other ways described in the appendices. These signatures contain countermeasures against downgrade and protocol-confusion attacks. "Transferring Bulk Data over the GeneRic Autonomic Signaling Protocol (GRASP)", Brian Carpenter, Sheng Jiang, Bing Liu, 2019-07-02, This document describes how bulk data may be transferred between Autonomic Service Agents via the GeneRic Autonomic Signaling Protocol (GRASP). Although not an equivalent of a file transfer protocol, such a technique may be used for non-urgent transfer of data too large to fit into a normal GRASP message. "IPv6 Source Routing for ultralow Latency", Andreas Foglar, Mike Parker, Theodoros Rokkas, 2019-07-21, This Internet-Draft describes a hierarchical addressing scheme for IPv6, intentionally very much simplified to allow for very fast source routing experimentation using simple forwarding nodes. Research groups evaluate achievable latency reduction for special applications such as radio access networks, industrial networks or other networks requiring very low latency. "Controller Based BGP Multicast Signaling", Zhaohui Zhang, Robert Raszuk, Dante Pacella, Arkadiy Gulko, 2019-11-18, This document specifies a way that one or more centralized controllers can use BGP to set up a multicast distribution tree in a network. In the case of labeled tree, the labels are assigned by the controllers either from the controllers' local label spaces, or from a common Segment Routing Global Block (SRGB), or from each routers Segment Routing Local Block (SRLB) that the controllers learn. In case of labeled unidirectional tree and label allocation from the common SRGB or from the controllers' local spaces, a single common label can be used for all routers on the tree to send and receive traffic with. Since the controllers calculate the trees, they can use sophisticated algorithms and constraints to achieve traffic engineering. "MISP galaxy format", Alexandre Dulaunoy, Andras Iklody, Deborah Servili, 2019-10-04, This document describes the MISP galaxy format which describes a simple JSON format to represent galaxies and clusters that can be attached to MISP events or attributes. A public directory of MISP galaxies is available and relies on the MISP galaxy format. MISP galaxies are used to add further informations on a MISP event. MISP galaxy is a public repository [MISP-G] [MISP-G-DOC] of known malware, threats actors and various other collections of data that can be used to mark, classify or label data in threat information sharing. "MISP object template format", Alexandre Dulaunoy, Andras Iklody, 2019-06-23, This document describes the MISP object template format which describes a simple JSON format to represent the various templates used to construct MISP objects. A public directory of common vocabularies MISP object templates [MISP-O] is available and relies on the MISP object reference format. "Simple Group Keying Protocol (SGKP)", Donald Eastlake, Dacheng Zhang, 2019-06-27, This document specifies a simple general group keying protocol that provides for the distribution of shared secret keys to group members and the management of such keys. It assumes that secure pairwise keys can be created between any two group members. "Registration Procedures for Private Enterprise Numbers (PENs)", Amanda Baber, Paul Hoffman, 2019-10-25, This document describes how Private Enterprise Numbers (PENs) are registered by IANA. It shows how to request a new PEN and how to request an update to a current PEN. It also gives a brief overview of PEN uses. "Elliptic curve 2y^2=x^3+x over field size 8^91+5", Dan Brown, 2019-10-03, In elliptic curve cryptography, 2y^2=x^3+x/GF(8^91+5) hedges a remote risk of potential weakness in other curves, if used in multi-curve Diffie--Hellman, for example. This curve features: isomorphism to Miller curves from 1985; low Kolmogorov complexity (little room for secretly embedded trapdoors of Gordon, Young--Yung, or Teske); likeness to a Bitcoin curve; 34-byte keys; prime field; 5*64-bit field arithmetic; easy reduction, inversion, Legendre symbol, and square root; Montgomery ladder or Edwards unified curve arithmetic (Hisil--Carter--Dawson--Wong); multiplication by i (Gallant--Lambert--Vanstone); and string-as-point encoding. "Subscription to Multiple Stream Originators", Tianran Zhou, Guangying Zheng, Eric Voit, Alexander Clemm, 2019-11-04, This document describes the distributed data export mechanism that allows multiple data streams to be managed by using a single subscription. Specifically, device can decide to decompse one subscription into multiple subscriptions to the line-cards. So that each line-card can directly push data to the collector without passing through a broker for internal consolidation. And the device can indicate the subscription decomposition result to the receiver to check the data integrity. "A YANG Data Model for Ethernet TE Topology", Haomian Zheng, Aihua Guo, Italo Busi, Yunbin Xu, Yang Zhao, Xufeng Liu, 2019-11-18, A transport network is a server-layer network to provide connectivity services to its client. In this draft the topology of Ethernet with TE is described with YANG data model. "A YANG Data Model for Client-layer Tunnel", Haomian Zheng, Aihua Guo, Italo Busi, Yunbin Xu, Yang Zhao, Xufeng Liu, 2019-08-21, A transport network is a server-layer network to provide connectivity services to its client. In this draft the tunnel of client is described, with the definition of client tunnel YANG model. "OSPFv3 Extensions for SRv6", Zhenbin Li, Zhibo Hu, Dean Cheng, Ketan Talaulikar, Peter Psenak, 2019-11-04, Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of topological sub-paths, called "segments". Segment routing architecture can be implemented over an MPLS data plane as well as an IPv6 data plane. This draft describes the OSPFv3 extensions required to support Segment Routing over an IPv6 data plane (SRv6). "BIER BFD", Quan Xiong, Gregory Mirsky, fangwei hu, Chang Liu, 2019-07-03, Point to multipoint (P2MP) BFD is designed to verify multipoint connectivity. This document specifies the application of P2MP BFD in BIER network. "BIER in IPv6 (BIERin6)", Zheng Zhang, Tony Przygienda, IJsbrand Wijnands, Hooman Bidgoli, Mike McBride, 2019-07-08, BIER is a new architecture for the forwarding of multicast data packets. This document defines native IPv6 encapsulation for BIER hop-by-hop forwarding or BIERin6 for short. "OSPF Graceful Restart Enhancements", Vijayalaxmi Basavaraj, Ankur Dubey, Sami Boutros, Acee Lindem, 2019-07-08, This document describes enhancements to the OSPF graceful restart procedures to improve routing convergence in some OSPF network deployments. This document updates RFC 3623 and RFC 5187. "Generic Application Programming Interface (API) for Sliding Window FEC Codes", Vincent Roca, Jonathan Detchart, Cedric Adjih, Morten Pedersen, 2019-11-17, This document introduces a generic Application Programming Interface (API) for sliding window FEC codes. This API is meant to be compatible with any sliding window FEC code. It defines the core procedures and functions meant to control the codec (i.e., implementation of the FEC code). However, it leaves out all upper layer aspects that are the responsibility of the application or protocol making use of the codec. As a consequence, this is not an API for a FEC Scheme since certain mechanisms that must be defined by any FEC Scheme (e.g., signalling and FEC Payload IDs) are the responsibility of the caller instead of being addressed by the codec. A first goal of this document is to pave the way for a future open- source implementation of such codes, another goal is to simplify the development of content delivery protocols that rely on sliding window FEC codes for robust transmissions. "PCEP Extension for Stateful Inter-Domain Tunnels", Olivier Dugeon, Julien Meuric, Young Lee, Daniele Ceccarelli, 2019-11-04, This document proposes to combine a Backward Recursive or Hierarchical method in Stateful PCE with PCInitiate message to setup independent paths per domain, and combine these different paths together in order to operate them as end-to-end inter-domain paths without the need of signaling session between inter-domain border routers. A new Stitching Label is defined, new Path Setup Types, a new Association Type and a new PCEP Capability are considered for that purpose. "MAC move over Geneve encapsulation", Sami Boutros, Jerome Catrouillet, Mohana Singamsetty, Parag Jain, 2019-09-19, This document specifies a mechanism to signal Media Access Control (MAC) addresses move over a Network Virtualization Overlays over Layer 3 (NVO3) virtual tunnel. Such notification is useful in redundancy scenarios when a Layer 2 service that was active on a Network Virtualization Edge (NVE) fails over to a standby NVE. This notification can be used only when data plane mac learning is enabled over the NVO3 tunnels. "Geneve applicability for service function chaining", Sami Boutros, Dharma Rajan, Philip Kippen, Pierluigi Rolando, Jim Guichard, Sam Aldrin, 2019-09-16, This document describes the applicability of using Generic Network Virtualization Encapsulation (Geneve), to carry the service function path (SFP) information, and the network service header (NSH) encapsulation. The SFP information will be carried in Geneve option TLV(s). "Echo Request/Reply for In-situ OAM Capabilities", Min Xiao, Gregory Mirsky, Lei Bo, 2019-10-27, This document describes an extension to the echo request/reply mechanisms used in IPv6, SR-MPLS and SFC environments, which can be used within an IOAM domain, allowing the IOAM encapsulating node to acquire IOAM capabilities of each IOAM transit node and/or IOAM decapsulating node. "Compact Alternate Marking Methods for Passive and Hybrid Performance Monitoring", Tal Mizrahi, Carmi Arad, Giuseppe Fioccola, Mauro Cociglio, Mach Chen, Lianshu Zheng, Gregory Mirsky, 2019-07-06, This memo introduces new alternate marking methods that require a compact overhead of either a single bit per packet, or zero bits per packet. This memo also presents a summary of alternate marking methods, and discusses the tradeoffs among them. The target audience of this document is network protocol designers; this document is intended to help protocol designers choose the best alternate marking method(s) based on the protocol's constraints and requirements. "DHCPv6_PD, PDP and NDP Implementation in IoT Router (DANIR)", Dmytro Shytyi, Alexandre Petrescu, 2019-09-18, This document provides a description of the implementation of Dynamic Host Configuration Protocol version 6 Prefix Delegation, Neighbour Discovery Protocol and of the use of the Packet Data Protocol in an Internet of Things Router. This Internet of Things Router is connected on a cellular network; it is a DHCPv6-PD Client and it requests a /56 pool of prefixes from the server; the DHCPv6-PD server is placed in the PGW and is a part of the cellular infrastructure. After the pool of prefixes is delegated, the Internet of Things Router derives sub-prefixes from the prefix pool; each one of these sub-prefixes is aimed at one ingress interface. After the Internet of Things Router finishes the network prefix assignment procedure, it advertises the network prefixes on the ingress links by using the Neighbour Discovery protocol. Finally, when Hosts receive the sub-prefixes via Router Adverticement messages, they configure the Global Unique Address with the Stateless Address Auto-configuration protocol. "I2NSF on the NFV Reference Architecture", Hyunsik Yang, Young-Han Kim, Jaehoon Jeong, Jinyong Kim, 2019-07-08, This document describes the integration of Interface to Network Security Functions (I2NSF) Framework into the Network Functions Virtualization (NFV) Reference Model. This document explains how the components and interfaces in the I2NSF Framework can be placed in the NFV reference architecture, and also explains the procedures of the lifecycle management of Network Security Functions (NSFs) according to a user's security policy specification in the I2NSF framework on the NFV system. "TLS 1.3 Impact on Network-Based Security", Flemming Andreasen, Nancy Cam-Winget, Eric Wang, 2019-07-08, Network-based security solutions are used by enterprises, public sector, and cloud service providers today in order to both complement and enhance host-based security solutions. TLS 1.3 introduces several changes to TLS 1.2 with a goal to improve the overall security and privacy provided by TLS. However some of these changes have a negative impact on network-based security solutions and deployments that adopt a multi-layered approach to security. While this may be viewed as a feature, there are several real-life use case scenarios where the same functionality and security can not be offered without such network-based security solutions. In this document, we identify the TLS 1.3 changes that may impact such use cases. "Intent-Based Networking - Concepts and Overview", Alexander Clemm, Laurent Ciavaglia, Lisandro Granville, Jeff Tantsura, 2019-11-04, Intent and Intent-Based Networking are taking the industry by storm. At the same time, those terms are used loosely and often inconsistently, in many cases overlapping and confused with other concepts such as "policy". This document is intended to clarify the concept of "Intent" and provide an overview of functionality that associated with it. The goal is to contribute towards a common and shared understanding of terms, concepts, and functionality which can be used as foundation to guide further definition of associated research and engineering problems and their solutions. "EVPN Multi-Homing Mechanism for Layer-2 Gateway Protocols", Patrice Brissette, Ali Sajassi, LucAndre Burdet, Daniel Voyer, 2019-11-04, The existing EVPN multi-homing load-balancing modes defined are Single-Active and All-Active. Neither of these multi-homing mechanisms are appropriate to support access networks with Layer-2 Gateway protocols such as G.8032, MPLS-TP, STP, etc. These Layer-2 Gateway protocols require a new multi-homing mechanism defined in this draft. "YANG Model for QoS Operational Parameters", Aseem Choudhary, Ing-Wher Chen, 2019-10-31, This document describes a YANG model for Quality of Service (QoS) operational parameters. "EVPN multi-homing port-active load-balancing", Patrice Brissette, Ali Sajassi, Bin Wen, Eddie Leyton, Jorge Rabadan, 2019-10-31, The Multi-Chassis Link Aggregation Group (MC-LAG) technology enables the establishment of a logical link-aggregation connection with a redundant group of independent nodes. The purpose of multi-chassis LAG is to provide a solution to achieve higher network availability, while providing different modes of sharing/balancing of traffic. EVPN standard defines EVPN based MC-LAG with single-active and all-active multi-homing load-balancing mode. The current draft expands on existing redundancy mechanisms supported by EVPN and introduces support of port-active load-balancing mode. In the current document, port-active load-balancing mode is also referred to as per interface active/standby. "YANG Data Model for SRv6 Base and Static", Kamran Raza, Sonal Agarwal, Xufeng Liu, Zhibo Hu, Iftekhar Hussain, Himanshu Shah, Daniel Voyer, Hani Elmalky, Satoru Matsushima, Katsuhiro Horiba, Ahmed Abdelsalam, Jaganbabu Rajamanickam, 2019-10-30, This document describes a YANG data model for Segment Routing IPv6 (SRv6) base. The model serves as a base framework for configuring and managing an SRv6 subsystem and expected to be augmented by other SRv6 technology models accordingly. Additionally, this document also specifies the model for the SRv6 Static application. The YANG modules in this document conform to the Network Management Datastore Architecture (NMDA). "Extension of Probabilistic Routing Protocol using History of Encounters and Transitivity for Information Centric Network", Yun Chung, Min Kang, Dong Seo, Young-Han Kim, 2019-11-04, This document proposes extension of probabilistic routing protocol using history of encounters and transitivity (PRoPHET) for information centric network. "AsciiRFC: Authoring Internet-Drafts And RFCs Using AsciiDoc", Ronald Tse, Nick Nicholas, Paolo Brasolin, 2018-04-17, This document describes an AsciiDoc syntax extension called AsciiRFC, designed for authoring IETF Internet-Drafts and RFCs. AsciiDoc is a human readable document markup language which affords more granular control over markup than comparable schemes such as Markdown. The AsciiRFC syntax is designed to allow the author to entirely focus on text, providing the full power of the resulting RFC XML through the AsciiDoc language, while abstracting away the need to manually edit XML, including references. This document itself was written and generated into RFC XML v2 (RFC7749) and RFC XML v3 (RFC7991) directly through asciidoctor-rfc, an AsciiRFC generator. "Relative JSON Pointers", Geraint Luff, Henry Andrews, 2019-09-18, JSON Pointer is a syntax for specifying locations in a JSON document, starting from the document root. This document defines an extension to the JSON Pointer syntax, allowing relative locations from within the document. "JSON Schema: A Media Type for Describing JSON Documents", Austin Wright, Henry Andrews, Ben Hutton, Greg Dennis, 2019-09-17, JSON Schema defines the media type "application/schema+json", a JSON- based format for describing the structure of JSON data. JSON Schema asserts what a JSON document must look like, ways to extract information from it, and how to interact with it. The "application/ schema-instance+json" media type provides additional feature-rich integration with "application/schema+json" beyond what can be offered for "application/json" documents. "JSON Schema Validation: A Vocabulary for Structural Validation of JSON", Austin Wright, Henry Andrews, Ben Hutton, 2019-09-17, JSON Schema (application/schema+json) has several purposes, one of which is JSON instance validation. This document specifies a vocabulary for JSON Schema to describe the meaning of JSON documents, provide hints for user interfaces working with JSON data, and to make assertions about what a valid document must look like. "JSON Hyper-Schema: A Vocabulary for Hypermedia Annotation of JSON", Henry Andrews, Austin Wright, 2019-09-17, JSON Schema is a JSON-based format for describing JSON data using various vocabularies. This document specifies a vocabulary for annotating JSON documents with hyperlinks. These hyperlinks include attributes describing how to manipulate and interact with remote resources through hypermedia environments such as HTTP, as well as determining whether the link is usable based on the instance value. The hyperlink serialization format described in this document is also usable independent of JSON Schema. "A Unified Stateful/Stateless Configuration Service for IPv6", Fred Templin, 2019-06-24, IPv6 Neighbor Discovery (IPv6ND) specifies a control message set for nodes to discover neighbors, routers, prefixes and other services on the link. It also supports a manner of StateLess Address AutoConfiguration (SLAAC), while the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) specifies a separate stateful service. This document presents IPv6ND extensions for providing a unified stateful/stateless configuration service. "Efficient Layer 2 Multicast with Point-to-Point Pseudowires", Weiqiang Cheng, Jie Dong, 2019-11-18, Multicast services such as Evolved Multimedia Broadcast/Multicast Service (eMBMS) become more and more popular in mobile networks. In mobile transport network, it is important for the operators to provide efficient transport of multicast services with existing network devices. This document describes a mechanism of using point- to-point Pseudowires (PW) [RFC3985] to achieve efficient layer 2 multicast transportation in mobile transport networks.The document gives a multicast method by utilizing a Point-to-Point (P2P) path between nodes in a packet transport network , according to the destination IP address. With it, the PTN nodes can replicate and forward the service message, which are received from the multicast server, to the plurality of multicast clients corresponding to the destination IP address. "A Persistent Web IDentifier (PWID) URN Namespace", Eld Zierau, 2019-09-06, This document specifies a Uniform Resource Name (URN) for Persistent Web IDentifiers for web material in web archives using the 'pwid' namespace identifier. The main purpose of the standard is to support specification of references that are not covered by other reference techniques: to support references to material in web archives with restricted access. Furthermore, it supports persistent technology agnostic references to web archives in general, in a form that can work as an algorithmic basis for finding web archive resources in general. An additional important benefit is that the standard can be used for specifying web collections, which can then form a persistent computational basis for the extract of the archived collection parts. The PWID URN is designed to meet requirements for proper referencing needed by researchers. Therefore, it is designed as general, global, sustainable, humanly readable, technology agnostic, persistent and precise web references for web materials in web archives. "HTTP Live Streaming 2nd Edition", Roger Pantos, 2019-09-23, This document obsoletes RFC 8216. It describes a protocol for transferring unbounded streams of multimedia data. It specifies the data format of the files and the actions to be taken by the server (sender) and the clients (receivers) of the streams. It describes version 8 of this protocol. "Multiple Access Management Services", Satish Kanugovi, Florin Baboescu, Jing Zhu, Julius Mueller, SungHoon Seo, 2019-05-31, In multiconnectivity scenarios, the end-user devices can simultaneously connect to multiple networks based on different access technologies and network architectures like WiFi, LTE, DSL. Both the quality of experience of the users and the overall network utilization and efficiency may be improved through the smart selection and combination of access and core network paths that can dynamically adapt to changing network conditions. This document presents a unified problem statement and introduces a solution for managing multiconnectivity. The solution has been developed by the authors based on their experiences in multiple standards bodies including the IETF and 3GPP, but is not an Internet Standard and does not represent the consensus opinion of the IETF. This document describes the requirements, solution principles, and an architectural framework that aims to provide best performance while being easy to implement in a wide variety of multiconnectivity deployments. It specifies the protocol multi-access management to: 1) flexibly select the best combination of access and core network paths for uplink and downlink; as well as 2) determine the user plane treatment and traffic distribution over the selected links ensuring network efficiency and application performance. "Registry Maintenance Notifications for the Extensible Provisioning Protocol (EPP)", Tobias Sattler, Roger Carney, Jody Kolker, 2019-09-26, This document describes an Extensible Provision Protocol (EPP) mapping for domain name registry's maintenance notifications. "A Decent LISP Mapping System (LISP-Decent)", Dino Farinacci, Colin Cantrell, 2019-09-03, This draft describes how the LISP mapping system designed to be distributed for scale can also be decentralized for management and trust. "BIER Prefix Redistribute", Zheng Zhang, Wu Bo, Zhaohui Zhang, IJsbrand Wijnands, 2019-09-23, This document defines a BIER proxy function to interconnect different underlay routing protocol areas in a network. And a new BIER proxy range sub-TLV is also defined to convey BIER BFR-id information across the routing areas. "Deterministic Networking Application in Ring Topologies", Yuanlong Jiang, Norman Finn, Jeong-dong Ryoo, Balazs Varga, Liang Geng, 2019-06-17, Deterministic Networking (DetNet) provides a capability to carry data flows for real-time applications with extremely low data loss rates and bounded latency. This document describes how DetNet can be used in ring topologies to support Point-to-Point (P2P) and Point-to- Multipoint (P2MP) real-time services. "A feature freezer for the Concise Data Definition Language (CDDL)", Carsten Bormann, 2019-07-22, In defining the Concise Data Definition Language (CDDL), some features have turned up that would be nice to have. In the interest of completing this specification in a timely manner, the present document was started to collect nice-to-have features that did not make it into the first RFC for CDDL, RFC 8610. It is now time to discuss thawing some of the concepts discussed here. A number of additional proposals have been added. "Simple Group Keying Protocol TRILL Use Protfiles", Donald Eastlake, Dacheng Zhang, 2019-06-27, This document specifies use profiles for the application of the simple group keying protocol (SGKP) to multi-destination TRILL Extended RBridge Channel message security (RFC 7978) and TRILL over IP packet security (draft-ietf-trill-over-ip). "Extended Socket APIs to control subflow priority in Multipath TCP", Samar Shailendra, Hemant Rath, Arpan Pal, Abhijit Mondal, 2019-08-04, This document provides the extended Socket APIs to control subflow priority for Multipath TCP. It also describes an additional data structure for MPTCP to make the subflow priority persistent across subflow disconnection. "Application-Layer TLS", Owen Friel, Richard Barnes, Max Pritikin, Hannes Tschofenig, Mark Baugher, 2019-11-04, This document specifies how TLS and DTLS can be used at the application layer for the purpose of establishing secure end-to-end encrypted communication security. Encodings for carrying TLS and DTLS payloads are specified for HTTP and CoAP to improve interoperability. While the use of TLS and DTLS is straight forward we present multiple deployment scenarios to illustrate the need for end-to-end application layer encryption and the benefits of reusing a widely deployed and readily available protocol. Application software architectures for building, and network architectures for deploying application layer TLS are outlined. "Random Linear Network Coding (RLNC)-Based Symbol Representation", Janus Heide, Shirley Shi, Kerim Fouli, Muriel Medard, Vince Chook, 2019-09-09, This document describes a symbol representation for Random Linear Network Coding (RLNC) schemes used for reliable data transfer. Specifically, the following features are discussed and incorporated: both block RLNC and a sliding window RLNC, varying data frame sizes, and one or multiple symbols associated with a single symbol representation header. "IPv4+ The Extended Protocol Based On IPv4", ZiQiang Tang, 2019-07-31, This document specifies version 4+ of the Internet Protocol (IPv4+). IPv4 is very successful,simple and elegant. continuation and expansion of the IPv4 is necessary. Existing systems, devices only need to upgrade the software to support IPv4+, without the need to update new hardwares,saving investment costs. Ipv4+ is also an interstellar Protocol, so the Internet will evolve into a star Internet. "QUIC-LB: Generating Routable QUIC Connection IDs", Martin Duke, Nick Banks, 2019-11-04, QUIC connection IDs allow continuation of connections across address/ port 4-tuple changes, and can store routing information for stateless or low-state load balancers. They also can prevent linkability of connections across deliberate address migration through the use of protected communications between client and server. This creates issues for load-balancing intermediaries. This specification standardizes methods for encoding routing information and proposes an optional protocol called QUIC-LB to exchange the parameters of that encoding. This framework also enables offload of other QUIC functions to trusted intermediaries, given the explicit cooperation of the QUIC server. "IANA Registration of Trustword Lists: Guide, Template and IANA Considerations", Bernie Hoeneisen, Hernani Marques, 2019-07-08, This document specifies the IANA Registration Guidelines for Trustwords, describes corresponding registration procedures, and provides a guideline for creating Trustword list specifications. Trustwords are common words in a natural language (e.g., English), which hexadecimal strings are mapped to. Such a mapping makes verification processes like fingerprint comparisons more practical, and less prone to misunderstandings. "Generalized Network Control Automation YANG Model", Igor Bryskin, Xufeng Liu, Alexander Clemm, Henk Birkholz, Tianran Zhou, 2019-07-05, This document describes a YANG data model for the Generalized Network Control Automation (GNCA), aimed to define an abstract and uniform semantics for NETCONF/YANG scripts in the form of Event-Condition- Action (ECA) containers. "Information-centric Routing for Opportunistic Wireless Networks", Paulo Mendes, Rute Sofia, Vassilis Tsaoussidis, Carlos Borrego, 2019-09-12, This draft describes the Data reAchaBility BasEd Routing (DABBER) protocol, which has been developed to extend the reached of Named Data Networking based routing approaches to opportunistic wireless networks. By "opportunistic wireless networks" it is meant multi-hop wireless networks where finding an end-to-end path between any pair of nodes at any moment in time may be a challenge. The goal is to assist in better defining opportunities for the transmission of Interest packets towards the most suitable data source, based on metrics that provide information about: i) the availability of different data sources; ii) the availability and centrality of neighbor nodes; iii) the time lapse between forwarding Interest packets and receiving the corresponding data packets. The document presents an architectural overview of DABBER followed by specification options related to the dissemination of name-prefix information to support the computation of next hops, and the ranking of forwarding options based on the best set of neighbors to ensure a short time-to-completion. "Unified Identifier in IPv6 Segment Routing Networks", Weiqiang Cheng, Gregory Mirsky, Shaofu Peng, Liu Aihua, XiaoLan Wan, Cheng Wei, Shay, 2019-11-04, Segment Routing architecture leverages the paradigm of source routing. It can be realized in a network data plane by prepending the packet with a list of instructions, a.k.a. segments. A segment can be encoded as a Multi-Protocol Label Switching (MPLS) label, IPv4 address, or IPv6 address. Segment Routing can be applied in MPLS data plane by encoding segments in MPLS label stack. It also can be applied to IPv6 data plane by encoding a list of segment identifiers in IPv6 Segment Routing Extension Header (SRH). This document extends the use of the SRH to unified identifiers encoded as MPLS label or IPv4 address, to compress the SRH, and support support more detailed network programming and interworking between SR-MPLS and SRv6 domains. "Hybrid Two-Step Performance Measurement Method", Gregory Mirsky, Wang Lingqiang, Guo Zhui, 2019-10-08, Development of, and advancements in, automation of network operations brought new requirements for measurement methodology. Among them is the ability to collect instant network state as the packet being processed by the networking elements along its path through the domain. This document introduces a new hybrid measurement method, referred to as hybrid two-step, as it separates the act of measuring and/or calculating the performance metric from the act of collecting and transporting network state. "Synchronizing Internet Clock frequency protocol (sic)", Jose Alvarez-Hamelin, David Samaniego, Alfredo Ortega, Ruediger Geib, 2019-10-28, Synchronizing Internet Clock Frequency specifies a new secure method to synchronize difference clocks on the Internet, assuring smoothness (i.e., frequency stability) and robustness to man-in-the-middle attacks. In 90% of all cases, Synchronized Internet Clock Frequency is highly accurate, with a Maximum Time Interval Error less than 25 microseconds by a minute. Synchronized Internet Clock Frequency is based on a regular packet exchange and works with commodity terminal hardware. "Extension for Stateful PCE to allow Optional Processing of PCEP Objects.", Cheng Li, Haomian Zheng, Stephane Litkowski, 2019-07-07, This document introduces a mechanism to mark some Path Computation Element (PCE) Communication Protocol (PCEP) objects as optional during PCEP messages exchange for the Stateful PCE model to allow relaxing some constraints. "Hierarchy of IP Controllers (HIC)", Zhenbin Li, Dhruv Dhody, Huaimo Chen, 2019-07-08, This document describes the interactions between various IP controllers in a hierarchical fashion to provide various IP services. It describes how the Abstraction and Control of Traffic Engineered Networks (ACTN) framework is applied to the Hierarchy of IP controllers (HIC) as well as document the interactions with other protocols like BGP, Path Computation Element Communication Protocol (PCEP) to provide end to end dynamic services spanning multiple domains and controllers (e.g. Layer 3 Virtual Private Network (L3VPN), Seamless MPLS etc). "Optimized Service Function Chaining", Ramin Khalili, Zoran Despotovic, Artur Hecker, Debashish Purkayastha, Akbar Rahman, Dirk Trossen, 2019-08-30, This draft investigates possibilities to use so-called 'transport- derived service function forwarders' (tSFFs) that uses existing transport information for explicit service path information. The draft discusses two such possibilities, focusing on realization of efficient chaining over single transport networks. In the first one, the transport network is SDN-based. The second one introduces and explains a specific service request routing (SRR) function to support URL-level routing of service requests. "Multilinear Galois Mode (MGM)", Stanislav Smyshlyaev, Vladislav Nozdrunov, Vasily Shishkin, Smyshliaeva Ekaterina, 2019-12-12, Multilinear Galois Mode (MGM) is an authenticated encryption with associated data (AEAD) block cipher mode based on EtM principle. MGM is defined for use with 64-bit and 128-bit block ciphers. MGM has been standardized in Russia. It is used as an AEAD mode for the GOST block cipher algorithms in many protocols, e.g. TLS 1.3 and IPsec. This document provides a reference for MGM to enable review of the mechanisms in use and to make MGM available for use with any block cipher. "Using Identity as Raw Public Key in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", HAIGUANG Wang, Yanjiang Yang, Xin Kang, Zhaohui Cheng, 2019-10-10, This document specifies the use of identity as a raw public key in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The TLS protocol procedures are kept unchanged, but signature algorithms are extended to support Identity-based signature (IBS). A typical Identity-based signature algorithm, the ECCSI signature algorithm defined in RFC 6507, is supported in the current version. "Blockchain Transaction Protocol for Constraint Nodes", Pascal Urien, 2019-09-04, The goal of the blockchain transaction protocol for constraint nodes is to enable the generation of blockchain transactions by constraint nodes, according to the following principles: - transactions are triggered by Provisioning-Messages that include the needed blockchain parameters. - binary encoded transactions are returned in Transaction-Messages, which include sensors/actuators data. Constraint nodes, associated with blockchain addresses, compute the transaction signature. "Shared Brotli Compressed Data Format", Jyrki Alakuijala, Thai Duong, Evgenii Kliuchnikov, Robert Obryk, Zoltan Szabadka, Lode Vandevenne, 2019-08-21, This specification defines a data format for shared brotli compression, which adds support for shared dictionaries, large window, patching and a container format to brotli [RFC7932]. Shared dictionaries and large window support allow significant compression gains compared to regular brotli, and patching allows smaller patches of binary files. "BGP Link-State Extensions for BGP-only Fabric", Ketan Talaulikar, Clarence Filsfils, krishnaswamy ananthamurthy, Shawn Zandi, Gaurav Dawra, Muhammad Durrani, 2019-09-09, BGP is used as the only routing protocol in some networks today. In such networks, it is useful to get a detailed view of the nodes and underlying links in the topology along with their attributes similar to one available when using link state routing protocols. Such a view of a BGP-only fabric enables use cases like traffic engineering and forwarding of services along paths other than the BGP best path selection. This document defines extensions to the BGP Link-state address-family (BGP-LS) and the procedures for advertisement of the topology in a BGP-only network. It also describes a specific use-case for traffic engineering based on Segment Routing. "Coding for QUIC", Ian Swett, Marie-Jose Montpetit, Vincent Roca, Francois Michel, 2019-07-08, This document focuses on the integration of FEC coding in the QUIC transport protocol, in order to recover from packet losses. This document does not specify any FEC code but defines mechanisms to negotiate and integrate FEC Schemes in QUIC. By using proactive loss recovery, it is expected to improve QUIC performance in sessions impacted by packet losses. More precisely it is expected to improve QUIC performance with real-time sessions (since FEC coding makes packet loss recovery insensitive to the round trip time), with short sessions (since FEC coding can help recovering from tail losses more rapidely than through retransmissions), with multicast sessions (since the same repair packet can recover several different losses at several receivers), and with multipath sessions (since repair packets add diversity and flexibility). "Segment Routing for Enhanced VPN Service", Jie Dong, Stewart Bryant, Takuya Miyasaka, Yongqing Zhu, Fengwei Qin, Zhenqiang Li, 2019-10-16, Enhanced VPN (VPN+) is an enhancement to VPN services to enable it to support the needs of new applications, particularly applications that are associated with 5G services. These applications require better isolation from both control and data plane's perspective and have more stringent performance requirements than can be provided with overlay VPNs. The characteristics of an enhanced VPN as perceived by its tenant needs to be comparable to those of a dedicated private network. This requires tight integration between the overlay VPN and the underlay network topology and resources in a scalable manner. An enhanced VPN may form the underpinning of 5G network slicing, but will also be of use in its own right. This document describes how to use segment routing based mechanisms to provide the enhanced VPN service with the required network topology and resources. The overall mechanism of providing segment routing based enhanced VPN service is also described. The proposed mechanism is applicable to both segment routing with MPLS data plane (SR-MPLS) and segment routing with IPv6 data plane (SRv6). "A YANG Data Model for In-Situ OAM", Tianran Zhou, Jim Guichard, Frank Brockners, Srihari Raghavan, 2019-06-25, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in user packets while the packets traverse a path between two points in the network. This document defines a YANG module for the IOAM function. "Geneve encapsulation for In-situ OAM Data", Frank Brockners, Shwetha Bhandari, Vengada Govindan, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, Petr Lapukhov, Barak Gafni, Aviv Kfir, Mickey Spiegel, 2019-09-11, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document outlines how IOAM data fields are encapsulated in Geneve. "VXLAN-GPE Encapsulation for In-situ OAM Data", Frank Brockners, Shwetha Bhandari, Vengada Govindan, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, Aviv Kfir, Barak Gafni, Petr Lapukhov, Mickey Spiegel, 2019-11-04, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document outlines how IOAM data fields are encapsulated in VXLAN-GPE. "BGP Extended Community for Identifying the Target Node", Jie Dong, Shunwan Zhuang, Gunter Van de Velde, 2019-07-08, BGP has been used to distribute different types of routing and policy information in the network. In some cases, the information distributed may be only intended for one or several particular receiving BGP nodes in the network. However, BGP does not have a general mechanism for designating the receiving node of the routing information. This document defines a new type of BGP extended community called "Node Target". The mechanism of using the Node Target extended community to steer BGP route distribution to particular BGP nodes is specified. "EVPN All Active Usage Enhancement", Donald Eastlake, Zhenbin Li, Haibo Wang, 2019-07-23, A principal feature of EVPN is the ability to support multihoming from a customer equipment (CE) to multiple provider edge equipment (PE) active with all-active links. This draft specifies an improvement to load balancing such links. "Bidirectional Forwarding Detection (BFD) for Segment Routing Policies for Traffic Engineering", Zafar Ali, Ketan Talaulikar, Clarence Filsfils, Nagendra Kumar, Carlos Pignataro, 2019-10-30, Segment Routing (SR) allows a headend node to steer a packet flow along any path using a segment list which is referred to as a SR Policy. Intermediate per-flow states are eliminated thanks to source routing. The header of a packet steered in an SR Policy is augmented with the ordered list of segments associated with that SR Policy. Bidirectional Forwarding Detection (BFD) is used to monitor different kinds of paths between node. BFD mechanisms can be also used to monitor the availability of the path indicated by a SR Policy and to detect any failures. Seamless BFD (S-BFD) extensions provide a simplified mechanism which is suitable for monitoring of paths that are setup dynamically and on a large scale. This document describes the use of Seamless BFD (S-BFD) mechanism to monitor the SR Policies that are used for Traffic Engineering (TE) in SR deployments. "Multipath Extensions for QUIC (MP-QUIC)", Quentin Coninck, Olivier Bonaventure, 2019-08-29, This document specifies extensions to the QUIC protocol to enable, other than connection migration, simultaneous usage of multiple paths for a single connection. Those extensions remain compliant with the current single-path QUIC design. They allow devices to benefit from multiple network paths while preserving the privacy features of QUIC. "IPv6 Point-to-Point Links", Jordi Palet, 2019-11-04, This document describes different alternatives for configuring IPv6 point-to-point links, considering the prefix size, numbering choices and prefix pool to be used. "TLS/DTLS 1.3 Profiles for the Internet of Things", Hannes Tschofenig, Thomas Fossati, 2019-11-04, This document is a companion to RFC 7925 and defines TLS/DTLS 1.3 profiles for Internet of Things devices. "Service Function discovery in fog environments", Carlos Bernardos, Alain Mourad, 2019-09-07, Service function chaining (SFC) allows the instantiation of an ordered set of service functions and subsequent "steering" of traffic through them. Service functions provide an specific treatment of received packets, therefore they need to be known so they can be used in a given service composition via SFC. This document discusses the need for service function discovery mechanisms and propose some solutions for sfc-aware nodes to discover available service functions in fog environments. "EVPN VXLAN Bypass VTEP", Donald Eastlake, Zhenbin Li, Shunwan Zhuang, 2019-11-04, A principal feature of EVPN is the ability to support multihoming from a customer equipment (CE) to multiple provider edge equipment (PE) with all-active links. This draft specifies a mechanism to simplify PEs used with VXLAN tunnels and enhance VXLAN Active-Active reliability. "BGP EVPN Flood Traffic Optimization at EVPN Gateways", satyamoh@cisco.com, Mrinmoy Ghosh, Ali Sajassi, Sandy Breeze, Jim Uttaro, 2019-11-02, In EVPN, the Broadcast, Unknown Unicast and Multicast (BUM) traffic is sent to all the routers participating in the EVPN instance. In a multi-homing scenario, when more than one PEs share the same Ethernet Segment, i.e. there are more than one PEs in a redundancy group, only the PE that is the Designated-Forwarder (DF) for the ES will forward that packet on the access interface whereas all non-DF PEs will drop the packet. In deployments such as EVPN Gateways (EVPN GW) or Data Center Interconnect (DCI) routers, this can be quite wasteful. This is especially true if there are significantly more EVPN GW or DCI PEs all participating in the same sets of ES and vES. This draft explores the problem and provides solutions for the same. "Origin Validation Policy Considerations for Dropping Invalid Routes", Kotikalapudi Sriram, Oliver Borchert, Doug Montgomery, 2019-10-22, Deployment of Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs) is expected to occur gradually over several or many years. During the incremental deployment period, network operators would wish to have a meaningful policy for dropping Invalid routes. Their goal is to balance (A) dropping Invalid routes so hijacked routes can be eliminated, versus (B) tolerance for missing or erroneously created ROAs for customer prefixes. This document considers a Drop Invalid if Still Routable (DISR) policy that is based on these considerations. The key principle of DISR policy is that an Invalid route can be dropped if a Valid or NotFound route exists for a subsuming less specific prefix. "Traffic Accounting in Segment Routing Networks", Zafar Ali, Clarence Filsfils, Ketan Talaulikar, Siva Sivabalan, Martin Horneffer, Robert Raszuk, Stephane Litkowski, Daniel Voyer, 2019-08-08, Capacity planning is the continuous art of forecasting traffic load and failures to evolve the network topology, its capacity, and its routing to meet a defined Service-Level Agreement (SLA). This document takes a holistic view of network capacity planning and identifies the role of traffic accounting in network operation and capacity planning, without creating any additional states in the SR fabric. "OAuth 2.0 Assisted Token", Jacob Ideskog, Travis Spencer, 2019-11-24, This document extends the OAuth 2.0 framework to include an additional authorization flow for single page applications called the assisted token flow. It enables OAuth clients written in scripting languages, like JavaScript, to request user authorization using a simplified method compared to other flows. Communication does not rely on redirection of the user agent, but instead leverages HTML's iframe element, child windows, and the postMessage interface. This communication is done using an additional endpoint, the assisted token endpoint. "Optional Security Is Not An Option", Brian Trammell, 2019-10-17, This document explores the common properties of optional security protocols and extensions, and notes that due to the base-rate fallacy and general issues with coordinated deployment of protocols under uncertain incentives, optional security protocols have proven difficult to deploy in practice. This document defines the problem, examines efforts to add optional security for routing, naming, and end-to-end transport, and extracts guidelines for future efforts to deploy optional security protocols based on successes and failures to date. "Comparative Analysis of MTU overhead in the context of SPRING", Darren Dukes, Clarence Filsfils, Pablo Camarillo, 2019-07-08, This document provides an apples-to-apples comparative analysis of MTU overhead in the context of SPRING. "In-situ OAM raw data export with IPFIX", Mickey Spiegel, Frank Brockners, Shwetha Bhandari, Ramesh Sivakolundu, 2019-07-08, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document discusses how In-situ Operations, Administration, and Maintenance (IOAM) information can be exported in raw, i.e. uninterpreted, format from network devices to systems, such as monitoring or analytics systems using IPFIX. "The Delegation_Only DNSKEY flag", Paul Wouters, Wes Hardaker, 2019-11-04, This document introduces a new DNSKEY flag called DELEGATION_ONLY that indicates that the particular zone will never sign zone data across a label. That is, every label (dot) underneath is considered a zone cut and must have its own (signed) delegation. Additionally, it indicates the zone is expecting its parent to never bypass or override the zone. DNSSEC Validating Resolvers can use this bit to mark any data that violates the DELEGATION_ONLY policy as BOGUS. "ICANN Registrar Interfaces", Gustavo Lozano, Eduardo Alvarez, 2019-09-23, This document describes the interfaces provided by ICANN to Registrars and Data Escrow Agents in order to fulfill the data escrow requirements of the Registrar Accreditation Agreement and the Registrar Data Escrow Specifications. "Extending the Opening of Files in NFSv4.2", Thomas Haynes, Trond Myklebust, 2019-07-25, The Network File System v4 (NFSv4) allows a client to both open a file and be granted a delegation of that file. This provides the client the right to cache metadata on the file locally. This document presents several refinements to both the opening and delegating of the file to the client. "DHCP Options for 0-RTT TCP Converters", Mohamed Boucadair, Christian Jacquenet, Tirumaleswar Reddy.K, 2019-10-07, Because of the lack of important TCP extensions, e.g., Multipath TCP support at the server side, some service providers now consider a network-assisted model that relies upon the activation of a dedicated function called Transport Converters. For example, network-assisted Multipath TCP deployment models are designed to facilitate the adoption of Multipath TCP for the establishment of multi-path communications without making any assumption about the support of Multipath TCP by the remote servers. Transport Converters located in the network are responsible for establishing multi-path communications on behalf of endpoints, thereby taking advantage of Multipath TCP capabilities to achieve different goals that include (but are not limited to) optimization of resource usage (e.g., bandwidth aggregation), of resiliency (e.g., primary/backup communication paths), and traffic offload management. This document focuses on the explicit deployment scheme where the identity of the Transport Converters is explicitly configured on connected hosts. This document specifies DHCP (IPv4 and IPv6) options to configure hosts with Converters parameters. "Signed HTTP Exchanges Implementation Checkpoints", Jeffrey Yasskin, Kouhei Ueno, 2019-07-25, This document describes checkpoints of draft-yasskin-http-origin- signed-responses to synchronize implementation between clients, intermediates, and publishers. Note to Readers Discussion of this draft takes place on the HTTP working group mailing list (ietf-http-wg@w3.org), which is archived at https://lists.w3.org/Archives/Public/ietf-http-wg/ [1]. The source code and issues list for this draft can be found in https://github.com/WICG/webpackage [2]. "Optimization of RWA Problem through OSNR", Shan Yin, Shanguo Huang, Shuang Zhou, Xiangkai Meng, Rong Ma, 2019-11-21, This documentary provides a kind of routing optimization method. In the basic of RWA solution method, both the output power of the route and the OSNR value of the optical signal noise ratio are considered. The selected optimal route has a lower bit error rate and the whole communication network performance is improved. "OSPF Flooding Reduction in Massively Scale Data Centers (MSDCs)", Xiaohu Xu, Luyuan Fang, Jeff Tantsura, Shaowen Ma, 2019-10-14, OSPF is one of the used underlay routing protocol for MSDC (Massively Scalable Data Center) networks. For a given OSPF router within the CLOS topology, it would receive multiple copies of exactly the same LSA from multiple OSPF neighbors. In addition, two OSPF neighbors may send each other the same LSA simultaneously. The unnecessary link-state information flooding wastes the precious process resource of OSPF routers greatly due to the presence of too many OSPF neighbors for each OSPF router within the CLOS topology. This document proposes extensions to OSPF so as to reduce the OSPF flooding within such MSDC networks. The reduction of the OSPF flooding is much beneficial to improve the scalability of MSDC networks. These modifications are applicable to both OSPFv2 and OSPFv3. "DLEP IEEE 802.1Q Aware Credit Window Extension", David Wiggins, Lou Berger, 2019-11-19, This document defines an extension to the Dynamic Link Exchange Protocol (DLEP) that enables a Ethernet IEEE 802.1Q aware credit- window scheme for destination-specific and shared flow control. "JSON Canonicalization Scheme (JCS)", Anders Rundgren, Bret Jordan, Samuel Erdtman, 2019-12-12, Cryptographic operations like hashing and signing need the data to be expressed in an invariant format so that the operations are reliably repeatable. One way to address this is to create a canonical representation of the data. Canonicalization also permits data to be exchanged in its original form on the "wire" while cryptographic operations performed on the canonicalized counterpart of the data in the producer and consumer end points, generate consistent results. This document describes the JSON Canonicalization Scheme (JCS). The JCS specification defines how to create a canonical representation of JSON data by building on the strict serialization methods for JSON primitives defined by ECMAScript, constraining JSON data to the I-JSON subset, and by using deterministic property sorting. "SR Policy Implementation and Deployment Considerations", Clarence Filsfils, Ketan Talaulikar, Przemyslaw Krol, Martin Horneffer, Paul Mattes, 2019-10-09, Segment Routing (SR) allows a headend node to steer a packet flow along any path. Intermediate per-flow states are eliminated thanks to source routing. SR Policy framework enables the instantiation and the management of necessary state on the headend node for flows along a source routed paths using an ordered list of segments associated with their specific SR Policies. This document describes some of the implementation and deployment aspects that are useful for operationalizing the SR Policy architecture. "RSCA method with Dividing Frequency Slots Area in Space Division Multiplexing Elastic Optical Networks", Shanguo Huang, Shan Yin, Shuang Zhou, 2019-11-21, This documentary provides a routing, spectrum and core assignment method with the dividing frequency slots area for space division multiplexing elastic optical networks. This effective RSCA method to solve this problem better. The proposed method utilizes the Frequency Slots Area (FSA) concept and first-last fit policy of frequency slots assignment to have less spectrum fragments, lower crosstalk, smaller traffic blocking probability and higher spectrum resource utilization. "IMAP Service Extension for Client Identity", Deion Yu, 2019-11-19, This document defines an Internet Message Access Protocol (IMAP) service extension called "CLIENTID" which provides a method for clients to indicate an identity to the server. This identity is an additional token that may be used for security and/or informational purposes, and with it a server may optionally apply heuristics using this token. "Large-Scale Deterministic IP Network", Li Qiang, Xuesong Geng, Bingyang Liu, Toerless Eckert, Liang Geng, Guangpeng Li, 2019-09-02, This document presents the overall framework and key method for Large-scale Deterministic Network (LDN). LDN can provide bounded latency and delay variation (jitter) without requiring precise time synchronization among nodes, or per-flow state in transit nodes. "Segment routing for SDWAN paths over hybrid networks", Linda Dunbar, Mehmet Toy, 2019-11-04, This document describes a method for end-to-end (E2E) SDWAN paths to traverse specific list of underlay network segments, some of which can be private networks which include SR enabled segments, some of which can be the public IP networks that do not support SR, to achieve the desired optimal E2E quality. The method described in this draft uses the principle of segment routing to enforce a SDWAN path's head-end selected route traversing through a list of specific nodes of multiple network segments without requiring the nodes in each network segment to have the intelligence (or maintaining states) of selecting next hop or next domain. "Request for Comments", Brian Carpenter, 2019-06-19, This document discusses the Internet technical community's common document series and why its independence, and the professional status of the RFC Series Editor, must be stoutly defended. "Hybrid Information-Centric Networking", Luca Muscariello, Giovanna Carofiglio, Jordan Auge, Michele Papalini, 2019-10-30, This document describes the hybrid information-centric networking (hICN) architecture for IPv6. The specifications describe a way to implement information-networking functionalities into IPv6. The objective is to use IPv6 without creating overlays with a new packet format as an additional encapsulation. The intent of the present design is to introduce some IPv6 routers in the network with additional packet processing operations to implement ICN functions. Moreover, the current design is tightly integrated into IPv6 to allow easy interconnection to IPv6 networks with the additional design objective to exploit existing IPv6 protocols as much as possible as they are, or extend them where needed. "General Security Considerations for Cryptoassets Custodians", Masashi Sato, Masaki Shimaoka, Hirotaka Nakajima, 2019-11-04, This document discusses the technical and operational risks of cryptoassets custodians and its security controls to avoid the unintended transactions for its customers. "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.2", Stanislav Smyshlyaev, Dmitry Belyavsky, Markku-Juhani Saarinen, 2019-11-28, This document specifies a set of cipher suites for the Transport Layer Security (TLS) protocol Version 1.2 to support the Russian cryptographic standard algorithms. "Limited Domains and Internet Protocols", Brian Carpenter, Bing Liu, 2019-11-30, There is a noticeable trend towards network requirements, behaviours and semantics that are specific to a particular set of requirements applied within a limited region of the Internet. Policies, default parameters, the options supported, the style of network management and security requirements may vary between such limited regions. This document reviews examples of such limited domains (also known as controlled environments), notes emerging solutions, and includes a related taxonomy. It then briefly discusses the standardization of protocols for limited domains. Finally, it shows the needs for a precise definition of "limited domain membership" and for mechanisms to allow nodes to join a domain securely and to find other members, including boundary nodes. This document is the product of the research of the authors. It has been produced through discussions and consultation within the IETF, but is not the product of IETF conensus. "The Per-Path Service Instruction (PPSI) Option", Ron Bonica, Yuji Kamite, Luay Jalil, Chris Lenart, Ning So, Fengman Xu, Greg Presbury, Gang Chen, Yongqing Zhu, Yifeng Zhou, 2019-11-20, SRm6 encodes Per-Path Service Instructions (PPSI) in a new IPv6 option, called the PPSI Option. This document describes the PPSI Option. "A Massive Data Migration Framework", Can Yang, Yu Pan, Cong Chen, Ge Chen, Yukai Wei, 2019-11-26, This document describes a standardized framework for implementing the massive data migration between traditional databases and big-data platforms on the cloud via Internet, especially for an instance of Hadoop data architecture. The main goal of the framework is to provide more concise and friendly interfaces for users more easily and quickly migrate the massive data from a relational database to a distributed platform for a variety of requirements, in order to make full use of distributed storage resource and distributed computing capability to solve the bottleneck problems of both storage and computing performance in traditional enterprise-level applications. This document covers the fundamental architecture, data elements specification, operations, and interface related to massive data migration. "Bundled HTTP Exchanges", Jeffrey Yasskin, 2019-09-26, Bundled exchanges provide a way to bundle up groups of HTTP request+response pairs to transmit or store them together. They can include multiple top-level resources with one identified as the default by a manifest, provide random access to their component exchanges, and efficiently store 8-bit resources. "DNS Web Service Discovery", Phillip Hallam-Baker, 2019-10-23, This document describes a standardized approach to discovering Web Service Endpoints from a DNS name. Services are advertised using the DNS SRV and TXT records and the HTTP Well Known Service conventions. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-web-service- discovery.html [1] . "BGP FlowSpec Payload Matching", Anurag Khare, John Scudder, Luay Jalil, Michael Gallagher, Kirill Kasavchenko, 2019-12-07, The rise in frequency, volume, and pernicious effects of DDoS attacks has elevated them from fare for the specialist to generalist press. Numerous reports detail the taxonomy of DDoS types, the varying motivations of their attackers, as well as the resulting business and reputation loss of their targets. BGP FlowSpec (RFC 5575, "Dissemination of Flow Specification Rules") can be used to rapidly disseminate filters that thwart attacks, being particularly effective against the volumetric type. Operators can use existing FlowSpec components to match on pre-defined packet header fields. However recent enhancements to forwarding plane filter implementations allow matches at arbitary locations within the packet header and, to some extent, the payload. This capability can be used to detect highly amplified attacks whose attack signature remains relatively constant while values in the packet header vary, as well as the burgeoning variety of tunneled traffic. We define a new FlowSpec component, "Flexible Match Conditions", with similar matching semantics to those of existing components. This component will allow the operator to define bounded match conditions using bit offsets and a variety of match types. "PCEP extension to support Segment Routing Policy Candidate Paths", Mike Koldychev, Siva Sivabalan, Colby Barth, Cheng Li, Hooman Bidgoli, 2019-10-30, This document introduces a mechanism to specify a Segment Routing (SR) policy, as a collection of SR candidate paths. An SR policy is identified by tuple. An SR policy can contain one or more candidate paths where each candidate path is identified in PCEP via an PLSP-ID. This document proposes extension to PCEP to support association among candidate paths of a given SR policy. The mechanism proposed in this document is applicable to both MPLS and IPv6 data planes of SR. "Preferred Path Routing (PPR) in IS-IS", Uma Chunduri, Renwei Li, Russ White, Jeff Tantsura, Luis Contreras, Yingzhen Qu, 2019-07-08, This document specifies Preferred Path Routing (PPR), a routing protocol extension to simplify the path description on the packet for Segment Routing (SR) deployments and beyond. PPR aims to mitigate the MTU and data plane processing issues that may result from SR packet overhead; and also supports further extensions along the paths. "Anchorless mobility management through hICN (hICN-AMM): Deployment options", Jordan Auge, Giovanna Carofiglio, Luca Muscariello, Michele Papalini, 2019-07-05, A novel mobility management approach is described in [I-D.auge-dmm-hicn-mobility], that leverages routable location- independent identifiers (IDs) and an Information-Centric Networking (ICN) communication model integrated in IPv6, also referred to as Hybrid ICN (hICN) [I-D.muscariello-intarea-hicn]. Such approach belongs to the category of pure ID-based mobility management schemes whose objective is (i) to overcome the limitations of traditional locator-based solutions like Mobile IP, (ii) to remove the need for a global mapping system as the one required by locator- identifier separation solutions like LISP [I-D.ietf-lisp-introduction] or ILA [I-D.herbert-intarea-ila]. ID-based networking as proposed by ICN architectures allows to disentangle forwarding operations from changes of network location, hence removing tunnels and user plane or control plane anchors. In virtue of its anchorless property, we denote this approach as hICN- AMM (hICN Anchorless Mobility Management) hereinafter. This document discusses hICN-AMM deployment options and related tradeoffs in terms of cost/benefits. Particular attention is devoted to the insertion in the recently proposed 5G Service Based Architecture under study at 3GPP where an hICN-AMM solution might present a more efficient alternative to the traditional tunnel-based mobility architecture through GTP-U. "PIM Backup Designated Router Procedure", mankamana mishra, Joseph Goh, Gyan Mishra, 2019-10-24, On a multi-access network, one of the PIM routers is elected as a Designated Router (DR). On the last hop LAN, the PIM DR is responsible for tracking local multicast listeners and forwarding traffic to these listeners if the group is operating in PIM-SM. In this document, we propose a mechanism to elect backup DR on a shared LAN. A backup DR on LAN would be useful for faster convergence. This draft introduces the concept of a Backup Designated Router (BDR) and the procedure to implement it. "PCE Controlled ID Space", Cheng Li, Mach Chen, Jie Dong, Zhenbin Li, Aijun Wang, Weiqiang Cheng, Chao Zhou, 2019-06-27, The Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Clients (PCCs) requests. The Stateful PCE extensions allow stateful control of Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Label Switched Paths (LSPs) using PCEP. Furthermore, PCEP can be used for computing paths in SR networks. Stateful PCE provide active control of MPLS-TE LSPs via PCEP, for a model where the PCC delegates control over one or more locally configured LSPs to the PCE. Further, stateful PCE could also create and delete PCE-initiated LSPs itself. A PCE-based central controller (PCECC) simplify the processing of a distributed control plane by integrating with elements of Software-Defined Networking (SDN). In some use cases, such as PCECC or Binding Segment Identifier (SID) for Segment Routing (SR), there are requirements for a stateful PCE to make allocation of labels, SIDs, etc. These use cases require PCE aware of various identifier spaces where to make allocations on behalf of PCC. This document describes a mechanism for PCC to inform the PCE of the identifier space under its control via PCEP. The identifier could be MPLS label, SID or any other to-be-defined identifier to be allocated by a PCE. "Anchorless mobility through hICN", Jordan Auge, Giovanna Carofiglio, Luca Muscariello, Michele Papalini, 2019-07-05, This document first discusses the use of locators and identifiers in mobility management architectures, and their implication on various anchorless properties. A new architecture is then proposed that is purely based on identifiers, and more specifically names as defined in Hybrid-ICN (hICN) [I-D.muscariello-intarea-hicn]. The document then focuses on two main cases: the end-point sends data (data producer) or the end-point receives data (data consumer). These two cases are taken into account entirely to provide anchorless mobility management in hICN. "IGP Extensions for Segment Routing based Enhanced VPN", Jie Dong, Zhibo Hu, Stewart Bryant, 2019-11-04, Enhanced VPN (VPN+) is an enhancement to VPN services to support the needs of new applications, particularly including the applications that are associated with 5G services. These applications require better isolation and have more stringent performance requirements than that can be provided with traditional overlay VPNs. An enhanced VPN may be used for 5G transport network slicing, and will also be of use in more generic scenarios. This document specifies the IGP mechanisms with necessary extensions to build a set of Segment Routing (SR) based virtual networks with customized topology and resource attributes in the network. These virtual networks could be used as the underlay of enhanced VPN service. The proposed mechanism is applicable to both Segment Routing with MPLS data plane (SR-MPLS) and segment routing with IPv6 data plane (SRv6). "PCEP Extensions for Associated Bidirectional Segment Routing (SR) Paths", Cheng Li, Mach Chen, Weiqiang Cheng, Zhenbin Li, Jie Dong, Rakesh Gandhi, Quan Xiong, 2019-08-19, The Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Clients (PCCs) requests. The Stateful PCE extensions allow stateful control of Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Label Switched Paths (LSPs) using PCEP. Furthermore, PCEP can be used for computing paths in Segment Routing (SR) TE networks. This document defines PCEP extensions for grouping two reverse unidirectional SR Paths into an Associated Bidirectional SR Path when using a Stateful PCE for both PCE-Initiated and PCC-Initiated LSPs as well as when using a Stateless PCE. "Rights for restricted content", Lutz Donnerhacke, 2019-09-07, Links are omnipresent in the Internet to provide access to other resources. There is no mechanism to express differences in law systems, access limitations, or arbitrary rules defined by the owner of the linked resource. Therefore links do depend on and enforce a communist sharing ideology, which ignores the content owner rights. Links may point to resources far away from the originating page, hiding this fact from the customer. It takes the data transport services for free, internet transit providers on the way from the content source to the customers are not extra payed for this effort. In many cases, the remote company generates huge amount of money from the customers worldwide not shared with the transit providers. In order to get the rights of all involved parties balanced, a new type of connection initiation is proposed: The Right. "Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) Schemes for QUIC", Vincent Roca, Francois Michel, Ian Swett, Marie-Jose Montpetit, 2019-11-04, This document specifies Sliding Window Random Linear Code (RLC) Forward Erasure Correction (FEC) Schemes for the QUIC transport protocol, in order to recover from packet losses. "Origin Validation Signaling", Randy Bush, Keyur Patel, 2019-07-02, Within a trust boundary, e.g. an operator's PoP, it may be useful to have only a few central devices do full Origin Validation using the Resource Public Key Infrastructure, and be able to signal to an internal sender that a received route fails Origin Validation. E.g. route reflectors could perform Origin Validation for a cluster and signal back to a sending client that it sent an invalid route. Routers capable of sending and receiving this signal can use the extended community described in [RFC8097]. "A YANG Data Model for SD-WAN Service Delivery", Qiong Sun, Honglei Xu, Wu Bo, Qin WU, Charles Eckel, 2019-07-03, This document provides a YANG data model for an SD-WAN service. An SD-WAN service is a connectivity service offered by a service provider network to provide connectivity across different locations of a customer network or between a customer network and an external network, such as the Internet or a private/public cloud network. This connectivity is provided as an overlay constructed using one of more underlay networks. The model can be used by a service orchestrator of a service provider to request, configure, and manage the components of an SD-WAN service. "YANG Data Model for Preferred Path Routing", Yingzhen Qu, Uma Chunduri, Jeff Tantsura, 2019-07-07, This document defines YANG data modules for preferred path routing ([I-D.chunduri-lsr-isis-preferred-path-routing], [I-D.chunduri-lsr-ospf-preferred-path-routing]) configuration and operation. The YANG modules are intended to be used on network elements to manage the configurations and operations of preferred path routing. "Identification of Overlay Operations, Administration, and Maintenance (OAM)", Gregory Mirsky, 2019-08-27, This document analyzes how the presence of Operations, Administration, and Maintenance (OAM) control command and/or special data is identified in some overlay networks and an impact on the choice of identification may have on OAM functionality. "TLS 1.3 Authentication and Integrity only Ciphersuites", Nancy Cam-Winget, Jack Visoky, 2019-07-08, There are use cases, specifically in Internet of Things (IoT) and constrained environments that do not require confidentiality, though mutual authentication during tunnel establishment and message integrity is still mandated. This document defines the use of HMAC only as ciphersuites in TLS 1.3. "TEAP Update and Extensions for Bootstrapping", Eliot Lear, Owen Friel, Nancy Cam-Winget, Dan Harkins, 2019-11-03, In certain environments, in order for a device to establish any layer three communications, it is necessary for that device to be properly credentialed. This is a relatively easy problem to solve when a device is associated with a human being and has both input and display functions. It is less easy when the human, input, and display functions are not present. To address this case, this memo specifies extensions to the Tunnel Extensible Authentication Protocol (TEAP) method that leverages Bootstrapping Remote Secure Key Infrastructures (BRSKI) in order to provide a credential to a device at layer two. The basis of this work is that a manufacturer will introduce the device and the local deployment through cryptographic means. In this sense the same trust model as BRSKI is used. "Asymmetric Manifest Based Integrity", Jake Holland, Kyle Rose, 2019-09-26, This document defines Asymmetric Manifest-Based Integrity (AMBI). AMBI allows each receiver or forwarder of a stream of multicast packets to check the integrity of the contents of each packet in the data stream. AMBI operates by passing cryptographically verifiable hashes of the data packets inside manifest messages, and sending the manifests over authenticated out-of-band communication channels. "pretty Easy privacy (pEp): Contact and Channel Authentication through Handshake", Hernani Marques, Bernie Hoeneisen, 2019-07-07, In interpersonal messaging end-to-end encryption means for public key distribution and verification of its authenticity are needed; the latter to prevent man-in-the-middle (MITM) attacks. This document proposes a new method to easily verify a public key is authentic by a Handshake process that allows users to easily authenticate their communication channel. The new method is targeted to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp). "LISP Data-Plane Telemetry", Dino Farinacci, Said Ouissal, Erik Nordmark, 2019-06-26, This draft specs a JSON formatted RLOC-record for telemetry data which decapsulating xTRs include in RLOC-probe Map Reply messages. "BGP-LS Extensions for Advertising Path MTU", Yongqing Zhu, Zhibo Hu, Gang Yan, Junda Yao, 2019-07-03, BGP Link State (BGP-LS) describes a mechanism by which link-state and TE information can be collected from networks and shared with external components using the BGP routing protocol. The centralized controller (PCE/SDN) completes the service path calculation based on the information transmitted by the BGP-LS and delivers the result to the Path Computation Client (PCC) through the PCEP or BGP protocol. Segment Routing (SR) leverages the source routing paradigm, which can be directly applied to the MPLS architecture with no change on the forwarding plane and applied to the IPv6 architecture, with a new type of routing header, called SRH. The SR uses the IGP protocol as the control protocol. Compared to the MPLS tunneling technology, the SR does not require additional signaling. Therefore, the SR does not support the negotiation of the Path MTU. Since Multiple labels or SRv6 SIDs are pushed in the packets, it is more likely that the packet size exceeds the path mtu of SR tunnel. This document specify the extension to BGP Link State (BGP-LS) to carry maximum transmission unit (MTU) messages of link. The PCE/SDN calculates the Path MTU while completing the service path calculation based on the information transmitted by the BGP-LS. "Segment Routing Path MTU in BGP", Cheng Li, Yongqing Zhu, Ahmed El Sawaf, Zhenbin Li, 2019-11-03, Segment Routing is a source routing paradigm that explicitly indicates the forwarding path for packets at the ingress node. An SR policy is a set of candidate SR paths consisting of one or more segment lists with necessary path attributes. However, the path maximum transmission unit (MTU) information for SR path is not available in the SR policy since the SR does not require signaling. This document defines extensions to BGP to distribute path MTU information within SR policies. "Monitoring BGP Parameters Using BMP", Shunwan Zhuang, Yunan Gu, Haibo Wang, 2019-11-04, The BGP Monitoring Protocol (BMP) [RFC7854] is designed to monitor BGP [RFC4271] running status, such as BGP peer relationship establishment and termination and route updates. Without BMP, manual query is required if you want to know about BGP running status. This document provides the use cases that the BMP station can get the optional parameters that are supported by the monitored network device and default configure parameters of the monitored network device via BMP. "Control-Plane and User-Plane Separation BNG Simple Control Channel Protocol (S-CUSP)", Shujun Hu, Donald Eastlake, Mach Chen, Fengwei Qin, Zhenqiang Li, Tee Chua, Daniel Huang, 2019-07-03, This document specifies the Simple Control Plane (CP) and User Plane (UP) Separation Broadband Network Gateway (BNG) control channel Protocol (S-CUSP) for communications between a CP and a UP. S-CUSP is designed to be flexible and extensible so as to easily allow for the addition of further messages and data items to meet future requirements. "Security Policy Translation in Interface to Network Security Functions", Jaehoon Jeong, Jinhyuk Yang, Chaehong Chung, Jinyong Kim, 2019-11-04, This document proposes a scheme of security policy translation (i.e., Security Policy Translator) in Interface to Network Security Functions (I2NSF) Framework. When I2NSF User delivers a high-level security policy for a security service, Security Policy Translator in Security Controller translates it into a low-level security policy for Network Security Functions (NSFs). For this security policy translation, this document specifies the mapping between a high-level security policy based on the Consumer-Facing Interface YANG data model and a low-level security policy based on the NSF-Facing Interface YANG data model. Also, it describes an architecture of a security policy translator along with an NSF database, and the process of security policy translation with the NSF database. "Requirements of Layer 3 Deterministic Latency Service", Liang Geng, Peter Willis, Shunsuke Homma, Li Qiang, 2019-07-07, This document specifies some technical, operational and management requirements of deploying deterministic latency service on layer 3 networks from the perspective of the service provider. "Design Discussion of Route Leaks Solution Methods", Kotikalapudi Sriram, 2019-08-05, This document captures the design rationale of the route leaks solution document (see draft-ietf-idr-route-leak-detection- mitigation, draft-ietf-grow-route-leak-detection-mitigation). The designers needed to balance many competing factors, and this document provides insights into the design questions and their resolution. "LURK Extension version 1 for (D)TLS 1.3 Authentication", Daniel Migault, 2019-07-22, This document describes the LURK Extension 'tls13' which enables interactions between a LURK Client and a LURK Server in a context of authentication with (D)TLS 1.3. "pretty Easy privacy (pEp): Mapping of Privacy Rating", Hernani Marques, Bernie Hoeneisen, 2019-07-07, In many Opportunistic Security scenarios end-to-end encryption is automatized for Internet users. In addition, it is often required to provide the users with easy means to carry out authentication. Depending on several factors, each communication channel to different peers may have a different Privacy Status, e.g., unencrypted, encrypted and encrypted as well as authenticated. Even each message from/to a single peer may have a different Privacy Status. To display the actual Privacy Status to the user, this document defines a Privacy Rating scheme and its mapping to a traffic-light semantics. A Privacy Status is defined on a per-message basis as well as on a per-identity basis. The traffic-light semantics (as color rating) allows for a clear and easily understandable presentation to the user in order to optimize the User Experience (UX). This rating system is most beneficial to Opportunistic Security scenarios and is already implemented in several applications of pretty Easy privacy (pEp). "Resource Reservation Protocol for IP Transport QoS", Lin Han, Yingzhen Qu, Lijun Dong, Renwei Li, Thomas Nadeau, Kevin Smith, Jeff Tantsura, 2019-10-15, IP is designed for use in Best Effort Networks, which are networks that provide no guarantee that data is delivered, or that delivery meets any specified quality of service parameters. However there are new applications requiring IP to provide deterministic services in terms of bandwidth and latency, such as network based AR/VR (Augmented Reality and Virtual Reality), industrial internet. This document proposes a solution in IPv6 that can be used by transport layer protocols to guarantee certain level of service quality. This new service is fined-grained and could apply to individual or aggregated TCP/UDP flow(s). "Node Protection for RSVP-TE tunnels on a shared MPLS forwarding plane", Chandrasekar R, Vishnu Beeram, Harish Sitaraman, 2019-07-08, Segment Routed RSVP-TE tunnels provide the ability to use a shared MPLS forwarding plane at every hop of the Label Switched Path (LSP). The shared forwarding plane is realized with the use of 'Traffic Engineering (TE) link labels' that get shared by LSPs traversing these TE links. This paradigm helps significantly reduce the forwarding plane state required to support a large number of LSPs on a Label Switching Router (LSR). These tunnels require the ingress Label Edge Router (LER) to impose a stack of labels. If the ingress LER cannot impose the full label stack, it can use the assistance of one or more delegation hops along the path of the LSP to impose parts of the label stack. The procedures for a Point of Local Repair (PLR) to provide local protection against link failures using facility backup for Segment Routed RSVP-TE tunnels are well defined and do not require specific protocol extensions. This document defines the procedures for a PLR to provide local protection against transit node failures using facility backup for these tunnels. The procedures defined in this document include protection against delegation hop failures. "Concise Identities", Henk Birkholz, Carsten Bormann, Max Pritikin, Robert Moskowitz, 2019-07-05, There is an increased demand of trustworthy claim sets -- a set of system entity characteristics tied to an entity via signatures -- in order to provide information. Claim sets represented via CBOR Web Tokens (CWT) can compose a variety of evidence suitable for constrained-node networks and to support secure device automation. This document focuses on sets of identifiers and attributes that are tied to a system entity and are typically used to compose identities appropriate for Constrained RESTful Environment (CoRE) authentication needs. "LISP Control Plane for SRv6 Endpoint Mobility", Alberto Rodriguez-Natal, Vina Ermagan, Fabio Maino, Darren Dukes, Pablo Camarillo, Clarence Filsfils, 2019-07-23, This document describes the use of the LISP Control Plane to support endpoint mobility and Location/ID separation in Segment Routing v6 (SRv6) deployments. "Building blocks for Slicing in Segment Routing Network", Zafar Ali, Clarence Filsfils, Pablo Camarillo, Daniel Voyer, 2019-11-03, This document describes how to build network slice using the Segment Routing based technology. It explains how the existing building blocks specified for the Segment Routing can be used for this purpose. "Fast-Slow Retransmission Timeout and Congestion Control Algorithm for CoAP", Ilpo Jarvinen, Markku Kojo, Iivo Raitahila, Zhen Cao, 2019-07-06, This document specifies an alternative retransmission timeout and congestion control back off algorithm for the CoAP protocol, called Fast-Slow RTO (FASOR). The algorithm specified in this document employs an appropriate and large enough back off of Retransmission Timeout (RTO) as the major congestion control mechanism to allow acquiring unambiguous RTT samples with high probability and to prevent building a persistent queue when retransmitting. The algorithm also aims to retransmit quickly using an accurately managed retransmission timeout when link- errors are occuring, basing RTO calculation on unambiguous round-trip time (RTT) samples. "Terminology for Cryptoassets", Hirotaka Nakajima, Masanori Kusunoki, Keiichi Hida, Yuji Suga, Tatsuya Hayashi, 2019-07-01, This document provides terminology used in cryptoassets. "A YANG Data Model for Network Bridge Management", Vladimir Vassilev, 2019-07-05, This document introduces new YANG model of a network bridge. "Flexible Session Protocol", Jun-an, Gao, 2019-10-17, FSP is a connection-oriented transport layer protocol that provides mobility and multihoming support by introducing the concept of 'upper layer thread ID', which is associated with some shared secret that is applied with some secure hash or authenticated encryption algorithm to protect authenticity of the origin of the FSP packets. It is able to provide following services to the upper layer application: o Stream-oriented send-receive with native message boundary support o Ubiquitous authenticated encryption o 0-RTT multiplication of connections o On-the-wire compression "SRv6 Mobility Use-Cases", Pablo Camarillo, Clarence Filsfils, Hani Elmalky, Satoru Matsushima, Daniel Voyer, Anna Cui, Bart Peirens, 2019-08-15, This document describes the SRv6 use-cases in the mobile network in association with different mobile generations (3G, 4G, and 5G). It also highlights potential interworking with SR-MPLS in relevant use- cases. "Transport Network aware Mobility for 5G", Uma Chunduri, Renwei Li, Sridhar Bhaskaran, John Kaippallimalil, Jeff Tantsura, Luis Contreras, Praveen Muley, 2019-11-04, This document specifies a framework and a mapping function for 5G mobile user plane with transport network slicing, integrated with Mobile Radio Access and a Virtualized Core Network. The integrated approach is specified in a way to fit into the 5G core network architecture defined in [TS23.501]. It focuses on an optimized mobile user plane functionality with various transport services needed for some of the 5G traffic needing low and deterministic latency, real-time, mission-critical services. This document describes, how this objective is achieved agnostic to the transport underlay used (IPv6, MPLS, IPv4) in various deployments and with a new transport network underlay routing, called Preferred Path Routing (PPR). "BGP-LS Advertisement of Segment Routing Service Segments", Gaurav Dawra, Clarence Filsfils, daniel.bernier@bell.ca, Jim Uttaro, Bruno Decraene, Hani Elmalky, Xiaohu Xu, Francois Clad, Ketan Talaulikar, 2019-07-08, BGP Link-State (BGP-LS) enables distribution of topology information from the network to a Path Computation Engine (PCE) or any controller/application in general so it can learn the network topology. Service functions are deployed as virtualized elements along with network elements or on servers in data centers. The advertisement of such attached service capabilities along with the network nodes that they are attached to or associated with enable their discovery and for programming of service paths that use these service functions. Segment Routing (SR) bring in the concept of segments which can be topological or service instructions. SR Policies enable setup of paths which are a mix of topological and service segments. This document specifies the extensions to BGP-LS for discovery and advertisement of service segments so as to enable setup of service programming paths using Segment Routing. "BGP Automated Session Setup", Robert Raszuk, 2019-12-11, This document proposes a solution for BGP deployments in some specific environments to automatically establish BGP sessions without need for manual peer configuration. "Implementation notes for RFC7991, "The 'xml2rfc' Version 3 Vocabulary"", Henrik Levkowetz, 2019-10-15, This memo documents issues and observations found while implementing RFC 7991. Individual notes are organised into separate sections, depending on their character. "Subject Identifiers for Security Event Tokens", Annabelle Backman, Marius Scurtescu, 2019-07-24, Security events communicated within Security Event Tokens may support a variety of identifiers to identify the subject and/or other principals related to the event. This specification formalizes the notion of subject identifiers as named sets of well-defined claims describing the subject, a mechanism for representing subject identifiers within a [JSON] object such as a JSON Web Token [JWT] or Security Event Token [SET], and a registry for defining and allocating names for these claim sets. "Extensions to OSPF for Advertising Prefix Administrative Tags", Acee Lindem, Peter Psenak, 2019-07-27, It is useful for routers in an OSPFv2 or OSPFv3 routing domain to be able to associate tags with prefixes. Previously, OSPFv2 and OSPFv3 were relegated to a single tag for AS External and Not-So-Stubby-Area (NSSA) prefixes. With the flexible encodings provided by OSPFv2 Prefix Attribute Advertisement and OSPFv3 Extended LSAs, multiple administrative tags may advertised for all types of prefixes. These administrative tags can be used for many applications including route redistribution policy, selective prefix prioritization, selective IP Fast-ReRoute (IPFRR) prefix protection, and many others. The ISIS protocol supports a similar mechanism that is described in RFC 5130. "YANG Data Model for IS-IS SRv6", Zhibo Hu, Dan Ye, Yingzhen Qu, Jiajia Dong, 2019-11-03, This document defines a YANG data model that can be used to configure and manage IS-IS SRv6 [I-D.ietf-lsr-isis-srv6-extensions]. "Distributing OpenPGP Key Fingerprints with Signed Keylist Subscriptions", R. McCain, Micah Lee, Nat Welch, 2019-09-02, This document specifies a system by which an OpenPGP client may subscribe to an organization's public keylist to keep its keystore up-to-date with correct keys from the correct keyserver(s), even in cases where the keys correspond to multiple (potentially uncontrolled) domains. Ensuring that all members or followers of an organization have their colleagues' most recent PGP public keys is critical to maintaining operational security. Without the most recent keys' fingerprints and a source of trust for those keys (as this document specifies), users must manually update and sign each others' keys -- a system that is untenable in larger organizations. This document proposes a experimental format for the keylist file as well as requirements for clients who wish to implement this experimental keylist subscription functionality. "The Decentralized Identifier (DID) in the DNS", Alexander Mayrhofer, Dimitrij Klesev, Markus Sabadello, 2019-08-26, This document specifies the use of the URI Resource Record Type to publish Decentralized Identifiers (DIDs) in the DNS. "Access Extensions for the Access Node Control Protocol", Hongyu Li, Thomas Haag, Birgit Witschurke, 2019-09-23, The purpose of this document is to specify extensions to ANCP (Access Node Control Protocol) (RFC6320) to support PON as described in RFC6934 and some other DSL Technologies including G.fast. This document updates RFC6320 by modifications to terminologies, flows and specifying new TLV types. This document updates RFC6320 by modifications to terminologies, flows and specifying new TLV types. "YANG Data Model for Configuration Interface of Control-Plane and User-Plane separation BNG", Daniel Huang, Sujun Hu, Fengwei Qin, 2019-09-10, This document defines the YANG data model for management of Control- Plane and User-Plane separation of BNGs (Broadband Network Gateways). "IPv6-based discovery and association of Virtualization Infrastructure Manager (VIM) and Network Function Virtualization Orchestrator (NFVO)", Carlos Bernardos, Alain Mourad, 2019-08-26, Virtualized resources do not need to be limited to those available in traditional data centers, where the infrastructure is stable, static, typically homogeneous and managed by a single admin entity. Computational capabilities are becoming more and more ubiquitous, with terminal devices getting extremely powerful, as well as other types of devices that are close to the end users at the edge (e.g., vehicular onboard devices for infotainment, micro data centers deployed at the edge, etc.). It is envisioned that these devices would be able to offer storage, computing and networking resources to nearby network infrastructure, devices and things (the fog paradigm). These resources can be used to host functions, for example to offload/complement other resources available at traditional data centers, but also to reduce the end-to-end latency or to provide access to specialized information (e.g., context available at the edge) or hardware. This document describes mechanisms allowing dynamic discovery of virtualization resources and orchestrators in IPv6-based networks. In the current version, mechanisms based on piggybacking options on IPv6 neighbor discovery are explored. New IPv6 neighbor discovery options are defined. Additional mechanisms will be explored in future releases of this document. "RFC Editor Model (Version 2)", Olaf Kolkman, Joel Halpern, Robert Hinden, 2019-10-04, The RFC Editor model described in this document divides the responsibilities for the RFC Series into three functions: the RFC Series Editor, the RFC Production Center, and the RFC Publisher. Internet Architecture Board (IAB) oversight via the RFC Series Oversight Committee (RSOC) is described, as is the relationship between the IETF Administration Limited Liability Company and the RSOC. This document reflects the experience gained with "RFC Editor Model (Version 1)", documented in RFC 5620; and obsoletes RFC 6635 to replace all references to the IASA and related structures with those defined by the IASA 2.0 Model. [RFC Editor: Please remove the following paragraph prior to publication.] The IASA2 WG requests that the IAB publish this replacement for RFC 6635. "DNS TIMEOUT Resource Record", Tom Pusateri, Tim Wattenberg, 2019-11-04, This specification defines a new DNS TIMEOUT resource record (RR) that associates a lifetime with one or more zone resource records. It is intended to be used to transfer resource record lifetime state between a zone's primary and secondary servers and to store lifetime state during server software restarts. "Anycast-SID FRR in SR", Ran Chen, Shaofu Peng, Jie Han, 2019-07-08, This document specifies the fast redundancy protection mechanism, aimed at providing protection of the links and domain boundary nodes for network that use segment routing. "ECC Brainpool Curves for Transport Layer Security (TLS) Version 1.3", Leonie Bruckert, Johannes Merkle, Manfred Lochter, 2019-09-26, ECC Brainpool curves were an option for authentication and key exchange in the Transport Layer Security (TLS) protocol version 1.2, but were deprecated by the IETF for use with TLS version 1.3 because they had little usage. However, these curves have not been shown to have significant cryptographical weaknesses, and there is some interest in using several of these curves in TLS 1.3. This document provides the necessary protocol mechanisms for using ECC Brainpool curves in TLS 1.3. This approach is not endorsed by the IETF. "BGP Topology Discovery Requirements", Randy Bush, Keyur Patel, 2019-10-21, For wide scale routing protocols to build their topology and reachability databases they need to discover the encapsulation data on a link, link IP layer 3 attributes, attributes for IP layer 3 and above protocols on that link, and link liveness. We refer to this as neighbor discovery. BGP-LS and its enhancements provide an API to present much of these data to BGP protocols, but do not directly collect these data. This document explores the needs and criteria for the data needed. "OSPF Reverse Metric", Ketan Talaulikar, Peter Psenak, Hugh Johnston, 2019-08-20, This document specifies the extensions to OSPF that enables a router to signal to its neighbor the metric that the neighbor should use towards itself using link-local advertisement between them. The signalling of this reverse metric, to be used on link(s) towards itself, allows a router to influence the amount of traffic flowing towards itself and in certain use-cases enables routers to maintain symmetric metric on both sides of a link between them. "Congestion Control based on Forward path Status", jungnam.gwock, SangHyun Lee, 2019-08-27, This document describes CCFS(Congestion Control based on Forward path Status), a rate adaptation scheme for interactive real-time media applications, such as video conferencing. CCFS classifies the forward paths's status as throttled, competing, probing and default which is managed based on estimated parameters - bottleneck bandwidth, queue delay and loss ratio. Considering only forward path status minimizes influence of backward path's network events such as congestion. It is also free from compatibility issues because it defines generalized feedback message. "A Yang Data Model for IGMP/MLD Proxy", Hongji Zhao, Xufeng Liu, Yisong Liu, Mani Panchanathan, Mahesh Sivakumar, 2019-07-03, This document defines a YANG data model that can be used to configure and manage Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) proxy devices. The YANG module in this document conforms to Network Management Datastore Architecture (NMDA). "Extended Procedures for EVPN Optimized Ingress Replication", Wen Lin, Selvakumar Sivaraj, Vishal Garg, Jorge Rabadan, 2019-11-01, [EVPN-AR] specifies an optimized ingress replication solution for more efficient multicast and broadcast delivery in a Network Virtualization Overlay (NVO) network for EVPN. This document extends the optimized ingress replication procedures specified in [EVPN-AR] to overcome the limitation that an AR- REPLICATOR may have. An AR-REPLICATOR may be unable to retain the source IP address or include the expected ESI label that is required for EVPN split horizon filtering when replicating the packet on behalf of its multihomed AR-LEAF. Under this circumstance, the extended procedures specified in this document allows the support of EVPN multihoming on the AR-LEAFs as well as optimized ingress replication for the rest of the EVPN overlay network. "Asymmetric Extended Route Optimization (AERO)", Fred Templin, 2019-08-15, This document specifies the operation of IP over tunnel virtual links using Asymmetric Extended Route Optimization (AERO). AERO interfaces use an IPv6 link-local address format that supports operation of the IPv6 Neighbor Discovery (ND) protocol and links ND to IP forwarding. Prefix delegation/registration services are employed for network admission and to manage the routing system. Multilink operation, mobility management, quality of service (QoS) signaling and route optimization are naturally supported through dynamic neighbor cache updates. Standard IP multicasting services are also supported. AERO is a widely-applicable mobile internetworking service especially well-suited to aviation services, mobile Virtual Private Networks (VPNs) and many other applications. "Clarifications and Implementation Guidelines for using TCP Encapsulation in IKEv2", Valery Smyslov, 2019-06-18, The Internet Key Exchange Protocol version 2 (IKEv2) defined in [RFC7296] uses UDP transport for its messages. [RFC8229] specifies a way to encapsulate IKEv2 and ESP (Encapsulating Security Payload) messages in TCP, thus making possible to use them in network environments that block UDP traffic. However, some nuances of using TCP in IKEv2 are not covered by that specification. This document provides clarifications and implementation guidelines for [RFC8229]. "Some Thoughts on IETF Community Leadership", Brian Carpenter, 2019-06-19, This is a personal view of what the IETF community might expect of its members who serve in leadership positions such as Area Directors and IAB members. It is intended as personal input to the Nominating Committee, but posted as a draft since there is nothing private about it. A particular emphasis is placed on the need for such members to be responsive to the community as a whole rather than to impose personal opinions. "An Unreliable Datagram Extension to QUIC", Tommy Pauly, Eric Kinnear, David Schinazi, 2019-11-04, This document defines an extension to the QUIC transport protocol to add support for sending and receiving unreliable datagrams over a QUIC connection. Discussion of this work is encouraged to happen on the QUIC IETF mailing list quic@ietf.org [1] or on the GitHub repository which contains the draft: https://github.com/tfpauly/draft-pauly-quic- datagram [2]. "Using HTTP/2 as a Transport for Arbitrary Bytestreams", Eric Kinnear, Tommy Pauly, 2019-11-04, HTTP/2 provides multiplexing of HTTP requests over a single underlying transport connection. HTTP/2 Transport defines the use of the bidirectional extended CONNECT handshake to negotiate the use of application protocols using streams of an HTTP/2 connection as transport. "Independent Submission Editor Model", Nevil Brownlee, Robert Hinden, 2019-01-07, This document describes the function and responsibilities of the RFC Independent Submission Editor (ISE). The Independent Submission stream is one of the stream producers that create draft RFCs, with the ISE as its stream approver. The ISE is overall responsible for activities within the Independent Submission stream, working with draft editors and reviewers, and interacts with the RFC Production Center and Publisher, and the RFC Series Editor (RSE). The ISE is appointed by the IAB, and also interacts with the IETF Administration Limited Liability Company (LLC). This version obsoletes RFC 6548 to replace all references to the IASA and related structures with those defined by the IASA 2.0 Model. [RFC Editor: Please remove the following paragraph prior to publication.] The IASA2 WG requests that the IAB publish this replacement for RFC 6548. "Login Security Policy Extensions Mapping for the Extensible Provisioning Protocol (EPP)", James Gould, 2019-08-02, This document describes an Extensible Provisioning Protocol (EPP) extension of the Registry Mapping to define the server policy of the Login Security EPP extension. The server policy of the Login Security EPP extension includes the MAYs, SHOULDs, and options implemented by the server. "Using Multicast DNS to protect privacy when exposing ICE candidates", Youenn Fablet, Jeroen Borst, Justin Uberti, Qingsi Wang, 2019-10-16, WebRTC applications collect ICE candidates as part of the process of creating peer-to-peer connections. To maximize the probability of a direct peer-to-peer connection, client private IP addresses are included in this candidate collection. However, disclosure of these addresses has privacy implications. This document describes a way to share local IP addresses with other clients while preserving client privacy. This is achieved by concealing IP addresses with dynamically generated Multicast DNS (mDNS) names. "NMDA Base Notification for Intent based configuration update", Qin WU, Ran Tao, Rohit Ranade, 2019-06-29, The Network Configuration Protocol (NETCONF)and RESTCONF provides mechanisms to manipulate configuration datastores. NMDA introduces additional datastores for systems that support more advanced processing chains converting configuration to operational state. However, client applications are not able to be aware of common events in these additional datstores of the management system, such as a intended configuration state change in NETCONF server or RESTCONF server, that may impact management applications,especially when a server is managed by multiple clients or management applications. This document define a YANG module that allows a client to receive additional notifications for some common system events pertaining to the Network Management Datastore Architecture (NMDA) defined in [RFC8342]. "Virtualization YANG Servise Model (VYSM)", Dmytro Shytyi, Laurent Beylier, Luigi Iannone, 2019-09-05, This document provides a specification of the Virtual Network Functions YANG Service Model (VYSM). The VNF YANG Service Model serves as a base framework for managing an universal Customer- Premises Equipment (uCPE) NFV subsystem from the Orchestrator. "Guide for building an EDDSA pki", Robert Moskowitz, Henk Birkholz, Michael Richardson, 2019-08-19, This memo provides a guide for building a PKI (Public Key Infrastructure) using openSSL. Certificates in this guide can be either ED25519 or ED448 certificates. Along with common End Entity certificates, this guide provides instructions for creating IEEE 802.1AR iDevID Secure Device certificates. "A YANG Model for Network and VPN Service Performance Monitoring", Zitao Wang, Qin WU, Roni Even, Bin Wen, Chang Liu, Honglei Xu, 2019-11-01, The data model defined in [RFC8345] introduces vertical layering relationships between networks that can be augmented to cover network/service topologies. This document defines a YANG model for both Network Performance Monitoring and VPN Service Performance Monitoring that can be used to monitor and manage network performance on the topology at higher layer or the service topology between VPN sites. This model is an augmentation to the network topology YANG data model defined in [RFC8345]. "Commercial National Security Algorithm (CNSA) Suite Profile of Certificate Management over CMS", Michael Jenkins, Lydia Zieglar, 2019-05-29, This document specifies a profile of the Certificate Management over CMS (CMC) protocol for managing X.509 public key certificates in applications that use the Commercial National Security Algorithm (CNSA) Suite published by the United States Government. The profile applies to the capabilities, configuration, and operation of all components of US National Security Systems that manage X.509 public key certificates over CMS. It is also appropriate for all other US Government systems that process high-value information. The profile is made publicly available here for use by developers and operators of these and any other system deployments. "The OPAQUE Asymmetric PAKE Protocol", Hugo Krawczyk, 2019-10-19, This draft describes the OPAQUE protocol, a secure asymmetric password authenticated key exchange (aPAKE) that supports mutual authentication in a client-server setting without reliance on PKI and with security against pre-computation attacks upon server compromise. Prior aPAKE protocols did not use salt and if they did, the salt was transmitted in the clear from server to user allowing for the building of targeted pre-computed dictionaries. OPAQUE security has been proven by Jarecki et al. (Eurocrypt 2018) in a strong and universally composable formal model of aPAKE security. In addition, the protocol provides forward secrecy and the ability to hide the password from the server even during password registration. Strong security, versatility through modularity, good performance, and an array of additional features make OPAQUE a natural candidate for practical use and for adoption as a standard. To this end, this draft presents several optimized instantiations of OPAQUE and ways of integrating OPAQUE with TLS. This draft presents a high-level description of OPAQUE highlighting its components and modular design. A detailed unambiguous specification for standardization will be presented in future revisions of this document, or separately. "A YANG Data model for ECA Policy Management", Zitao Wang, Qin WU, Igor Bryskin, Xufeng Liu, Benoit Claise, 2019-12-10, RFC8328 defines a policy-based management framework that allows definition of a data model to be used to represent high-level, possibly network-wide policies. Policy discussed in RFC8328 are classified into imperative policy and declarative policy, Event Condition Action (ECA) policy is an typical example of imperative policy. This document defines a YANG data model for the ECA policy management. The ECA policy YANG provides the ability for the network management function (within a network element) to control the configuration and monitor state change and take simple and instant action on the server when a trigger condition on the system state is met. "Extensible Provisioning Protocol (EPP) Unhandled Namespaces", James Gould, Martin Casanova, 2019-09-24, The Extensible Provisioning Protocol (EPP), as defined in RFC 5730, includes a method for the client and server to determine the objects to be managed during a session and the object extensions to be used during a session. The services are identified using namespace URIs. How should the server handle service data that needs to be returned in the response when the client does not support the required service namespace URI, which is referred to as an unhandled namespace? An unhandled namespace is a significant issue for the processing of RFC 5730 poll messages, since poll messages are inserted by the server prior to knowing the supported client services, and the client needs to be capable of processing all poll messages. This document defines an operational practice that enables the server to return information associated with unhandled namespace URIs that is compliant with the negotiated services defined in RFC 5730. "Defining the Role and Function of IETF Protocol Parameter Registry Operators", Danny McPherson, Olaf Kolkman, John Klensin, Geoff Huston, IAB, 2019-10-18, Many Internet Engineering Task Force (IETF) protocols make use of commonly defined values that are passed in messages or packets. To ensure consistent interpretation of these values between independent implementations, there is a need to ensure that the values and associated semantic intent are uniquely defined. The IETF uses registry functions to record assigned protocol parameter values and their associated semantic intentions. For each IETF protocol parameter, it is current practice for the IETF to delegate the role of Protocol Parameter Registry Operator to a nominated entity. This document provides a description of, and the requirements for, these delegated functions. This document obsoletes RFC 6220 to replace all references to the IASA and related structures with those defined by the IASA 2.0 Model. "Pros and Cons of IPv6 Transition Technologies for IPv4aaS", Gabor Lencse, Jordi Palet, Lee Howard, Richard Patterson, Ian Farrer, 2019-07-06, Several IPv6 transition technologies have been developed to provide customers with IPv4-as-a-Service (IPv4aaS) for ISPs with an IPv6-only access and/or core network. All these technologies have their advantages and disadvantages, and depending on existing topology, skills, strategy and other preferences, one of these technologies may be the most appropriate solution for a network operator. This document examines the five most prominent IPv4aaS technologies considering a number of different aspects to provide network operators with an easy to use reference to assist in selecting the technology that best suits their needs. "Benchmarking Methodology for EVPN VPWS", sudhin jacob, Kishore Tiruveedhula, 2019-12-12, This document defines methodologies for benchmarking EVPN-VPWS performance.EVPN-VPWS is defined in RFC 8214, and is being deployed in Service Provider networks.Specifically this document defines the methodologies for benchmarking EVPN-VPWS Scale convergence, Fail over,Core isolation,high availability and longevity. "Discovery of OSCORE Groups with the CoRE Resource Directory", Marco Tiloca, Christian Amsuess, Peter van der Stok, 2019-11-04, Group communication over the Constrained Application Protocol (CoAP) can be secured by means of Group Object Security for Constrained RESTful Environments (Group OSCORE). At deployment time, devices may not know the exact OSCORE groups to join, the respective Group Manager, or other information required to perform the joining process. This document describes how a CoAP endpoint can use descriptions and links of resources registered at the CoRE Resource Directory to discover OSCORE groups and to acquire information for joining them through the respective Group Manager. A given OSCORE group may protect multiple application groups, which are separately announced in the Resource Directory as sets of endpoints sharing a pool of resources. This approach is consistent with, but not limited to, the joining of OSCORE groups based on the ACE framework for Authentication and Authorization in constrained environments. "The Mercure Protocol", Kevin Dunglas, 2019-08-27, Mercure is a protocol enabling the pushing of data updates to web browsers and other HTTP clients in a fast, reliable and battery- efficient way. It is especially useful for publishing real-time updates of resources served through web APIs to reactive web and mobile apps. "YANG Model for Transmission Control Protocol (TCP) Configuration", Michael Scharf, Vishal Murgai, Mahesh Jethanandani, 2019-11-04, This document specifies a YANG model for TCP on devices that are configured by network management protocols. The YANG model defines groupings for fundamental parameters that can be modified in many TCP implementations. The model includes definitions from YANG Groupings for TCP Client and TCP Servers (I-D.ietf-netconf-tcp-client-server). The model is NMDA (RFC 8342) compliant. "The RFC Series and RFC Editor", Russ Housley, Leslie Daigle, 2019-10-30, This document describes the framework for an RFC Series and an RFC Editor function that incorporate the principles of organized community involvement and accountability that has become necessary as the Internet technical community has grown, thereby enabling the RFC Series to continue to fulfill its mandate. Cover Note: {{ RFC Editor: Please remove this cover note prior to publication. }} The IASA2 WG asks the IAB to publish this replacement for RFC 4844. The document is changed for alignment with the new structure for the IETF Administrative Support Activity (IASA), eliminating all references to the IETF Administrative Oversight Committee (IAOC). "Label Switched Path (LSP) Ping/Traceroute for Segment Routing (SR) Egress Peer engineering Segment Identifiers (SIDs) with MPLS Data Planes", Shraddha Hegde, Kapil Arora, Mukul Srivastava, Samson Ninan, 2019-11-02, Egress Peer Engineering is an application of Segment Routing to solve the problem of egress peer selection. The SR-based BGP-EPE solution allows a centralized (Software Defined Network, SDN)controller to program any egress peer. The EPE solution requires a node to program PeerNodeSID, PeerAdjSID, PeerSetSID as described in [I-D.ietf-spring-segment-routing-central-epe]. This document provides new sub-TLVs for EPE SIDs that would be used in Target stack TLV (Type 1) as defined in [RFC8029] for the EPE SIDs. "Diffserv to QCI Mapping", Jerome Henry, Tim Szigeti, 2019-10-14, As communication devices become more hybrid, smart devices include more media-rich communication applications, and the boundaries between telecommunication and other applications becomes less clear. Simultaneously, as the end-devices become more mobile, application traffic transits more often between enterprise networks, the Internet, and cellular telecommunication networks, sometimes using simultaneously more than one path and network type. In this context, it is crucial that quality of service be aligned between these different environments. However, this is not always the case by default, and cellular communication networks use a different QoS nomenclature from the Internet and enterprise networks. This document specifies a set of 3rd Generation Partnership Project (3GPP) Quality of Service (QoS) Class Identifiers (QCI) to Differentiated Services Code Point (DSCP) mappings, to reconcile the marking recommendations offered by the 3GPP with the recommendations offered by the IETF, so as to maintain a consistent QoS treatment between cellular networks and the Internet. This mapping can be used by enterprises or implementers expecting traffic to flow through both types of network, and wishing to align the QoS treatment applied to one network under their control with the QoS treatment applied to the other network. "Basic YANG Model for Steering Client Services To Server Tunnels", Igor Bryskin, Vishnu Beeram, Tarek Saad, Xufeng Liu, Young Lee, Aihua Guo, 2019-07-05, This document describes a YANG data model for managing pools of transport tunnels and steering client services on them. "Motivations and Design Choices of the Flexible Session Protocol", Jun-an, Gao, 2019-10-15, This document introduces the motivation to design the Flexible Session Protocol which supports mobility and multihoming at the transport layer. FSP is to avoid the routing scalability problem in the IPv6 internetwork. The document serves to explain choices of design goals of FSP as well. "Constrained Join Proxy for Bootstrapping Protocols", Michael Richardson, Peter van der Stok, Panos Kampanakis, 2019-07-05, This document defines a protocol to securely assign a pledge to an owner, using an intermediary node between pledge and owner. This intermediary node is known as a "constrained Join Proxy". This document extends the work of [ietf-anima-bootstrapping-keyinfra] by replacing the Circuit-proxy by a stateless constrained Join Proxy, that transports routing information. "Operations, Administration, and Maintenance for MPLS-SR over IP", Gregory Mirsky, 2019-10-22, Segment routing uses source routing paradigm to traffic engineering by specifying segments a packet traverses through the network. MPLS Segment Routing applies that paradigm to an MPLS data plane-based networks. SR-MPLS over IP uses MPLS label stack as a source routing instruction set and uses IP encapsulation/tunneling such as MPLS-in- UDP as defined in RFC 7510 to realize a source routing mechanism across MPLS, IPv4, and IPv6 data planes. This document describes Operations, Administration, and Maintenance operations in SR-MPLS over IP environment. "DetNet QoS Policy", Quan Xiong, Yu jinghai, Peng Liu, Fengwei Qin, 2019-11-01, This document proposes a Quality of Service (QoS) policy to apply Differentiated Services (DiffServ) model for Deterministic Networking (DetNet) and defines a DetNet DiffServ mechanism including DetNet IP and MPLS encapsulation. "DetNet QoS Yang", Quan Xiong, Yufang Han, Fengwei Qin, Peng Liu, 2019-11-01, This document defines a YANG data model for Deterministic Networking (DetNet) Quality of Service (QoS) based on the Differentiated Services (DiffServ) model. "Bandwidth Profiling Extensions for MUD", Eliot Lear, Owen Friel, 2019-07-08, Manufacturer Usage Descriptions (MUD) are a means by which devices can establish expectations about how they are intended to behave, and how the network should treat them. Earlier work focused on access control. This draft specifies a means by which manufacturers can express to deployments what form of bandwidth profile devices are expected to have with respect to specific services. "Postcard-based On-Path Flow Data Telemetry", Haoyu Song, Tianran Zhou, Zhenbin Li, Jongyoon Shin, Kyungtae Lee, 2019-10-29, The Postcard-Based Telemetry (PBT) allows network OAM applications to directly collect and export telemetry data about any user packet at each node on the forwarding path. PBT has two variations, PBT-I and PBT-M. PBT-I requires inserting an instruction header to user packets to guide the data collection. An implementation of PBT-I is the IOAM Direct Export option described in [I-D.ioamteam-ippm-ioam-direct-export]. In contrast, PBT-M only marks the user packets or configure the flow filter to invoke the data collection and postcard export. PBT complements IOAM trace option by addressing several specific implementation and deployment challenges. "BATS Coding Scheme for Multi-hop Data Transport", Shenghao Yang, Xuan Huang, Raymond Yeung, John Zao, 2019-11-16, This document describes a BATS coding scheme for communication through multi-hop networks. BATS code is a class of efficient linear network coding scheme with a matrix generalization of fountain codes as the outer code, and batch-based linear network coding as the inner code. "Tethering A BIER Router To A BIER incapable Router", Zhaohui Zhang, Nils Warnke, IJsbrand Wijnands, Daniel Awduche, 2019-10-01, This document specifies optional procedures to optimize the handling of Bit Index Explicit Replication (BIER) incapable routers, by attaching (tethering) a BIER router to a BIER incapable router. "Secure EVPN", Ali Sajassi, Ayan Banerjee, Samir Thoria, David Carrel, Brian Weis, John Drake, 2019-07-08, The applications of EVPN-based solutions ([RFC7432] and [RFC8365]) have become pervasive in Data Center, Service Provider, and Enterprise segments. It is being used for fabric overlays and inter- site connectivity in the Data Center market segment, for Layer-2, Layer-3, and IRB VPN services in the Service Provider market segment, and for fabric overlay and WAN connectivity in Enterprise networks. For Data Center and Enterprise applications, there is a need to provide inter-site and WAN connectivity over public Internet in a secured manner with same level of privacy, integrity, and authentication for tenant's traffic as IPsec tunneling using IKEv2. This document presents a solution where BGP point-to-multipoint signaling is leveraged for key and policy exchange among PE devices to create private pair-wise IPsec Security Associations without IKEv2 point-to-point signaling or any other direct peer-to-peer session establishment messages. "Path Segment for SRv6 (Segment Routing in IPv6)", Cheng Li, Weiqiang Cheng, Mach Chen, Dhruv Dhody, Zhenbin Li, Jie Dong, Rakesh Gandhi, 2019-11-04, Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of sub-paths, called "segments". Segment routing architecture can be implemented over an MPLS data plane as well as an IPv6 data plane. Further, Path Segment has been defined in order to identify an SR path in SR-MPLS networks, and used for various use-cases such as end- to-end SR Path Protection and Performance Measurement (PM) of an SR path. Similar to SR-MPLS, this document defines the Path Segment in SRv6 networks in order to identify an SRv6 path. "Enhanced Alternate Marking Method", Tianran Zhou, Giuseppe Fioccola, Zhenbin Li, Shinyoung Lee, Mauro Cociglio, 2019-10-31, This document defines data fields for the alternate marking with enough space. The main idea is that more information can be considered within the alternate marking field to facilitate the efficiency and ease the deployment. The definition aims to be general, even if for some protocols there can be dedicated solutions. "In Network Computing Enablers for Extended Reality", Marie-Jose Montpetit, 2019-07-08, Augmented Reality (AR) and Virtual Reality (VR), combined as Extended Reality or XR, challenge networking technologies and protocols because they combine the features of fast information display, image processing, computing and forwarding. This document presents some of these challenges and how adding computing in the network could respond to them. "PCEP Procedures and Protocol Extensions for Using PCE as a Central Controller (PCECC) for SRv6", Mahendra Negi, Zhenbin Li, Xuesong Geng, 2019-08-22, The Path Computation Element (PCE) is a core component of Software- Defined Networking (SDN) systems. It can compute optimal paths for traffic across a network and can also update the paths to reflect changes in the network or traffic demands. PCE was developed to derive paths for MPLS Label Switched Paths (LSPs), which are supplied to the head end of the LSP using the Path Computation Element Communication Protocol (PCEP). But SDN has a broader applicability than signaled (G)MPLS traffic-engineered (TE) networks, and the PCE may be used to determine paths in a range of use cases. PCEP has been proposed as a control protocol for use in these environments to allow the PCE to be fully enabled as a central controller. A PCE-based central controller (PCECC) can simplify the processing of a distributed control plane by blending it with elements of SDN and without necessarily completely replacing it. This document specifies the procedures and PCEP protocol extensions when a PCE-based controller is also responsible for configuring the forwarding actions on the routers for Segment Routing in IPv6 (SRv6), in addition to computing the SRv6 paths for packet flows and telling the edge routers what instructions to attach to packets as they enter the network. "PCEP Procedures and Protocol Extensions for Using PCE as a Central Controller (PCECC) for P2MP LSPs", Mahendra Negi, Zhenbin Li, Xuesong Geng, 2019-08-22, The Path Computation Element (PCE) is a core component of Software- Defined Networking (SDN) systems. It can compute optimal paths for traffic across a network and can also update the paths to reflect changes in the network or traffic demands. The PCE has been identified as an appropriate technology for the determination of the paths of point- to-multipoint (P2MP) TE Label Switched Paths (LSPs). PCE was developed to derive paths for MPLS P2MP LSPs, which are supplied to the head end (root) of the LSP using PCEP. PCEP has been proposed as a control protocol to allow the PCE to be fully enabled as a central controller. A PCE-based central controller (PCECC) can simplify the processing of a distributed control plane by blending it with elements of SDN and without necessarily completely replacing it. Thus, the P2MP LSP can be calculated/setup/initiated and the label forwarding entries can also be downloaded through a centralized PCE server to each network devices along the P2MP path while leveraging the existing PCE technologies as much as possible. This document specifies the procedures and PCEP protocol extensions for using the PCE as the central controller for P2MP TE LSP. "BMP for BGP Route Leak Detection", Yunan Gu, China Telecom, Di Ma, Shunwan Zhuang, 2019-07-08, According to RFC7908 [RFC7908], Route leaks refer to case that the delivery range of route advertisements is beyond the expected range. For many current security protection solutions, the ISPs (Internet Service Providers) are focusing on finding ways to prevent the happening of route leaks. However, the real-time route leak detection if any occurs is important as well, and serves as the basis for leak mitigation. This document extends the BGP Monitoring Protocol (BMP) [RFC7854] to provide a routing security scheme suitable for ISPs to detect BGP route leaks at the prefix level. "Architecture for Use of BGP as Central Controller", Huaimo Chen, Shunwan Zhuang, Zhenbin Li, 2019-10-24, BGP is a core part of a network including Software-Defined Networking (SDN) system. It has the traffic engineering information on the network topology and can compute optimal paths for a given traffic flow across the network. This document describes some reference architectures for BGP as a central controller. A BGP-based central controller can simplify the operations on the network and use network resources efficiently for providing services with high quality. "SRv6 Compatibility with Legacy Devices", Shuping Peng, Zhenbin Li, Chongfeng Xie, Li Cong, 2019-07-08, When deploying SRv6 on legacy devices, there are some compatibility challenges such as the support of SRH processing. This document identifies some of the major challenges, and provides solutions that are able to mitigate those challenges and smooth the migration towards SRv6 deployment. "SR-TE Path Midpoint Protection", Zhibo Hu, Huaimo Chen, Junda Yao, Chris Bowers, Yongqing Zhu, 2019-10-28, Segment Routing Traffic Engineering (SR-TE) supports the creation of explicit paths using segment lists containing adjacency-SIDs, node- SIDs, anycast-SIDs, and binding-SIDs. When the segment list defining an SR-TE path contains a node-SID, and the node fails, the network may no longer be able to properly forward traffic on that SR-TE path. [I-D.bashandy-rtgwg-segment-routing-ti-lfa] and [I-D.hegde-spring-node-protection-for-sr-te-paths] describe a mechanism that allows local repair actions on the direct neighbors of the failed node to temporarily route traffic to the node immediately following the failed node on the SR-TE path segment list. However, once the IGP shortest paths have converged, the local repair mechanism is no longer sufficient to continue forwarding traffic using the original segment list of the SR-TE path, since the non- neighbors of the failed node will no longer have a route to reach the failed node. This document describes a mechanism that allows traffic to continue to be forwarded on an SR-TE path for an extended period of time after the failure of a node used in the path's segment list. "Multicast Source Redundancy in EVPN Networks", Jorge Rabadan, Jayant Kotalwar, Senthil Sathappan, Zhaohui Zhang, Wen Lin, Eric Rosen, 2019-07-05, EVPN supports intra and inter-subnet IP multicast forwarding. However, EVPN (or conventional IP multicast techniques for that matter) do not have a solution for the case where: a) a given multicast group carries more than one flow (i.e., more than one source), and b) it is desired that each receiver gets only one of the several flows. Existing multicast techniques assume there are no redundant sources sending the same flow to the same IP multicast group, and, in case there were redundant sources, the receiver's application would deal with the received duplicated packets. This document extends the existing EVPN specifications and assumes that IP Multicast source redundancy may exist. It also assumes that, in case two or more sources send the same IP Multicast flows into the tenant domain, the EVPN PEs need to avoid that the receivers get packet duplication by following the described procedures. "EtherType Protocol Identification of In-situ OAM Data", Brian Weis, Frank Brockners, Craig Hill, Shwetha Bhandari, Vengada Govindan, Carlos Pignataro, Hannes Gredler, John Leddy, Stephen Youell, Tal Mizrahi, Aviv Kfir, Barak Gafni, Petr Lapukhov, Mickey Spiegel, 2019-09-11, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document defines an EtherType that identifies IOAM data fields as being the next protocol in a packet, and a header that encapsulates the IOAM data fields. "YANG Versioning Solution Overview", Robert Wilton, 2019-11-04, This document gives a brief overview of the different drafts that comprise a full solution to the YANG versioning requirements draft. The purpose of this draft is to help readers understand how the discrete parts of the YANG versioning solution fit together during working group development of the solution drafts. "Semi-Static Diffie-Hellman Key Establishment for TLS 1.3", Eric Rescorla, Nick Sullivan, Christopher Wood, 2019-11-04, TLS 1.3 [I-D.ietf-tls-tls13] specifies a signed Diffie-Hellman exchange modelled after SIGMA [SIGMA]. This design is suitable for endpoints whose certified credential is a signing key, which is the common situation for current TLS servers. This document describes a mode of TLS 1.3 in which one or both endpoints have a certified DH key which is used to authenticate the exchange. "Edge Data Discovery for COIN", Mike McBride, Dirk Kutscher, Eve Schooler, Carlos Bernardos, 2019-07-08, This document describes the problem of distributed data discovery in edge computing, and in particular for computing-in-the-network (COIN), which may require both the marshalling of data at the outset of a computation and the persistence of the resultant data after the computation. Although the data might originate at the network edge, as more and more distributed data is created, processed, and stored, it becomes increasingly dispersed throughout the network. There needs to be a standard way to find it. New and existing protocols will need to be developed to support distributed data discovery at the network edge and beyond. "SRIFT: Segment Routing In Fat Trees", Zhaohui Zhang, Jeff Tantsura, Don Fedyk, 2019-11-04, This document specifies signaling procedures for Segment Routing [RFC8402] with RIFT. Each node's loopback address, Segment Routing Global Block (SRGB) and Node Segment Identifier (SID), which must be unique within the SR domain and are typically assigned by SR controllers or management, are distributed southbound from the Top Of Fabric (TOF) nodes via the Key-Value distribution mechanism, so that each node can compute how to reach a node represented by the topmost Node SIDs . For an ingress node to send SR traffic to another node via an explicit path, an SR controller signals the corresponding label stack to the ingress node so that the ingress node can send packets accordingly. "Flowspec Indirection-id Redirect for SRv6", Gunter Van de Velde, Keyur Patel, Zhenbin Li, Huaimo Chen, 2019-07-08, This document defines extensions to "FlowSpec Redirect to indirection-id Extended Community" for SRv6. This extended community can trigger advanced redirection capabilities to flowspec clients for SRv6. When activated, this flowspec extended community is used by a flowspec client to retrieve the corresponding next-hop and encoding information within a localised indirection-id mapping table. The functionality detailed in this document allows a network controller to decouple the BGP flowspec redirection instruction from the operation of the available paths. "In-situ Flow Information Telemetry", Haoyu Song, Fengwei Qin, Huanan Chen, Jaewhan Jin, Jongyoon Shin, 2019-12-04, Efficient network operation increasingly relies on data-plane telemetry. As networks increase in scale and network operations become more sophisticated, traditional Operation, Administration and Maintenance (OAM) methods, which include proactive and reactive techniques, running in active and passive modes, become more susceptible to measurement accuracy and misconfiguration errors. With the advent of programmable data-plane, emerging on-path telemetry techniques provide unprecedented flow insight and realtime notification of network issues (e.g., jitter, increased latency, packet loss, significant bit error variations, and unequal load- balancing). This document enumerates several key deployment challenges and requirements for on-path telemetry techniques, especially in carrier operator networks. To address these issues, this document outlines a high-level framework, In-situ Flow Information Telemetry (iFIT). iFIT provides several essential components that can be assembled to achieve a complete and efficient solution for on-path telemetry. As a reference and open framework, iFIT only describes the basic functions of each identified component and suggests possible applications. It does not specify the implementation of the components and the interfaces between the components. The compliance of iFIT framework is not mandated either. This informational document aims to clarify the problem domain, and summarize the best practices and sensible system design considerations. The iFIT framework helps to guide the analysis on the current standard status and gaps, and motivate new works to complete the ecosystem. It also helps to inspire innovative network telemetry applications supporting advanced network operations. "YANG Data Model for OSPF SRv6", Zhibo Hu, Kamran Raza, Yingzhen Qu, Jiajia Dong, 2019-11-04, This document defines a YANG data model that can be used to configure and manage OSPFv3 SRv6 [I-D.li-ospf-ospfv3-srv6-extensions]. "CBOR Profile of X.509 Certificates", Shahid Raza, Joel Hoglund, Goeran Selander, John Mattsson, Martin Furuhed, 2019-06-24, This document specifies a CBOR encoding and profiling of X.509 public key certificate suitable for Internet of Things (IoT) deployments. The full X.509 public key certificate format and commonly used ASN.1 encoding is overly verbose for constrained IoT environments. Profiling together with CBOR encoding reduces the certificate size significantly with associated known performance benefits. The CBOR certificates are compatible with the existing X.509 standard, enabling the use of profiled and compressed X.509 certificates without modifications in the existing X.509 standard. "YANG Data Models for the IP Flow Information Export (IPFIX) Protocol, Packet Sampling (PSAMP) Protocol, and Bulk Data Export", Joey Boyd, Marta Seda, 2019-11-04, This document defines a flexible, modular YANG model for packet sampling (PSAMP) and bulk data collection and export via the IPFIX protocol. This new model is an alternative to the model defined in RFC 6728, "Configuration Data Model for the IP Flow Information Export (IPFIX) and Packet Sampling (PSAMP) Protocols". All functionality modeled in RFC 6728 has been carried over to this new model. The YANG data model in this document conforms to the Network Management Datastore Architecture (NMDA) defined in RFC 8342. This document obsoletes RFC 6728 (if approved). "SRv6 and MPLS interworking", Swadesh Agrawal, Zafar Ali, Clarence Filsfils, Daniel Voyer, Zhenbin Li, 2019-07-08, This document describes SRv6 and MPLS/SR-MPLS interworking and co- existence procedures. "OAM for Service Programming with Segment Routing", Zafar Ali, Clarence Filsfils, Nagendra Kumar, Carlos Pignataro, Francois Clad, faiqbal@cisco.com, Xiaohu Xu, 2019-11-01, This document defines the Operations, Administrations and Maintenance (OAM) for service programming in SR-enabled MPLS and IP networks. "Resilient MPLS Rings using Segment Routing", Kireeti Kompella, Tarek Saad, Abhishek Deshmukh, 2019-07-07, This document describes the use of Segment Routing (SR) control plane to setup LSP(s) for resilient MPLS ring networks. It specifies how clockwise and anti-clockwise ring LSP(s) are signaled using SR IGP protocol extensions, and how such ring LSP(s) are combined to achieve ring protection. "Segment Routing Header encapsulation for In-situ OAM Data", Zafar Ali, Rakesh Gandhi, Clarence Filsfils, Frank Brockners, Nagendra Kumar, Carlos Pignataro, Cheng Li, Mach Chen, Gaurav Dawra, 2019-11-03, OAM and PM information from the SR endpoints can be piggybacked in the data packet. The OAM and PM information piggybacking in the data packets is also known as In-situ OAM (IOAM). IOAM records operational and telemetry information in the data packet while the packet traverses a path between two points in the network. This document defines how IOAM data fields are transported as part of the Segment Routing with IPv6 data plane (SRv6) header. "Considerations on Internet Consolidation and the Internet Architecture", Jari Arkko, Brian Trammell, Mark Nottingham, Christian Huitema, Martin Thomson, Jeff Tantsura, Niels ten Oever, 2019-07-08, Many of us have held a vision of the Internet as the ultimate distributed platform that allows communication, the provision of services, and competition from any corner of the world. But as the Internet has matured, it seems to also feed the creation of large, centralised entities in many areas. This phenomenon could be looked at from many different angles, but this memo considers the topic from the perspective of how available technology and Internet architecture drives different market directions. "IPv6 Formal Anycast Addresses and Functional Anycast Addresses", Mark Smith, 2019-11-03, Currently, IPv6 anycast addresses are chosen from within the existing IPv6 unicast address space, with the addresses nominated as anycast addresses through configuration. An alternative scheme would be to have a special class of addresses for use as anycast addresses. This memo proposes a distinct general anycast addressing class for IPv6, and a more specific scheme for functional anycast addresses. "Private Discovery", Bob Bradley, 2019-10-18, This document specifies a mechanism for advertising and discovering in a private manner. "Benchmarks and Methods for Multihomed EVPN", Alfred Morton, Jim Uttaro, 2019-11-04, Fundamental Benchmarking Methodologies for Network Interconnect Devices of interest to the IETF are defined in RFC 2544. Key benchmarks applicable to restoration and multi-homed sites are in RFC 6894. This memo applies these methods to Multihomed nodes implemented on Ethernet Virtual Private Networks (EVPN). "RPKI Route Origin Validation State Unverified", Oliver Borchert, Doug Montgomery, 2019-08-26, In case operators decide not to evaluate BGP route prefixes according to RPKI route origin validation (ROV), none of the available states as specified in RFC 6811 do properly represent this decision. This document introduces "Unverified" as well-defined validation state which allows to properly identify route prefixes as not evaluated according to RPKI route origin validation. "BGPsec Validation State Unverified", Oliver Borchert, Doug Montgomery, 2019-08-26, In case operators decide to delay BGPsec path validation, none of the available states do properly represent this decision. This document introduces "Unverified" as a well-defined validation state which allows to properly identify a non-evaluated BGPsec routes as not verified. "Remote Attestation Procedures Architecture", Henk Birkholz, Monty Wiseman, Hannes Tschofenig, Ned Smith, Michael Richardson, 2019-11-04, An entity (a relying party) requires a source of truth and evidence about a remote peer to assess the peer's trustworthiness. The evidence is typically a believable set of claims about its host, software or hardware platform. This document describes an architecture for such remote attestation procedures (RATS). "The Standards on a Cloud Service Framework and Protocol for Construction, Migration, Deployment,and Publishing of Internet-Oriented Scalable Web Software Systems in Non-Programming Mode", Can Yang, Shiying Pan, Haibo Sun, Kemin Qu, Guoqiang Han, 2019-10-23, This draft mainly focuses on the scalable architecture and publishing protocol standard of REST-based SAAS cloud model Web software in non- programming mode, stipulates the data structure pattern and data exchange protocol for the construction and release of REST-based scalable Web cloud service software systems. Using the standardized framework and protocol, users can easily and quickly design their own software systems in the cloud, transfer and release data, which may make conventional software development so ease to improve the efficiency of complex database construction and server management. Without having to write codes under the standard framework, users can get consistent style background to create service, rapidly develop web application systems with the function of standard data management and data maintenance, and directly publish the software system to the end users of the Internet for access and use. And provide RESTful APIs to facilitate external access to required service resources. The framework can thus greatly shorten the software development life cycle, and save a great deal of development cost and maintenance overhead. "WebRTC IP Address Handling Extensions for Multicast DNS", Justin Uberti, Jeroen Borst, Qingsi Wang, Youenn Fablet, 2019-07-08, This document extends the previous WebRTC IP Address Handling Requirements with new modes that make use of Multicast DNS ICE candidates, and updates the recommendations accordingly. "Uberlay Interconnection of Multiple LISP overlays", Victor Moreno, Dino Farinacci, Alberto Rodriguez-Natal, Marc Portoles-Comeras, Fabio Maino, Sanjay Hooda, Satish Kondalam, 2019-11-18, This document describes the use of the Locator/ID Separation Protocol (LISP) to interconnect multiple disparate and independent network overlays by using a transit overlay. The transit overlay is referred to as the "uberlay" and provides connectivity and control plane abstraction between different overlays. Each network overlay may use different control and data plane approaches and may be managed by a different organization. Structuring the network into multiple network overlays enables the interworking of different overlay approaches to data and control plane methods. The different network overlays are autonomous from a control and data plane perspective, this in turn enables failure survivability across overlay domains. This document specifies the mechanisms and procedures for the distribution of control plane information across overlay sites and in the uberlay as well as the lookup and forwarding procedures for unicast and multicast traffic within and across overlays. The specification also defines the procedures to support inter-overlay mobility of EIDs and their integration with the intra-overlay EID mobility procedures defined in draft-ietf-lisp-eid-mobility. "Multiple Layer Resource Optimization for Optical as a Service", Hui Yang, Kaixuan Zhan, Ao Yu, Qiuyan Yao, Jie Zhang, 2019-10-28, We have established a neural network model optimized by adaptive artificial fish swarm algorithm. Then we propose a novel multi-path pre-reserved resource allocation strategy to increase resource utilization. The results prove the effectiveness of our method. "Multi-dimensional Resource Aggregation in 5G Optical Fronthaul Networks", Hui Yang, Yiqian Liu, Jie Zhang, Ao Yu, Qiuyan Yao, 2019-10-29, We propose a resource assignment scheme based on multi-dimensional resource aggregation in 5G optical fronthaul networks. This new scheme can suit to the higher demand of flexible resource allocation of the fronthaul in the new 5G scenario. "Chacha derived AEAD algorithms in JSON Object Signing and Encryption (JOSE)", Guillaume Amringer, 2019-07-23, This document defines how to use the AEAD algorithms "AEAD_XCHACHA20_POLY1305" and "AEAD_CHACHA20_POLY1305" from [RFC8439] and [I-D.irtf-cfrg-xchacha] in JSON Object Signing and Encryption (JOSE). "Multiple Loss Ratio Search for Packet Throughput (MLRsearch)", Maciek Konstantynowicz, Vratko Polak, 2019-07-08, This document proposes changes to [RFC2544], specifically to packet throughput search methodology, by defining a new search algorithm referred to as Multiple Loss Ratio search (MLRsearch for short). Instead of relying on binary search with pre-set starting offered load, it proposes a novel approach discovering the starting point in the initial phase, and then searching for packet throughput based on defined packet loss ratio (PLR) input criteria and defined final trial duration time. One of the key design principles behind MLRsearch is minimizing the total test duration and searching for multiple packet throughput rates (each with a corresponding PLR) concurrently, instead of doing it sequentially. The main motivation behind MLRsearch is the new set of challenges and requirements posed by NFV (Network Function Virtualization), specifically software based implementations of NFV data planes. Using [RFC2544] in the experience of the authors yields often not repetitive and not replicable end results due to a large number of factors that are out of scope for this draft. MLRsearch aims to address this challenge and define a common (standard?) way to evaluate NFV packet throughput performance that takes into account varying characteristics of NFV systems under test. "Probabilistic Loss Ratio Search for Packet Throughput (PLRsearch)", Maciek Konstantynowicz, Vratko Polak, 2019-07-08, This document addresses challenges while applying methodologies described in [RFC2544] to benchmarking software based NFV (Network Function Virtualization) data planes over an extended period of time, sometimes referred to as "soak testing". Packet throughput search approach proposed by this document assumes that system under test is probabilistic in nature, and not deterministic. "Security Classes for IoT devices", Pascal Urien, 2019-11-22, This draft attempts to define security classes for constraint IoT devices. A device security is characterized by five Boolean security attributes: one time programmable memory (OTP), firmware loader (FLD), secure firmware loader (FLD-SEC), tamper resistant key (TRT- KEY) and diversified key (DIV-KEY). This leads to the definition of 6 classes of devices, embedding or not OTP resource, whose security increases with the class number (0 to 5). The suffix + indicates OTP availability. "Considerations for Large Authoritative DNS Servers Operators", Giovane Moura, Wes Hardaker, John Heidemann, Marco Davids, 2019-10-01, This document summarizes recent research work exploring Domain Name System (DNS) configurations and offers specific, tangible considerations to operators for configuring authoritative servers. It is possible that the considerations presented in this document could be applicable in a wider context, such as for any stateless/ short-duration, anycasted service. This document is not an IETF consensus document: it is published for informational purposes. "MessageVortex Protocol", Martin Gwerder, 2019-09-10, The MessageVortex (referred to as Vortex) protocol achieves different degrees of anonymity, including sender, receiver, and third-party anonymity, by specifying messages embedded within existing transfer protocols, such as SMTP or XMPP, sent via peer nodes to one or more recipients. The protocol outperforms others by decoupling the transport from the final transmitter and receiver. No trust is placed into any infrastructure except for that of the sending and receiving parties of the message. The creator of the routing block has full control over the message flow. Routing nodes gain no non-obvious knowledge about the messages even when collaborating. While third-party anonymity is always achieved, the protocol also allows for either sender or receiver anonymity. "Retransmit bit for SCTP DATA, I-DATA and SACK", Maksim Proshin, 2019-12-02, This document defines a method which helps an SCTP sender to understand when a received SACK acknowledges the original transmission of a TSN or its retransmission. It is done by specifying a new bit, called Retransmit bit (R-bit), in the header of DATA, I-DATA and SACK chunks. The bit is used when a TSN is retransmitted and returned back in the acknowledgement. This document updates [RFC4960] if approved. "Multicast DF Election for EVPN based on bandwidth or quantity", Yisong Liu, Mike McBride, 2019-11-26, Ethernet Virtual Private Network (EVPN, RFC7432) is becoming prevalent in Data Centers, Data Center Interconnect (DCI) and Service Provider VPN applications. When multi-homing from a CE to multiple PEs, including links in an EVPN instance on a given Ethernet Segment, in an all-active redundancy mode, [RFC7432] describes a basic mechanism to elect a Designated Forwarder (DF), and [RFC8584] improves basic DF election by a HRW algorithm. [I- D.ietf-bess-evpn-per-mcast-flow-df-election] enhances the HRW algorithm for the multicast flows to perform DF election at the granularity of (ESI, VLAN, Mcast flow). This document specifies a new algorithm, based on multicast bandwidth utilization and multicast state quantity, in order for the multicast flows to elect a DF. "Stateful PCE for SR-MPLS Inter-domain", Quan Xiong, Gregory Mirsky, fangwei hu, Weiqiang Cheng, 2019-10-23, This document proposes a solution to perform the Segment Routing with MPLS data plane (SR-MPLS) inter-domain path computation and initiation with stateful PCEs and the use of Path Segments. "Flooding Topology Computation Algorithm", Huaimo Chen, Dean Cheng, Mehmet Toy, Yi Yang, Aijun Wang, Xufeng Liu, Yanhe Fan, Lei Liu, 2019-10-17, This document proposes an algorithm for a node to compute a flooding topology, which is a subgraph of the complete topology per underline physical network. When every node in an area automatically calculates a flooding topology by using a same algorithm and floods the link states using the flooding topology, the amount of flooding traffic in the network is greatly reduced. This would reduce convergence time with a more stable and optimized routing environment. "Stitching LSP Association", Quan Xiong, Gregory Mirsky, fangwei hu, Weiqiang Cheng, 2019-10-23, The Path Computation Element Communication Protocol (PCEP) provides mechanisms for Path Computation Elements (PCEs) to perform path computations in response to Path Computation Clients (PCCs) requests. [I-D.ietf-pce-association-group] proposed an association mechanism for a set of LSPs. This document defines the stitching LSP association type and stitching LSP association TLV for the inter-domain scenairo. "Authenticated Handshake for QUIC", Kazuho Oku, Christian Huitema, 2019-07-05, This document explains a variant of QUIC protocol version 1 that uses the ESNI Keys to authenticate the Initial packets thereby making the entire handshake tamper-proof. "A Light Weight IOAM for SRv6 Network Programming", Cheng Li, Weiqiang Cheng, Mach Chen, Stefano Previdi, Zhenqiang Li, 2019-06-27, In-situ OAM(IOAM) records OAM information within the packet while the packet traverses a particular network domain. A discussion of the motivation and requirements for in-situ OAM can be found in [I-D.brockners-inband-oam-requirements]. This document defines a light weight IOAM method for SRv6 network programming. In this method, IOAM information is carried in the data packet by the SIDs in the SRH. "YANG Packages", Robert Wilton, 2019-10-24, This document defines YANG packages, a versioned organizational structure holding a set of related YANG modules, that collectively define a YANG schema. It describes how YANG instance data documents are used to define YANG packages, and how the YANG library information published by a server can be augmented with packages related information. "The practice of NFV decoupling test", louie long, Yang Song, Zhijun Tang, 2019-06-24, This document mainly introduces the practice of NFV decoupling test. Based on the product development situation of the current vendors, the decoupling test is carried out between NFVI&VIM, VNFM&VNF and NFVO. Through a series of tests to explore some of the problems encountered in the current stage of NFV decoupling testing, provide ideas for the subsequent development of NFV products. "Premium Domain Fee Report", Tobias Sattler, Roger Carney, 2019-09-26, This document describes the content of a Premium Domain Fee Report based on the Report Structure and delivered by the Reporting Repository. "Domain Inventory Report", Tobias Sattler, 2019-10-15, This document describes the content of a Domain Inventory Report based on the Report structure and delivered by the Reporting Repository. "Unavailable Domain Report", Tobias Sattler, Roger Carney, 2019-09-26, This document describes the content of an Unavailable Domain Report based on the Report Structure and delivered by the Reporting Repository. "Cryptographic Hyperlinks", Manu Sporny, 2019-11-18, When using a hyperlink to fetch a resource from the Internet, it is often useful to know if the resource has changed since the data was published. Cryptographic hashes, such as SHA-256, are often used to determine if published data has changed in unexpected ways. Due to the nature of most hyperlinks, the cryptographic hash is often published separately from the link itself. This specification describes a data model and serialization formats for expressing cryptographically protected hyperlinks. The mechanisms described in the document enables a system to publish a hyperlink in a way that empowers a consuming application to determine if the resource associated with the hyperlink has changed in unexpected ways. "Collaborative Automated Course of Action Operations (CACAO) for Cyber Security", Bret Jordan, Allan Thomson, Jyoti Verma, 2019-06-20, This is the charter for the Working Group: Collaborative Automated Course of Action Operations (CACAO) for Cyber Security "Generic Multi-Access (GMA) Convergence Encapsulation Protocols", Jing Zhu, Satish Kanugovi, 2019-09-30, Today, a device can be simultaneously connected to multiple networks, e.g. Wi-Fi, LTE, 5G, and DSL. It is desirable to combine them seamlessly to improve quality of experience. Such optimization requires additional control information, e.g. Sequence Number, in each (IP) data packet. This document presents a new light-weight and flexible encapsulation protocol for this need. The solution has been developed by the authors based on their experiences in multiple standards bodies including the IETF and 3GPP, but is not an Internet Standard and does not represent the consensus opinion of the IETF. This document will enable other developers to build interoperable implementations. "CoRE Resource Directory Extensions", Christian Amsuess, 2019-09-23, [ See Introduction ] "Extended Security Considerations for the Automatic Certificate Management Environment (ESecACME)", Tobias Fiebig, Kevin Borgolte, 2019-09-09, Most Public Key Infrastructure X.509 (PKIX) certificates are issued via the ACME protocol. Recently, several attacks against domain validation (DV) have been published, including IP-use-after-free and (forced) on-path attacks. These attacks can often be mitigated by (selectively) requiring additional challenges, such as DNS validation, proof of ownership of a prior certificate, and by being more diligent in operating a certificate authority. This document provides a list of currently known attacks and describes mitigations and operational procedures to prevent issuing a certificate to an unauthorized party. "EVPN Enhanced Mass Withdraw", Tianpeng Yu, 2019-06-19, This document aims to define an enhanced mass withdraw process in case of failure of multiple ESs or vESs. This document also improves the withdraw efficiency of failure of single-homed ES or vES. "Mathematical Mesh 3.0 Part VI: The Trust Mesh", Phillip Hallam-Baker, 2019-10-23, This paper extends Shannon's concept of a 'work factor' as applied to evaluation of cryptographic algorithms to provide an objective measure of the practical security offered by a protocol or infrastructure design. Considering the hypothetical work factor based on an informed estimate of the probable capabilities of an attacker with unknown resources provides a better indication of the relative strength of protocol designs than the computational work factor of the best-known attack. The social work factor is a measure of the trustworthiness of a credential issued in a PKI based on the cost of having obtained the credential through fraud at a certain point in time. Use of the social work factor allows evaluation of Certificate Authority based trust models and peer to peer (Web of Trust) models to be evaluated in the same framework. The analysis demonstrates that both approaches have limitations and that in certain applications, a blended model is superior to either by itself. The final section of the paper describes a proposal to realize this blended model using the Mathematical Mesh. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-trust.html [1] . "Update to Additional Registered Clauses in SMTP Received Headers", John Levine, 2019-07-30, SMTP servers add Received: trace headers to mail messages to track their progress This document updates the registration criteria for Additional Registered Clauses in those headers to Expert Review, and adds new clauses for Server Name Indication (SNI) and sending port number (PORT). "Reporting Repository", Neal McPherson, Tobias Sattler, 2019-10-15, This document describes a Reporting Repository used to provide standardized Reports. "Report Structure", Neal McPherson, Tobias Sattler, 2019-10-15, This document describes the default Report Structure for Reports which can be provide via the Reporting Repository. "Transaction Report", Neal McPherson, Tobias Sattler, 2019-10-15, This document describes the content of a Transaction Report based on the Report Structure and delivered by the Reporting Repository. "Domain Drop List Report", Tobias Sattler, 2019-09-26, This document describes the content of a Domain Drop List Report based on the Report Structure and delivered by the Reporting Repository. "Contact Inventory Report", Tobias Sattler, 2019-10-15, This document describes the content of a Contact Inventory Report based on the Report Structure and delivered by the Reporting Repository. "Probing IP Interfaces By Vendor Specific Identifiers", Manoj Nayak, Ron Bonica, Rafik Puttur, 2019-08-17, This document enhances the PROBE diagnostic tool so that it can identify the probed interface by Vendor Specific Identifiers. In order to achieve that goal, this document also extends the Interface Identification Object. The Interface Identification Object is an ICMP Extension Object class. "Manufacturer Usuage Description for quarantined access to firmware", Michael Richardson, M. Ranganathan, 2019-07-08, The Manufacturer Usage Description is a tool to describe the limited access that a single function device such as an Internet of Things device might need. "Network Slice Provision Models", Shunsuke Homma, Hidetaka Nishihara, Takuya Miyasaka, A. Galis, Vishnu OV, Diego Lopez, Luis Contreras, Jose Ordonez-Lucena, Pedro Martinez-Julia, Li Qiang, Reza Rokui, Laurent Ciavaglia, Xavier de Foy, 2019-11-04, Network slicing is an approach to provide separate virtual network based on service requirements, and it's a key feature of the 5G. 3GPP has standardized the specifications for network slicing in the 5GS, but there are still some problems for realization of end-to-end network slices. For complementing the lacks or expanding the usability, several organizations are proceeding standardization. However, the definitions and scopes of network slicing vary to some degree from one organization to another. This document provides classification of provisioning models of network slice for clarifying the differences on the definitions and scopes. "Benchmarking Methodology for EVPN Multicasting", sudhin jacob, Vikram Nagarajan, 2019-12-13, This document defines methodologies for benchmarking IGMP proxy performance over EVPN-VXLAN. IGMP proxy over EVPN is defined in draft-ietf-bess-evpn-IGMP-mld-proxy-02, and is being deployed in data center networks. Specifically this document defines the methodologies for benchmarking IGMP proxy convergence, leave latency Scale,Core isolation, high availability and longevity. "Resource Discovery in Constrained RESTful Environments (CoRE) using the Constrained RESTful Application Language (CoRAL)", Klaus Hartke, 2019-11-04, This document explores how the Constrained RESTful Application Language (CoRAL) might be used for two use cases in Constrained RESTful Environments (CoRE): CoRE Resource Discovery, which allows a client to discover the resources of a server given a host name or IP address, and CoRE Resource Directory, which provides a directory of resources on many servers. "Receivers Guidance for Implementing Branded Indicators for Message Identification (BIMI)", Alexander Brotman, Terry Zink, 2019-08-05, This document is meant to assist receivers or other mailbox providers by providing guidance to implementing Brand Indicators for Message Identification (BIMI). This document is a companion to the main BIMI drafts which should first be consulted and reviewed. "Credentials Provisioning and Management via EAP (EAP-CREDS)", Massimiliano Pala, 2019-10-28, With the increase number of devices, protocols, and applications that rely on strong credentials (e.g., digital certificates, keys, or tokens) for network access, the need for a standardized credentials provisioning and management framework is paramount. The 802.1x architecture allows for entities (e.g., devices, applications, etc.) to authenticate to the network by providing a communication channel where different methods can be used to exchange different types of credentials. However, the need for managing these credentials (i.e., provisioning and renewal) is still a hard problem to solve. EAP-CREDS, if implemented in Managed Networks (e.g., Cable Modems), could enable our operators to offer a registration and credentials management service integrated in the home WiFi thus enabling visibility about registered devices. During initialization, EAP- CREDS also allows for MUD files or URLs to be transferred between the EAP Peer and the EAP Server, thus giving detailed visibility about devices when they are provisioned with credentials for accessing the networks. The possibility provided by EAP-CREDS can help to secure home or business networks by leveraging the synergies of the security teams from the network operators thanks to the extended knowledge of what and how is registered/authenticated. This specifications define how to support the provisioning and management of authentication credentials that can be exploited in different environments (e.g., Wired, WiFi, cellular, etc.) to users and/or devices by using EAP together with standard provisioning protocols. "Performance Measurement Using TWAMP Light for Segment Routing Networks", Rakesh Gandhi, Clarence Filsfils, Daniel Voyer, Mach Chen, Bart Janssens, 2019-12-05, Segment Routing (SR) leverages the source routing paradigm. SR is applicable to both Multiprotocol Label Switching (SR-MPLS) and IPv6 (SRv6) data planes. This document specifies procedure for sending and processing probe query and response messages for Performance Measurement (PM) in Segment Routing networks. The procedure uses the mechanisms defined in RFC 5357 (Two-Way Active Measurement Protocol (TWAMP) Light) and Simple Two-Way Active Measurement Protocol (STAMP) for Delay Measurement, and also uses the mechanisms defined in this document for Loss Measurement. The procedure specified is applicable to SR-MPLS and SRv6 data planes and are used for both links and end-to-end SR Policies. "A standard process to quarantine and restore IoT Devices", Michael Richardson, Jacques Latour, 2019-08-19, The Manufacturer Usage Description (MUD) is a tool to describe the limited access that a single function device such as an Internet of Things device might need. The enforcement of the access control lists described protects the device from attacks from the Internet, and protects the Internets from compromised devices. This document details the process which occurs when a device is detected to have violated the stated policy. The goal of these steps is to ensure that the device is correctly removed from operation, fixed, and if possible, restored to safe operation. "Illustrations for SRv6 Network Programming", Clarence Filsfils, Pablo Camarillo, Zhenbin Li, Satoru Matsushima, Bruno Decraene, Dirk Steinberg, David Lebrun, Robert Raszuk, John Leddy, 2019-08-15, This document illustrates how SRv6 Network Programming [I-D.ietf-spring-srv6-network-programming] can be used to create interoperable and protected overlays with underlay optimization and service programming. "Performance Measurement Using UDP Path for Segment Routing Networks", Rakesh Gandhi, Clarence Filsfils, Daniel Voyer, Stefano Salsano, Mach Chen, 2019-11-16, Segment Routing (SR) leverages the source routing paradigm. Segment Routing (SR) is applicable to both Multiprotocol Label Switching (SR-MPLS) and IPv6 (SRv6) data planes. This document specifies procedures for using UDP path for sending and processing probe query and response messages for Performance Measurement (PM). The procedure uses the mechanisms defined in RFC 6374 for Performance Delay and Loss Measurement. The procedure specified is applicable to SR-MPLS and SRv6 data planes for both links and end-to-end measurement for SR Policies. "IKEv2 Optional SA&TS Payloads in Child Exchange", Sandeep Kampati, Meduri Bharath, Wei Pan, 2019-11-04, This document describes a method for reducing the size of the Internet Key Exchange version 2 (IKEv2) exchanges at time of rekeying IKE SAs and Child SAs by removing or making optional of SA & TS payloads. Reducing size of IKEv2 exchanges is desirable for low power consumption battery powered devices. It also helps to avoid IP fragmentation of IKEv2 messages. "Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint.", Phillip Hallam-Baker, 2019-10-18, This document describes the naming and addressing schemes used in the Mathematical Mesh. The means of generating Uniform Data Fingerprint (UDF) values and their presentation as text sequences and as URIs are described. A UDF consists of a binary sequence, the initial eight bits of which specify a type identifier code. Type identifier codes have been selected so as to provide a useful mnemonic indicating their purpose when presented in Base32 encoding. Two categories of UDF are described. Data UDFs provide a compact presentation of a fixed length binary data value in a format that is convenient for data entry. A Data UDF may represent a cryptographic key, a nonce value or a share of a secret. Fingerprint UDFs provide a compact presentation of a Message Digest or Message Authentication Code value. A Strong Internet Name (SIN) consists of a DNS name which contains at least one label that is a UDF fingerprint of a policy document controlling interpretation of the name. SINs allow a direct trust model to be applied to achieve end-to-end security in existing Internet applications without the need for trusted third parties. UDFs may be presented as URIs to form either names or locators for use with the UDF location service. An Encrypted Authenticated Resource Locator (EARL) is a UDF locator URI presenting a service from which an encrypted resource may be obtained and a symmetric key that may be used to decrypt the content. EARLs may be presented on paper correspondence as a QR code to securely provide a machine- readable version of the same content. This may be applied to automate processes such as invoicing or to provide accessibility services for the partially sighted. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html [1] . "Related Domains By DNS", Alexander Brotman, Stephen Farrell, 2019-09-18, This document describes a mechanism by which a DNS domain can publicly document the existence or absence of a relationship with a different domain, called "Related Domains By DNS", or "RDBD." "Mathematical Mesh 3.0 Part III : Data At Rest Encryption (DARE)", Phillip Hallam-Baker, 2019-10-23, This document describes the Data At Rest Encryption (DARE) Envelope and Container syntax. The DARE Envelope syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary content data. The DARE Container syntax describes an append-only sequence of entries, each containing a DARE Envelope. DARE Containers may support cryptographic integrity verification of the entire data container content by means of a Merkle tree. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-dare.html [1] . "Extended Link Relationships", Jose Montoya, 2019-10-19, This document defines XREL, a data format for describing extended hypermedia relationships identified by Uniform Resource Locators. "The Deprecation HTTP Header Field", Sanjay Dalal, Erik Wilde, 2019-06-17, The HTTP Deprecation response header field can be used to signal to consumers of a URI-identified resource that the resource has been deprecated. Additionally, the deprecation link relation can be used to link to a resource that provides additional context for the deprecation, and possibly ways in which clients can find a replacement for the deprecated resource. "The IPv6 Compressed Routing Header (CRH)", Ron Bonica, Yuji Kamite, Tomonobu Niwa, Andrew Alston, Daniam Henriques, Luay Jalil, Ning So, Fengman Xu, Gang Chen, Yongqing Zhu, Yifeng Zhou, 2019-12-14, This document defines two new IPv6 Routing header types. Generically, they are called the Compressed Routing Header (CRH). More specifically, the 16-bit version of the CRH is called the CRH- 16, while the 32-bit version of the CRH is called the CRH-32. SRm6 nodes use the CRH to steer packets from segment to segment along SRm6 paths. "OAM Capabilities for IPv6", Ron Bonica, Yuji Kamite, Ning So, Fengman Xu, Gang Chen, Yongqing Zhu, Guangming Yang, Yifeng Zhou, 2019-09-16, This document defines new IPv6 Operations and Management (OAM) capabilities. In order to support these new capabilities, this document defines an IPv6 OAM Option and an ICMPv6 OAM message. "The Per-Segment Service Instruction (PSSI) Option", Ron Bonica, Joel Halpern, Yuji Kamite, Tomonobu Niwa, Luay Jalil, Ning So, Fengman Xu, Gang Chen, Yongqing Zhu, Yifeng Zhou, 2019-11-20, SRm6 encodes Per-Segment Service Instructions (PSSI) in a new IPv6 option, called the PSSI Option. This document describes the PSSI Option. "Scenarios and Requirements for Layer 2 Autonomic Control Planes", Brian Carpenter, Bing Liu, 2019-10-02, This document discusses scenarios and requirements for Autonomic Control Planes (ACPs) constructed and secured at Layer 2. These would be alternatives to an ACP constructed and secured at the network layer. A secure ACP is required as the substrate for the Generic Autonomic Signaling Protocol (GRASP) used by Autonomic Service Agents. "JSContact: A JSON representation of contact data", Robert Stepanek, Mario Loffredo, 2019-10-29, This specification defines a data model and JSON representation of contact card information that can be used for data storage and exchange in address book or directory applications. It aims to be an alternative to the vCard data format and to be unambiguous, extendable and simple to process. In contrast to the JSON-based jCard format, it is not a direct mapping from the vCard data model and expands semantics where appropriate. "The MASQUE Protocol", David Schinazi, 2019-07-08, This document describes MASQUE (Multiplexed Application Substrate over QUIC Encryption). MASQUE is a mechanism that allows co-locating and obfuscating networking applications behind an HTTPS web server. The currently prevalent use-case is to allow running a proxy or VPN server that is indistinguishable from an HTTPS server to any unauthenticated observer. We do not expect major providers and CDNs to deploy this behind their main TLS certificate, as they are not willing to take the risk of getting blocked, as shown when domain fronting was blocked. An expected use would be for individuals to enable this behind their personal websites via easy to configure open-source software. This document is a straw-man proposal. It does not contain enough details to implement the protocol, and is currently intended to spark discussions on the approach it is taking. Discussion of this work is encouraged to happen on the MASQUE IETF mailing list masque@ietf.org [1] or on the GitHub repository which contains the draft: https://github.com/DavidSchinazi/masque-drafts [2]. "YANG Data Model for FlexE Interface Management", Yuanlong Jiang, Xiang He, Weiqiang Cheng, Junfang Wang, Yalei Han, 2019-11-04, This document defines YANG data models for the configuration of Flex Ethernet (FlexE) interfaces, including a FlexE group and its FlexE clients. The YANG modules in this document conforms to the Network Management Datastore Architecture (NMDA). "A One-Path Congestion Metric for IPPM", Joanna Dang, Jianglong, Shinyoung Lee, Hongbo, 2019-11-04, This memo defines a metric for one path congestion across Internet paths. The traditional mode evaluates network congestion based on the bandwidth utilization of the link. However, there is a lack of E2E path congestion that is truly service oriented. So A Path Congestion Metric is required. "OSPF Strict-Mode for BFD", Ketan Talaulikar, Peter Psenak, Albert Fu, Rejesh Shetty, 2019-11-01, This document specifies the extensions to OSPF that enables a router and its neighbor to signal their intention to use Bidirectional Forwarding Detection (BFD) for their adjacency using link-local advertisement between them. The signaling of this BFD enablement, allows the router to block and not allow the establishment of adjacency with its neighbor router until a BFD session is successfully established between them. The document describes this OSPF "strict-mode" of BFD establishment as a prerequisite to adjacency formation. "SDWAN WAN Ports Property Advertisement in BGP UPDATE", Linda Dunbar, Susan Hares, 2019-11-21, The document describes how the SDWAN SAFI, which is assigned by IANA in the First Come First Server range, is used for SDWAN edge nodes to propagate its WAN port properties to its controller. In the context of this document, BGP Route Reflectors (RR) is the component of the SDWAN Controller that receives the BGP UPDATE from SDWAN edges and in turns propagate the information to a group of authorized SDWAN edges reachable via overlay networks. "A YANG Data Model for a Transport Services API at Endpoints", Jake Holland, 2019-07-07, This document defines a YANG data model that provides a data structure that can be used to configure an implementation of the Transport Services Interface to establish connections suitable for sending and receiving data over the internet or local networks. This document is intended to supplement or merge with draft-ietf-taps- interface. "Multi-Path Concurrent Measurement for IPPM", Joanna Dang, Jianglong, Shinyoung Lee, 2019-11-04, This test method can test multi-paths concurrently from one edge node to another edge node. This document details Multi-Path Concurrent Measurement (MPCM). "A Bootstrapping Procedure to Discover and Authenticate DNS-over-(D)TLS and DNS-over-HTTPS Servers", Tirumaleswar Reddy.K, Dan Wing, Michael Richardson, Mohamed Boucadair, 2019-10-03, This document specifies mechanisms to automatically bootstrap endpoints (e.g., hosts, Customer Equipment) to discover and authenticate DNS-over-(D)TLS and DNS-over-HTTPS servers provided by a local network. "Transport parameters for 0-RTT connections", Nicolas Kuhn, Stephan Emile, Gorry Fairhurst, 2019-11-04, The time-to-service duration depends on both peers exchange optimization. The peer initiating the connection may not be the one which send data first. Moreover, clients may be resource-limited, behind a low bandwidth or connected to a long-RTT network and may need to adapt dynamically to improve data reception. Currently, each side has its proprietary solution to measure and to store path characteristics. Having a standard way to share these parameters should improve the adaptation to a non standard path characteristics. QUIC v1 specification already reflects this approach. Having a symmetrical control of the optimization should reduce protocol ossification. This memo proposes the sharing of the characteristics of the path amongst the peer to reduce HTTP3 time-to-service for non default transport situation. "Bidirectional Forwarding Detection (BFD) for EVPN Ethernet Segment Failover Use Case", Zheng Zhang, Yubao Wang, Gregory Mirsky, 2019-10-24, This document introduces a method for fast switchover of Designated Forwarder for Ethernet Segment failover by using Bidirectional Forwarding Detection protocol. "SRv6 Path Egress Protection", Zhibo Hu, Huaimo Chen, China Telecom, Peng Wu, 2019-10-29, This document describes protocol extensions for protecting the egress node of a Segment Routing for IPv6 (SRv6) path or tunnel. "BGP Provisioned IPsec Tunnel Configuration", Jun Hu, 2019-09-04, This document defines a method of using BGP to provide IPsec tunnel configuration along with NLRI, it uses and extends tunnel encapsulation attribute as specified in [I-D.ietf-idr-tunnel-encaps] for IPsec tunnel. "Extended Bidirectional Forwarding Detection", Gregory Mirsky, Min Xiao, 2019-10-10, This document describes a mechanism to extend the capabilities of Bidirectional Forwarding Detection (BFD). These extensions enable BFD to measure performance metrics like packet loss and packet delay. Also, a method to perform lightweight on-demand authentication is defined in this specification. "PIM Assert Message Packing", Yisong Liu, Mike McBride, Toerless Eckert, 2019-06-19, In PIM-SM shared LAN networks, there is typically more than one upstream router. When duplicate data packets appear on the LAN from different routers, assert packets are sent from these routers to elect a single forwarder. The PIM assert packets are sent periodically to keep the assert state. The PIM assert packet carries information about a single multicast source and group, along with the metric-preference and metric of the route towards the source or RP. This document defines a standard to send and receive multiple multicast source and group information in a single PIM assert packet in a shared network. This can be particularly helpful when there is traffic for a large number of multicast groups. "LOOPS (Localized Optimizations on Path Segments) Problem Statement and Opportunities for Network-Assisted Performance Enhancement", Li Yizhou, Xingwang Zhou, Mohamed Boucadair, Jianglong Wang, 2019-07-07, In various network deployments, end to end forwarding paths are partitioned into multiple segments. For example, in some cloud-based WAN communications, stitching multiple overlay tunnels are used for traffic policy enforcement matters such as to optimize traffic distribution or to select paths exposing a lower latency. Likewise, in satellite communications, the communication path is decomposed into two terrestrial segments and a satellite segment. Such long- haul paths are naturally composed of multiple network segments with various encapsulation schemes. Packet loss may show different characteristics on different segments. Traditional transport protocols (e.g., TCP) respond to packet loss slowly especially in long-haul networks: they either wait for some signal from the receiver to indicate a loss and then retransmit from the sender or rely on sender's timeout which is often quite long. Non-congestive loss may make the TCP sender over-reduce the sending rate unnecessarily. With the increase of end-to-end transport encryption (e.g., QUIC), traditional PEP (performance enhancing proxy) techniques such as TCP splitting are no longer applicable. LOOPS (Local Optimizations on Path Segments) is a network-assisted performance enhancement over path segment and it aims to provide local in-network recovery to achieve better data delivery by making packet loss recovery faster and by avoiding the senders over-reducing their sending rate. In an overlay network scenario, LOOPS can be performed over a variety of the existing, or purposely created, tunnel-based path segments. "464XLAT Optimization", Jordi Palet, Alejandro D'Egidio, 2019-11-04, This document proposes possible solutions to avoid certain drawbacks of IP/ICMP Translation Algorithm (SIIT) when the destinations are available with IPv6. When SIIT is used as a NAT46 and IPv4-only devices or applications initiate traffic flows to dual-stack CDNs (Content Delivery Networks), Caches or other network resources (in the operator network or Internet), those flows will be translated back to IPv4 by a NAT64. This is the case for 464XLAT and MAP-T. "Using Commercial National Security Algorithm Suite Algorithms in Secure/Multipurpose Internet Mail Extensions", Michael Jenkins, 2019-11-26, The United States Government has published the NSA Commercial National Security Algorithm (CNSA) Suite, which defines cryptographic algorithm policy for national security applications. This document specifies the conventions for using the United States National Security Agency's CNSA Suite algorithms in Secure/Multipurpose Internet Mail Extensions (S/MIME) as specified in RFC 8551. It applies to the capabilities, configuration, and operation of all components of US National Security Systems that employ S/MIME messaging. US National Security Systems are described in NIST Special Publication 800-59. It is also appropriate for all other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments. "Considerations for Benchmarking Network Performance in Containerized Infrastructures", Sun Kj, Hyunsik Yang, ykpark@dcn.ssu.ac.kr, Young-Han Kim, Wangbong Lee, 2019-11-04, This draft describes considerations for benchmarking network performance in containerized infrastructures. In the containerized infrastructure, Virtualized Network Functions(VNFs) are deployed on operating-system-level virtualization platform by abstracting the user namespace as opposed to virtualization using a hypervisor. Leveraging this, the system configurations and networking scenarios for benchmarking will be partially changed by the way in which the resource allocation and network technologies specified for containerized VNFs. In this draft, we compare the state of the art in a container networking architecture with networking on VM-based virtualized systems, and provide several test scenarios for benchmarking network performance in containerized infrastructures. "Encapsulation for BIER in Non-MPLS IPv6 Networks", Jingrong Xie, Liang Geng, Mike McBride, Rajiv Asati, Senthil Dhanaraj, 2019-12-11, This document proposes a BIER IPv6 (BIERv6) encapsulation for Non- MPLS IPv6 Networks using the IPv6 Destination Option extension header. "Composite Keys and Signatures For Use In Internet PKI", Mike Ounsworth, Massimiliano Pala, 2019-07-04, With the widespread adoption of post-quantum cryptography will come the need for an entity to possess multiple public keys on different cryptographic algorithms. Since the trustworthiness of individual post-quantum algorithms is at question, a multi-key cryptographic operation will need to be performed in such a way that breaking it requires breaking each of the component algorithms individually. This requires defining new structures for holding composite public keys and composite signature data. This document defines the structures CompositePublicKey, CompositeSignatureValue, and CompositeParams, which are sequences of the respective structure for each component algorithm. This document also defines algorithms for generating and verifying composite signatures. This document makes no assumptions about what the component algorithms are, provided that their algorithm identifiers and signature generation and verification algorithms are defined. "BGP Extensions for SRv6 SIDs Allocation", Huaimo Chen, Zhenbin Li, Shunwan Zhuang, 2019-07-07, This document describes extensions to the BGP for IDs allocation. The IDs are SIDs for segment routing (SR), including SR for IPv6 (SRv6). They are distributed to their domains if needed. "pretty Easy privacy (pEp): Progressive Header Disclosure", Claudio Luck, 2019-07-05, Issues with email header protection in S/MIME have been recently raised in the IETF LAMPS Working Group. The need for amendments to the existing specification regarding header protection was expressed. The pretty Easy privacy (pEp) implementations currently use a mechanism quite similar to the currently standardized message wrapping for S/MIME. The main difference is that pEp is using PGP/ MIME instead, and adds space for carrying public keys next to the protected message. In LAMPS, it has been expressed that whatever mechanism will be chosen, it should not be limited to S/MIME, but also applicable to PGP/MIME. This document aims to contribute to this discussion and share the pEp implementation experience with email header protection. "Centralized DNS over HTTPS (DoH) Implementation Issues and Risks", Jason Livingood, Manos Antonakakis, Bob Sleigh, Alister Winfield, 2019-09-16, The DNS over HTTPS (DoH) protocol is specified in RFC8484. This document considers Centralized DoH deployment, which seems one likely way that DoH may be implemented, based on recent industry discussions and testing. This describes that implementation model, as well the potential associated risks and issues. The document also makes recommendations pertaining to the implementation of DoH, as well as recommendations for further study prior to widespread adoption. "In-Network Computing for Managed Networks: Use Cases and Research Challenges", Jianfei(Jeffrey) He, Aini Li, Marie-Jose Montpetit, 2019-07-02, This draft wants to review the existing research and the open issues that relate to the addition of data plane programmability in managed networks. While some of the research hypotheses that are at the center of in-network-computing have been investigated since the time of active networking, recent developments in software defined networking, virtualization programmable switches and new network programming languages like P4 have generated a new enthusiasm in the research community and a flourish of new projects in systems and applications alike. This is what this draft is addressing. "A YANG Data Model for Network Interconnect Tester Management", Vladimir Vassilev, 2019-10-08, This document introduces new YANG model for use in network interconnect testing containing modules for traffic generator and traffic analyzer. "Recommendations for DNS Privacy Client Applications", Vittorio Bertola, 2019-09-10, This document presents operational, policy and security considerations for the authors and publishers of client applications that choose to implement DNS resolution through any of the protocols that provide private, encrypted connections between the application itself and the DNS resolver. As these protocols, depending on implementation choices and deployment models, may impact the Internet significantly at the architectural, legal and policy levels, the document records the current consensus on how these protocols should be used by applications, especially user-facing applications meant for mass usage by non-technical consumers. "Group Communication for the Constrained Application Protocol (CoAP)", Esko Dijk, Chonggang Wang, Marco Tiloca, 2019-11-04, This document specifies the use of the Constrained Application Protocol (CoAP) for group communication, using UDP/IP multicast as the underlying data transport. Both unsecured and secured CoAP group communication are specified. Security is achieved by use of the Group Object Security for Constrained RESTful Environments (Group OSCORE) protocol. The target application area of this specification is any group communication use cases that involve resource- constrained network nodes. The most common of such use cases are listed in this document. "Considerations for ID/Location Separation Protocols in IP-based Vehicular Networks", Sun Kj, Young-Han Kim, 2019-07-01, ID/Location separation protocols are proposed for scalable routing, enhancing mobility and privacy in IP based internet infrastructure. When we consider IP based vehicular networks, ID/Location separation architecture is expected to offer benefits. In this draft, we analyze whether ID/Location separation protocols can adjust into IP based vehicular networks and solve requirements. "Encapsulation For MPLS Performance Measurement with Alternate Marking Method", Weiqiang Cheng, Min Xiao, Tianran Zhou, Ximing Dong, Yoav Peleg, 2019-11-04, This document defines the encapsulation for MPLS performance measurement with alternate marking method, which performs flow-based packet loss, delay, and jitter measurements on live traffic. "SRv6 Proxy Forwarding", Huaimo Chen, Zhibo Hu, China Telecom, 2019-09-13, The endpoints of a SRv6 path are given by a SRv6 Policy. When an endpoint node fails, we need bypass this failed endpoint node and forward the packets to the failed node's next endpoint node. "DetNet SRv6 Data Plane Encapsulation", Xuesong Geng, Mach Chen, Yongqing Zhu, 2019-07-03, This document specifies Deterministic Networking data plane operation for SRv6 encapsulated user data. "Requirements and Challenges for User-level Service Managements of IoT Network by utilizing Artificial Intelligence", Junkyun Choi, Jaeseob Han, Gyeong Lee, Na Kim, 2019-11-17, This document describes the requirements and challenges to employ artificial intelligence (AI) into the constraint Internet of Things (IoT) service environment for embedding intelligence and increasing efficiency. The IoT service environment includes heterogeneous and multiple IoT devices and systems that work together in a cooperative and intelligent way to manage homes, buildings, and complex autonomous systems. Therefore, it is becoming very essential to integrate IoT and AI technologies to increase the synergy between them. However, there are several limitations to achieve AI enabled IoT as the availability of IoT devices is not always high, and IoT networks cannot guarantee a certain level of performance in real-time applications due to resource constraints. This document intends to present a right direction to empower AI in IoT for learning and analyzing the usage behaviors of IoT devices/systems and human behaviors based on previous records and experiences. With AI enabled IoT, the IoT service environment can be intelligently managed in order to compensate for the unexpected performance degradation often caused by abnormal situations. This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 19, 2020 "Use of BIER IPv6 Encapsulation (BIERv6) for Multicast VPN in IPv6 networks", Jingrong Xie, Mike McBride, Senthil Dhanaraj, Liang Geng, 2019-07-01, This draft defines the procedures and messages for using Bit Index Explicit Replication (BIER) for Multicast VPN Services in IPv6 networks using the BIER IPv6 encapsulation. It provides a migration path for Multicast VPN service using BIER MPLS encapsulation in MPLS networks to multicast VPN service using BIER IPv6 encapsulation (BIERv6) in IPv6 networks. "Support of asynchronous Enrollment in BRSKI", Steffen Fries, Hendrik Brockhaus, Eliot Lear, 2019-11-04, This document discusses an enhancement of automated bootstrapping of a remote secure key infrastructure (BRSKI) to operate in domains featuring no or only timely limited connectivity to backend services offering enrollment functionality, specifically a Public Key Infrastructure (PKI). In the context of deploying new devices the design of BRSKI allows for online (synchronous object exchange) and offline interactions (asynchronous object exchange) with a manufacturer's authorization service. For this it utilizes a self- contained voucher to transport the domain credentials as a signed object to establish an initial trust between a pledge and the target deployment domain. The currently supported enrollment protocol for request and distribution of deployment domain specific device certificates provides only limited support for asynchronous PKI interactions. This memo motivates the enhancement of supporting self-contained objects for certificate management by using an abstract notation. This allows off-site operation of PKI services outside the deployment domain of the pledge. This addresses specifically scenarios, in which the final authorization of certification request of a pledge cannot be made in the deployment domain and is therefore delegated to a operator backend. The goal is to enable the usage of existing and potentially new PKI protocols supporting self-containment for certificate management. "Deployment Considerations for In-situ OAM with IPv6 Options", Shwetha Bhandari, Frank Brockners, Tal Mizrahi, Aviv Kfir, Barak Gafni, Mickey Spiegel, Suresh Krishnan, Mark Smith, 2019-09-26, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the packet while the packet traverses a path between two points in the network. This document outlines how IOAM can be enabled in an IPv6 network. "BGP Route Policy and Attribute Trace Using BMP", Feng Xu, Thomas Graf, Yunan Gu, Shunwan Zhuang, Zhenbin Li, 2019-11-03, The generation of BGP adj-rib-in, local-rib or adj-rib-out comes from BGP route exchange and route policy processing. BGP Monitoring Protocol (BMP) provides the monitoring of BGP adj-rib-in [RFC7854], BGP local-rib [I-D.ietf-grow-bmp-local-rib] and BGP adj-rib-out [I-D.ietf-grow-bmp-adj-rib-out]. By monitoring these BGP RIB's the full state of the network is visible, but how route-policies affect the route propagation or changes BGP attributes is still not. This document describes a method of using BMP to record the trace data on how BGP routes are (not) changed under the process of route policies. "A YANG Data Model for Flex Ethernet(FlexE)", Xiaobing NIU, Qilei Wang, Yunbin Xu, Sivakumar Munagapati, 2019-11-04, Flex Ethernet(FlexE) implementation agreement have been published by OIF. FlexE provides a generic mechanism for supporting a variety of Ethernet MAC rates that may or may not correspond to any existing Ethernet PHY rate. This document describes a YANG data model for FlexE. It can be used to manage and control devices supporting FlexE functions. "Dynamic Latency Guarantee", Peng Liu, Liang Geng, 2019-07-08, Aiming at the deterministic demand for network latency in future vertical industry applications, this document analyzes the existing latency control methods for data transmission, points out the possible shortcomings, and proposes some directions for optimizing the latency control method. . "BGP Flow Specification for SRv6", Zhenbin Li, Lei Li, Huaimo Chen, Christoph Loibl, Yanhe Fan, Yongqing Zhu, Lei Liu, Xufeng Liu, 2019-12-13, This document proposes extensions to BGP Flow Specification for SRv6 for filtering SRv6 packets that match a sequence of conditions. "Multipath Use Case and Requirement for Security", Stafan Rass, Yingzhen Qu, Lin Han, 2019-09-10, This document describes a use case of multipath to achieve full CIA+ by using symmetric cryptography and point-to-point shared secrets. "YANG Data Model for SD-WAN OSE service delivery", Steve Wood, Wu Bo, Qin WU, Conrad Menezes, 2019-06-29, This document defines two SD-WAN OSE Open SD-WAN Exchange(OSE) service YANG modules to enable the orchestrator in the enterprise network to implement SD-WAN inter-domain reachability and connectivity services and application aware traffic steering services. "Analysis for FlexE control", Qilei Wang, Xiaobing NIU, Yunbin Xu, 2019-11-04, This document gives some analysis about the control of FlexE. "YANG Data Models for Multiprotocol Label Switching - Transport Profile", Italo Busi, Haomian Zheng, 2019-10-11, Multi-protocol Label Switching - Transport Profile (MPLS-TP) is a profile of the MPLS protocol that is used in packet switched transport networks and operated in a similar manner to other existing transport technologies (e.g., OTN), as described in RFC5921. This document specifies YANG models for MPLS-TP, which have not been covered by existing models so far. The gap analysis with current relevant traffic-engineering (TE) and MPLS models is also included. "Signed HTTP Requests (SHREQ)", Anders Rundgren, 2019-09-09, The SHREQ specification describes how the JSON Web Signature (JWS) specification combined with the JSON Canonicalization Scheme (JCS), can be utilized to support HTTP based applications needing digitally signed requests. SHREQ is specifically tailored for Web applications using JSON as data interchange format. There is also a SHREQ scheme for HTTP requests that do not have a body ("payload") like GET. SHREQ was designed to be agnostic with respect to REST concepts versus traditional GET/POST schemes. "Using CBOR Web Tokens (CWTs) in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", Hannes Tschofenig, Mathias Brossard, 2019-11-04, The TLS protocol supports different credentials, including pre-shared keys, raw public keys, and X.509 certificates. For use with public key cryptography developers have to decide between raw public keys, which require out-of-band agreement and full-fletched X.509 certificates. For devices where the reduction of code size is important it is desirable to minimize the use of X.509-related libraries. With the CBOR Web Token (CWT) a structure has been defined that allows CBOR-encoded claims to be protected with CBOR Object Signing and Encryption (COSE). This document registers a new value to the "TLS Certificate Types" sub-registry to allow TLS and DTLS to use CWTs. Conceptually, CWTs can be seen as a certificate format (when with public key cryptography) or a Kerberos ticket (when used with symmetric key cryptography). "Arm's Platform Security Architecture (PSA) Attestation Token", Hannes Tschofenig, Simon Frost, Mathias Brossard, Adrian Shaw, Thomas Fossati, 2019-11-20, The insecurity of IoT systems is a widely known and discussed problem. The Arm Platform Security Architecture (PSA) is being developed to address this challenge by making it easier to build secure IoT systems. This document specifies token format and claims used in the attestation API of the Arm Platform Security Architecture (PSA). At its core, the CWT (COSE Web Token) format is used and populated with a set of claims, in a way similar to EAT (Entity Attestation Token). This specification describes what claims are used by PSA compliant systems and what has been implemented within Arm Trusted Firmware-M. "Connection Setup in a Quantum Network", Rodney Van Meter, Takaaki Matsuo, 2019-09-11, Near-term quantum networks will grow to form a Noisy, Intermediate- Scale Quantum Internet (NISQI). Connection setup will require adapting behavior along the path to the noise levels of individual elements. In this proposal, path creation is triggered by an application at the Initiator, information is accumulated node-by-node on an outbound pass in a series of QCap (quantum capability) blocks, then the RuleSets are created at the Responder. RuleSets are installed at the individual nodes on the return pass. This document describes the architecture of connection setup in a network. Details of the RuleSets and QCaps, addressing architecture, link protocols, routing, resource allocation (multiplexing), extension of this setup procedure to an internetwork, and extension to multiparty communications are beyond the scope of this document. "IPv6 Encapsulation for SFC and IFIT", Zhenbin Li, Shuping Peng, Kihoon LEE, 2019-09-09, Service Function Chaining (SFC) and In-situ Flow Information Telemetry (IFIT) are important path services along with the packets. In order to support these services, several encapsulations have been defined. The document analyzes the problems of these encapsulations in the IPv6 scenario and proposes the possible optimized encapsulation for IPv6. "Weighted HRW and its applications", satyamoh@cisco.com, mankamana mishra, Acee Lindem, Ali Sajassi, John Drake, 2019-09-11, Rendezvous Hashing also known as Highest Random Weight (HRW) has been used in many load balancing applications where the central problem is how to map an object to as server such that the mapping is uniform and also minimally affected by the change in the server set. Recently, it has found use in DF election algorithms in the EVPN context and load balancing using DMZ. This draft deals with the problem of achieving load balancing with minimal disruption when the servers have different weights. It provides an algorithm to do so and also describes a few use-case scenarios where this algorithmic technique can apply. "YANG Semantic Versioning", Benoit Claise, Joe Clarke, Reshad Rahman, Robert Wilton, Balazs Lengyel, Jason Sterne, Kevin D'Souza, 2019-10-11, This document specifies a scheme for applying a modified set of semantic versioning rules to revisions of YANG modules. Additionally, this document defines a revision label for this modified semver scheme based on the specification in draft-verdt- netmod-yang-module-versioning. "BGP-LS Extensions for Inter-AS TE using EPE based mechanisms", Shraddha Hegde, Srihari Ramachandra, Mukul Srivastava, Xiaohu Xu, 2019-11-02, In certain network deployments, a single operator has multiple Autonomous Systems(AS) to facilitate ease of management. A multiple AS network design could also be a result of network mergers and acquisitions. In such scenarios, a centralized Inter-domain TE approach could provide most optimal allocation of resources and the most controlled path placement. BGP-LS-EPE [I-D.ietf-idr-bgpls-segment-routing-epe] describes an extension to BGP Link State (BGP-LS) for the advertisement of BGP Peering Segments along with their BGP peering node and inter-AS link information, so that efficient BGP Egress Peer Engineering (EPE) policies and strategies can be computed based on Segment Routing. This document describes extensions to the BGP-LS EPE to enable it to be used for inter-AS Traffic-Engineering (TE) purposes. "A Connectivity Monitoring Metric for IPPM", Ruediger Geib, 2019-07-04, Segment Routed measurement packets can be sent along pre-determined paths. This allows new kinds of measurements. Connectivity monitoring allows to supervise the state of a connection or a (sub)path from one or a few central monitoring systems. This document specifies a suitable type-P connectivity monitoring metric. "On Media-Types, Content-Types, and related terminology", Carsten Bormann, 2019-07-08, There is a lot of confusion about media-types, content-types, and related terminology. This memo is an attempt at clearing it up. "BRSKI enrollment of with disconnected Registrars -- smarkaklink", Michael Richardson, Jacques Latour, Audric Schiltknecht, 2019-07-08, This document details the mechanism used for initial enrollment using a smartphone of a BRSKI Registrar system. There are two key differences in assumption from [I-D.ietf-anima-bootstrapping-keyinfra]: that the intended registrar has Internet, and that the Pledge has no user-interface. This variation on BRSKI is intended to be used in the situation where the registrar device is new out of the box and is the intended gateway to the Internet (such as a home gateway), but has not yet been configured. This work is also intended as a transition to the Wi-Fi Alliance work on the Device Provisioning Protocol (DPP). "Nested JSON Web Token (JWT)", Rifaat Shekh-Yusef, 2019-09-10, This specification extends the scope of the Nested JSON Web Token (JWT) to allow the enclosing JWT to contain its own Claims Set in addition to the enclosed JWT. "Multicast VPN with Segment Routing Point-to-Multipoint Trees", Rishabh Parekh, Clarence Filsfils, Arvind Venkateswaran, Hooman Bidgoli, Daniel Voyer, Zhaohui Zhang, 2019-10-29, A Point-to-Multipoint (P2MP) Tree in a Segment Routing domain efficiently carries traffic from a Root to a set of Leaves. This document describes extensions to BGP encodings and procedures for P2MP trees used in BGP/MPLS IP VPNs. "Compatible Version Negotiation for QUIC", David Schinazi, Eric Rescorla, 2019-11-04, QUIC does not provide a complete version negotiation mechanism but instead only provides a way for the server to indicate that the version the client offered is unacceptable. This document describes a version negotiation mechanism that allows a client and server to select a mutually supported version. Optionally, if the original and negotiated version share a compatible Initial format, the negotiation can take place without incurring an extra round trip. Discussion of this work is encouraged to happen on the QUIC IETF mailing list quic@ietf.org [1] or on the GitHub repository which contains the draft: http://github.com/ekr/draft-schinazi-quic- version-negotiation [2]. "Deprecation of IKEv1 and obsoleted algorithms", Paul Wouters, 2019-11-20, This document deprecates Internet Key Exchange version 1 (IKEv1) and additionally deprecates a number of algorithms that are obsolete. "A multipath framework for UDP traffic over heterogeneous access networks", Markus Amend, Eckard Bogenfeld, Anna Brunstrom, Andreas Kassler, Veselin Rakocevic, 2019-07-08, More and more of today's devices are multi-homing capable, in particular 3GPP user equipment like smartphones. In the current standardization of the next upcoming mobile network generation 5G Rel.16, this is especially targeted in the study group Access Traffic Steering Switching Splitting [TR23.793]. ATSSS describes the flexible selection or combination of 3GPP untrusted access like Wi-Fi and cellular access, overcoming the single-access limitation of today's devices and services. Another multi-connectivity scenario is the Hybrid Access [I-D.lhwxz-hybrid-access-network-architecture][I-D. muley-network-based-bonding-hybrid-access], providing multiple access for CPEs, which extends the traditional way of single access connectivity at home to dual-connectivity over 3GPP and fixed access. A missing piece in the ATSSS and Hybrid Access is the access and path measurement, which is required for efficient and beneficial traffic steering decisions. This becomes particularly important in heterogeneous access networks with a multitude of volatile access paths. While MP-TCP has been proposed to be used within ATSSS, there are drawbacks when being used to encapsulate unreliable traffic as it blindly retransmits each lost frame leading to excessive delay and potential head-of-line blocking. A decision for MP-TCP though leaves the increasing share of UDP in today's traffic mix () unconsidered. In this document, a multi-access framework is proposed leveraging the MP-DCCP network protocol, which enables flexible traffic steering, switching and splitting also for unreliable traffic. A benefit is the support for pluggable congestion control which enables our framework to be used either independent or complementary to MP-TCP. "Use cases for Remote Attestation common encodings", Michael Richardson, Carl Wallace, Wei Pan, 2019-11-04, This document details mechanisms created for performing Remote Attestation that have been used in a number of industries. The document initially focuses on existing industry verticals, mapping terminology used in those specifications to the more abstract terminology used by the IETF RATS Working Group. The document aspires to describe possible future use cases that would be enabled by common formats. "Autonomic setup of fog monitoring agents", Carlos Bernardos, Alain Mourad, 2019-11-19, The concept of fog computing has emerged driven by the Internet of Things (IoT) due to the need of handling the data generated from the end-user devices. The term fog is referred to any networked computational resource in the continuum between things and cloud. In fog computing, functions can be stiched together composing a service function chain. These functions might be hosted on resources that are inherently heterogeneous, volatile and mobile. This means that resources might appear and disappear, and the connectivity characteristics between these resources may also change dynamically. This calls for new orchestration solutions able to cope with dynamic changes to the resources in runtime or ahead of time (in anticipation through prediction) as opposed to today's solutions which are inherently reactive and static or semi-static. A fog monitoring solution can be used to help predicting events so an action can be taken before an event actually takes place. This solution is composed of agents running on the fog nodes plus a controller hosted at another device (running in the infrastructure or in another fog node). Since fog environments are inherently volatile and extremely dynamic, it is convenient to enable the use of autonomic technologies to autonomously set-up the fog monitoring platform. This document aims at presenting this use case as well as specifying how to use GRASP as needed in this scenario. "Multi-domain Network Virtualization", Carlos Bernardos, Luis Contreras, Ishan Vaishnavi, Robert Szabo, Xi Li, Francesco Paolucci, Andrea Sgambelluri, Barbara Martini, Luca Valcarenghi, Giada Landi, Dmitriy Andrushko, Alain Mourad, 2019-09-12, This document analyzes the problem of multi-provider multi-domain orchestration, by first scoping the problem, then looking into potential architectural approaches, and finally describing the solutions being developed by the European 5GEx and 5G-TRANSFORMER projects. "QoS Treatments in ICN using Disaggregated Name Components", Anil Jangam, Prakash suthar, Milan Stolic, 2019-09-11, Mechanisms for specifying and implementing end-to-end Quality of service (QoS) treatments in Information-Centric Networks (ICN) has not been explored so far. There has been some work towards implementing QoS in ICN; however, the discussions are mainly centered around strategies used in efficient forwarding of Interest packets. Moreover, as ICN has been tested mainly as an IP overlay, it's QoS is still governed by the IP QoS framework and there is a need for implementing QoS in ICN natively. This document describes mechanisms to classify and provide associated "name-based" extensions to identify QoS within the framework of ICN's core design principles. The name-based design provides a mechanism to carry QoS information and implement the treatments as ICN packets travel across different routers in the ICN network. Detailed discussion is provided for QoS specific procedures in each of the ICN network elements i.e. consumer, producer and forwarder. "Best practices for TLS Downgrade", Brian Sniffen, Mike Bishop, Erik Nygren, Rich Salz, 2019-09-19, Content providers delivering content via CDNs will sometimes deliver content over HTTPS (or both HTTPS and HTTP) but configure the CDN to pull from the origin over cleartext and unauthenticated HTTP. From the perspective of a client, it appears that their requests and associated responses are delivered over HTTPS, while in reality their requests are being sent across the network in-the-clear and responses are delivered unauthenticated. This exposes user request data to pervasive monitoring [RFC7258]; it also means response data may be tampered with by active adversaries. Terminating TLS connections on a load balancer and contacting a backend over cleartext has long been common within data centers, but doing this TLS termination and downgrade to HTTP at a CDN introduces additional risk when the unprotected traffic is sent over the general Internet, sometimes across national boundaries. While it would be nice to say "never do this," customer demand, content provider use-cases, and market forces today make it impossible for CDNs to not support downgrade. However, following a set of best practices can provide visibility into when this is happening and can reduce some of the risks. "EVPN Multi-Homing Extensions for Split Horizon Filtering", Jorge Rabadan, Kiran Nagaraj, Wen Lin, Ali Sajassi, 2019-11-01, Ethernet Virtual Private Network (EVPN) is commonly used along with Network Virtualization Overlay (NVO) tunnels. The EVPN multi-homing procedures may be different depending on the NVO tunnel type used in the EVPN Broadcast Domain. In particular, there are two multi-homing Split Horizon procedures to avoid looped frames on the multi-homed CE: ESI Label based and Local Bias. ESI Label based Split Horizon is used for MPLSoX tunnels, E.g., MPLSoUDP, whereas Local Bias is used for others, E.g., VXLAN tunnels. The current specifications do not allow the operator to decide which Split Horizon procedure to use for tunnel encapsulations that could support both. Examples of tunnels that may support both procedures are MPLSoGRE, MPLSoUDP, GENEVE or SRv6.sThis document extends the EVPN Multi-Homing procedures so that an operator can decide the Split Horizon procedure for a given NVO tunnel depending on their own requirements. "NFV Service Density Benchmarking", Maciek Konstantynowicz, Peter Mikus, 2019-07-08, Network Function Virtualization (NFV) system designers and operators continuously grapple with the problem of qualifying performance of network services realised with software Network Functions (NF) running on Commercial-Off-The-Shelf (COTS) servers. One of the main challenges is getting repeatable and portable benchmarking results and using them to derive deterministic operating range that is production deployment worthy. This document specifies benchmarking methodology for NFV services that aims to address this problem space. It defines a way for measuring performance of multiple NFV service instances, each composed of multiple software NFs, and running them at a varied service "packing" density on a single server. The aim is to discover deterministic usage range of NFV system. In addition specified methodology can be used to compare and contrast different NFV virtualization technologies. "MVPN/EVPN Composite Tunnel", Zhaohui Zhang, Jorge Rabadan, Ali Sajassi, 2019-10-29, EVPN E-Tree defines a composite tunnel to be used for a Root PE to simultaneously indicate a non-Ingress-Replication tunnel (e.g., P2MP tunnel) in the transmit direction and an Ingress Replication tunnel in the receive direction for BUM traffic. This document extends it to more generic use in both MVPN and general EVPN. "In Situ OAM Profiles", Tal Mizrahi, Frank Brockners, Shwetha Bhandari, Ramesh Sivakolundu, Carlos Pignataro, Aviv Kfir, Barak Gafni, Mickey Spiegel, Tianran Zhou, John Lemon, 2019-09-11, In Situ Operations, Administration and Maintenance (IOAM) is used for monitoring network performance and for detecting traffic bottlenecks and anomalies. This is achieved by incorporating IOAM data into in- flight data packets. This document introduces the concept of use case-driven IOAM profiles. An IOAM profile defines a use case or a set of use cases for IOAM, and an associated set of rules that restrict the scope and features of the IOAM specification, thereby limiting it to a subset of the full functionality. The motivation for defining profiles is to limit the scope of IOAM features, allowing simpler implementation, verification, and interoperability testing in the context of specific use cases that do not require the full functionality of IOAM. "YANG Schema Version Selection", Robert Wilton, Reshad Rahman, Joe Clarke, 2019-11-02, This document defines protocol mechanisms to allow clients, using NETCONF or RESTCONF, to choose which YANG schema to use for interactions with a server, out of the available YANG schemas supported by a server. The provided functionality allow servers to support clients in a backwards compatible way, at the same time allowing for non-backwards-compatible updates to YANG modules. This draft provides a solution to YANG versioning requirements 3.1 and 3.2. "Lossless and overhead free DCCP - UDP header conversion (U-DCCP)", Markus Amend, Anna Brunstrom, Andreas Kassler, Veselin Rakocevic, 2019-07-08, The Datagram Congestion Control Protocol (DCCP) is a transport-layer protocol that provides upper layers with the ability to use non- reliable congestion-controlled flows. DCCP is not widely deployed in the Internet, and the reason for that can be defined as a typical example of a chicken-egg problem. Even if an application developer decided to use DCCP, the middle-boxes like firewalls and NATs would prevent DCCP end-to-end since they lack support for DCCP. Moreover, as long as the protocol penetration of DCCP does not increase, the middle-boxes will not handle DCCP properly. To overcome this challenge, NAT/NATP traversal and UDP encapsulation for DCCP is already defined. However, the former requires special middle-box support and the latter introduces overhead. The recent proposal of a multipath extension for DCCP further underlines the challenge of efficient middle-box passing as its main goal is to be applied over the Internet, traversing numerous uncontrolled middle-boxes. This document introduces a new solution which disguises DCCP during transmission as UDP without requiring middle-box modification or introducing any overhead. "Design issues for hybrid key exchange in TLS 1.3", Douglas Steblia, Scott Fluhrer, Shay Gueron, 2019-07-08, Hybrid key exchange refers to using multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if all but one of the component algorithms is broken, and is motivated by transition to post-quantum cryptography. This document categorizes various design considerations for using hybrid key exchange in the Transport Layer Security (TLS) protocol version 1.3 and outlines two concrete instantiations for consideration. "DCCP Extensions for Multipath Operation with Multiple Addresses", Markus Amend, Eckard Bogenfeld, Anna Brunstrom, Andreas Kassler, Veselin Rakocevic, 2019-11-04, DCCP communication is currently restricted to a single path per connection, yet multiple paths often exist between peers. The simultaneous use of these multiple paths for a DCCP session could improve resource usage within the network and, thus, improve user experience through higher throughput and improved resilience to network failure. Multipath DCCP provides the ability to simultaneously use multiple paths between peers. This document presents a set of extensions to traditional DCCP to support multipath operation. The protocol offers the same type of service to applications as DCCP and it provides the components necessary to establish and use multiple DCCP flows across potentially disjoint paths. "Compact TLS 1.3", Eric Rescorla, Richard Barnes, Hannes Tschofenig, 2019-11-04, This document specifies a "compact" version of TLS 1.3. It is isomorphic to TLS 1.3 but saves space by trimming obsolete material, tighter encoding, and a template-based specialization technique. cTLS is not directly interoperable with TLS 1.3, but it should eventually be possible for a cTLS/TLS 1.3 server to exist and successfully interoperate. "The Link Layer service in a Quantum Internet", Axel Dahlberg, Matthew Skrzypczyk, Stephanie Wehner, 2019-10-10, In a classical network the link layer is responsible for transferring a datagram between two nodes that are connected by a single link, possibly including switches. In a quantum network however, the link layer will need to provide a robust entanglement generation service between two quantum nodes which are connected by a quantum link. This service can be used by higher layers to produce entanglement between distant nodes or to perform other operations such as qubit transmission, without full knowledge of the underlying hardware and its parameters. This draft defines what can be expected from the service provided by a link layer for a Quantum Network and defines an interface between higher layers and the link layer. "UDP Surplus Header", Tom Herbert, 2019-07-08, This specification defines the UDP Surplus Header that is an extensible and generic format applied to the UDP surplus space. The UDP surplus space comprises the bytes between the end of the UDP datagram, as indicated by the UDP Length field, and the end of the IP packet, as indicated by IP packet or payload length. The UDP Surplus Header can be either a protocol trailer of the UDP datagram, or a protocol header which effectively serves as an extended UDP header. "Enhanced AS Loop Detection for BGP", China Telecom, Di Ma, Yunan Gu, Shunwan Zhuang, Haibo Wang, 2019-11-04, Misconfiguration and malicious manipulation of BGP AS_Path may lead to route hijack. This document proposes to enhance the BGP Inbound/ Outbound route processing in the case of detecting an AS loop. Two options are proposed for the enhancement, a) a local check at the device; b) data collection/analysis at the remote network controller/ server. Both approaches are beneficial for route hijack detection. "Feminism and protocols", Juliana Guerra, Mallory Knodel, 2019-07-08, This document aims to describe how internet standards, protocols and its implementations may impact diverse groups and communities. The research on how some protocol can be enabler for specific human rights while possibly restricting others has been documented in [RFC8280]. Similar to how RFC 8280 has taken a human rights lens through which to view engineering and design choices by internet standardisation, this document addresgses the opportunities and vulnerabilities embedded within internet protocols for specific, traditionally maginalised groups. "Reference Interaction Model for Challenge-Response-based Remote Attestation", Henk Birkholz, Michael Eckel, 2019-07-08, This document defines an interaction model for a basic remote attestation procedure. Additionally, the required information elements are illustrated. "YANG Module for Basic Challenge-Response-based Remote Attestation Procedures", Henk Birkholz, Michael Eckel, Shwetha Bhandari, Bill Sulzen, Eric Voit, Liang Xia, Tom Laffey, Guy Fedorkow, 2019-07-08, This document defines a YANG RPC and a minimal datastore tree required to retrieve attestation evidence about integrity measurements from a composite device with one or more roots of trust for reporting. Complementary measurement logs are also provided by the YANG RPC originating from one or more roots of trust of measurement. The module defined requires a TPM 2.0 and corresponding Trusted Software Stack included in the device components of the composite device the YANG server is running on. "Time-Based Uni-Directional Attestation", Andreas Fuchs, Henk Birkholz, Ira McDonald, Carsten Bormann, 2019-09-11, This documents defines the method and bindings used to conduct Time- based Uni-Directional Attestation (TUDA) between two RATS (Remote ATtestation procedureS) Principals over the Internet. TUDA does not require a challenge-response handshake and thereby does not rely on the conveyance of a nonce to prove freshness of remote attestation Evidence. Conversely, TUDA enables the creation of Secure Audit Logs that can constitute Evidence about current and past operational states of an Attester. As a prerequisite for TUDA, every RATS Principal requires access to a trusted and synchronized time-source. Per default, in TUDA this is a Time Stamp Authority (TSA) issuing signed Time Stamp Tokens (TST). "An HTTP/2 Extension for Bidirectional Message Communication", Guowu Xie, Alan Frindell, 2019-07-08, This draft proposes an HTTP/2 protocol extension that enables bidirectional messaging communication between client and server. "Revision of the Recall Initiation Model", Moonesamy S, John Klensin, 2019-11-09, The procedures for initiating a recall specified in RFC 7437 restrict signatories of a recall petition to those who are "nomcom qualified". This document suggests those limitations had unanticipated and undesirable side-effects and proposes to remove them. It also specifies that remote participants should be allowed to seek redress through the procedures and decreases the number of signatories required for a recall petition. This document updates RFC 7437. "rdlink: Robust distributed links to constrained devices", Christian Amsuess, 2019-09-23, Thing to thing communication in Constrained RESTful Environments (CoRE) relies on URIs to link to servers. Next to hierarchical configuration and short-lived IP addresses, this document introduces a naming scheme for devices based on cryptographic identifiers. A special purpose domain is reserved for expressing those identifiers, and mechanisms for constrained devices to announce their names and to look them up are described. "SRv6 Implementation and Deployment Status", Satoru Matsushima, Clarence Filsfils, Zafar Ali, Zhenbin Li, 2019-12-11, This draft provides an overview of IPv6 Segment Routing (SRv6) deployment status. It lists various SRv6 features that have been deployed in the production networks. It also provides an overview of SRv6 implementation and interoperability testing status. "Using Early Data in DNS over TLS", Alessandro Ghedini, 2019-07-06, This document illustrates the risks of using TLS 1.3 early data with DNS over TLS, and specifies behaviors that can be adopted by clients and servers to reduce those risks. "Capabilities and Limitations of an Endpoint-only Security Solution", Arnaud Taddei, Candid Wueest, Kevin Roundy, Dominique Lazanski, 2019-07-08, In the context of existing, proposed and newly published protocols, this draft RFC is to establish the capabilities and limitations of endpoint-only security solutions and explore benefits and alternatives to mitigate those limits with the support of real case studies. "Simplifying Firewall Rules with Network Programming and SRH Metadata", Jim Guichard, Clarence Filsfils, daniel.bernier@bell.ca, Zhenbin Li, Francois Clad, Pablo Camarillo, Ahmed Abdelsalam, 2019-09-23, A clear application of the SRv6 Network Programming model consists in steering, in a stateless manner, packets through a Service Function Chain (SFC). Each Service Function (SF) is identified by a segment. Each SF can enrich its operation thanks to metadata present in the SRH. This document describes a practical use-case where the SF is a firewall and the metadata helps to drastically decrease the number of rules that need to be maintained by the operation team. "Network File System Version 4 Requirements for Computational Storage", Chuck Lever, 2019-08-12, This document introduces an architecture for supporting Computational Storage on Network File System version 4 (NFS) servers and clients. "The SODP (Secure Object Delivery Protocol) Server Interfaces: NSA's Profile for Delivery of Certificates, CRLs, and Symmetric Keys to Clients", Michael Jenkins, Sean Turner, 2019-08-16, This document specifies protocol interfaces profiled by the US NSA (United States National Security Agency) for NSS (National Security System) servers that provide public key certificates, CRLs (Certificate Revocation Lists), and symmetric keys to NSS clients. Servers that support these interfaces are referred to as SODP (Secure Object Delivery Protocol) servers. The intended audience for this profile comprises developers of client devices that will obtain key management services from NSA-operated SODP servers. Interfaces supported by SODP servers include: EST (Enrollment over Secure Transport) and its extensions as well as CMC (Certificate Management over CMS (Cryptographic Message Syntax)). This profile applies to the capabilities, configuration, and operation of all components of US National Security Systems (SP 800- 59). It is also appropriate for other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments. "Hybrid Post-Quantum Key Encapsulation Methods (PQ KEM) for Transport Layer Security 1.2 (TLS)", Matt Campagna, Eric Crockett, 2019-11-04, Hybrid key exchange refers to executing two independent key exchanges and feeding the two resulting shared secrets into a Pseudo Random Function (PRF), with the goal of deriving a secret which is as secure as the stronger of the two key exchanges. This document describes new hybrid key exchange schemes for the Transport Layer Security 1.2 (TLS) protocol. The key exchange schemes are based on combining Elliptic Curve Diffie-Hellman (ECDH) with a post-quantum key encapsulation method (PQ KEM) using the existing TLS PRF. In particular, this document specifies the use of the Bit Flipping Key Exchange (BIKE) and Supersingular Isogeny Key Exchange (SIKE) schemes in combination with ECDHE as a hybrid key agreement in a TLS 1.2 handshake. "OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)", Daniel Fett, Brian Campbell, John Bradley, Torsten Lodderstedt, Michael Jones, David Waite, 2019-10-31, This document describes a mechanism for sender-constraining OAuth 2.0 tokens via a proof-of-possession mechanism on the application level. This mechanism allows for the detection of replay attacks with access and refresh tokens. "Vehicular Mobility Management for IP-Based Vehicular Networks", Jaehoon Jeong, Yiwen Shen, Zhong Xiang, 2019-11-04, This document specifies a Vehicular Mobility Management (VMM) scheme for IP-based vehicular networks. The VMM scheme takes advantage of a vehicular link model based on a multi-link subnet. With a vehicle's mobility information (e.g., position, speed, acceleration/ deceleration, and direction) and navigation path (i.e., trajectory), it can provide a moving vehicle with proactive and seamless handoff along with its trajectory. "IGMPv3 and MLDv2 Update Survey", Toerless Eckert, Olufemi Komolafe, Hitoshi Asaeda, Timothy Winters, Nicolai Leymann, mankamana mishra, Anish Peter, Suneesh Babu, ramakanthjosyula@gmail.com, 2019-11-03, The PIM WG intends to progress IGMPv3 and MLDv2 from Proposed Standards to Internet Standards. This document describes the motivation, procedures and questions proposed for a survey of operators, vendors and implementors of IGMPv3 and MLDv2. The objective of the survey is to collate information to help the PIM WG progress these protocols to Internet Standards. "Quality of Service for ICN in the IoT", Cenk Gundogan, Thomas Schmidt, Matthias Waehlisch, Michael Frey, Felix Shzu-Juraschek, Jakob Pfender, 2019-07-08, This document describes manageable resources in ICN IoT deployments and a lightweight traffic classification method for mapping priorities to resources. Management methods are further derived for controlling latency and reliability of traffic flows in constrained environments. This work includes a distributed management of the heterogeneous resources (i) forwarding capacities, (ii) Pending Interest Table (PIT) space, and (iii) in-network data storage. By correlating these common ICN resources, performance measures can be optimized without sacrificing concurrent traffic demands. Different from the IP world, QoS in ICN can be benifical for all participants and manage 'quality instead of unfairness'. "ACME End User Client and Code Signing Certificates", Kathleen Moriarty, 2019-11-17, Automated Certificate Management Environment (ACME) core protocol addresses the use case of web server certificates for TLS. This document extends the ACME protocol to support end user client, device client, and code signing certificates. "Transmission of IPv6 Packets over Aeronautical ("aero") Interfaces", Fred Templin, Tony Whyman, 2019-12-10, Aeronautical mobile nodes (e.g., aircraft of various configurations) communicate with networked correspondents over multiple access network data links and configure mobile routers to connect their on- board networks. An Air-to-Ground (A/G) interface specification is therefore needed for coordination with the ground domain network. This document specifies the transmission of IPv6 packets over aeronautical ("aero") interfaces. "YANG Module for IS-IS Reverse Metric", Christian Hopps, 2019-11-21, This document defines a YANG module for managing the reverse metric extension to the the intermediate system to intermediate system routeing protocol. "IS-IS Optimal Distributed Flooding for Dense Topologies", Russ White, Shraddha Hegde, Shawn Zandi, 2019-09-30, In dense topologies, such as data center fabrics based on the Clos and butterfly fabric topologies, flooding mechanisms designed for sparse topologies, when used in these dense topologies, can "overflood," or carry too many copies of topology and reachability to fabric devices. This results in slower convergence times and higher resource utilization. The modifications to the flooding mechanism in the Intermediate System to Intermediate System (IS-IS) link state protocol described in this document reduce resource utilization to a minimum, while increaseing convergence performance in dense topologies. Note that a Clos fabric is used as the primary example of a desne flooding topology throughout this document. However, the flooding optimizations described in this document apply to any dense topology. "Mathematical Mesh 3.0 Part X: Considerations for Quantum Cryptanalysis Resistance", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an infrastructure that facilitates the exchange of configuration and credential data between multiple user devices and provides end-to-end security. This document describes. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-quantum.html [1] . "Mathematical Mesh 3.0 Part IX: Considerations for Constrained Devices", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an infrastructure that facilitates the exchange of configuration and credential data between multiple user devices and provides end-to-end security. This document describes the [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-constrained.html [1] . "Mathematical Mesh 3.0 Part VIII: Cryptographic Algorithms", Phillip Hallam-Baker, 2019-11-01, The Mathematical Mesh 'The Mesh' is an infrastructure that facilitates the exchange of configuration and credential data between multiple user devices and provides end-to-end security. This document describes the cryptographic algorithm suites used in the Mesh and the implementation of Multi-Party Encryption and Multi-Party Key Generation used in the Mesh. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh- cryptography.html [1] . "Mathematical Mesh 3.0 Part VII: Security Considerations", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-security.html [1] . "Mathematical Mesh 3.0 Part V: Protocol Reference", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html [1] . "Mathematical Mesh 3.0 Part IV: Schema Reference", Phillip Hallam-Baker, 2019-10-23, The Mathematical Mesh 'The Mesh' is an end-to-end secure infrastructure that facilitates the exchange of configuration and credential data between multiple user devices. The core protocols of the Mesh are described with examples of common use cases and reference data. [Note to Readers] Discussion of this draft takes place on the MATHMESH mailing list (mathmesh@ietf.org), which is archived at https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. This document is also available online at http://mathmesh.com/Documents/draft-hallambaker-mesh-schema.html [1] . "Abuse-Resistant OpenPGP Keystores", Daniel Gillmor, 2019-08-22, OpenPGP transferable public keys are composite certificates, made up of primary keys, direct key signatures, user IDs, identity certifications ("signature packets"), subkeys, and so on. They are often assembled by merging multiple certificates that all share the same primary key, and are distributed in public keystores. Unfortunately, since many keystores permit any third-party to add a certification with any content to any OpenPGP certificate, the assembled/merged form of a certificate can become unwieldy or undistributable. Furthermore, keystores that are searched by user ID or fingerprint can be made unusable for specific searches by public submission of bogus certificates. And finally, keystores open to public submission can also face simple resource exhaustion from flooding with bogus submissions, or legal or other risks from uploads of toxic data. This draft documents techniques that an archive of OpenPGP certificates can use to mitigate the impact of these various attacks, and the implications of these concerns and mitigations for the rest of the OpenPGP ecosystem. "Packet Loss Signaling for Encrypted Protocols", Alexandre Ferrieux, Isabelle Hamchaoui, Igor Lubashev, 2019-11-04, This draft adapts the general technique described in draft- ferrieuxhamchaoui-tsvwg-lossbits draft-ferrieuxhamchaoui-tsvwg- lossbits for QUIC using reserved bits in QUIC v1 header. It describes a method that employs two bits to allow endpoints to signal packet loss in a way that can be used by network devices to measure and locate the source of the loss. "Using SSRC with WebRTC Simulcast", Harald Alvestrand, 2019-07-06, This document describes a convention for sending "a=ssrc" attributes in SDP together with "a=simulcast" attributes. This allows SFUs that need SSRC information to have this info easily accessible. Given that it is intended as an interim measure, it does not aim for being published as an RFC. "Intent Classification", Chen Li, Olga Havel, Will LIU, Pedro Martinez-Julia, Jeferson Nobre, Diego Lopez, 2019-11-18, RFC7575 defines Intent as an abstract high-level policy used to operate the network. Intent management system includes an interface for users to input requests and an engine to translate the intents into the network configuration and manage their lifecycle. Up to now, there is no commonly agreed definition, interface or model of intent. This document discusses what intent means to different stakeholders, describes different ways to classify intent, and an associated taxonomy of this classification. This is a foundation for discussion intent related topics. "We're gonna need a bigger threat model", Stephen Farrell, 2019-07-06, We argue that an expanded threat model is needed for Internet protocol development as protocol endpoints can no longer be considered to be generally trustworthy for any general definition of "trustworthy." "ARP/ND Synching And IP Aliasing without IRB", Yubao(Bob) Wang, Zheng Zhang, 2019-11-28, This draft proposes an extension to [RFC7432] to do ARP synchronizing and IP aliasing for Layer 3 routes that is needed for pure L3 EVPN to build a complete IP ECMP. The phrase "pure L3 EVPN" means that there is no MAC-VRF or IRB interface in the use case. "DNS over HTTP resolver announcement Using DHCP or Router Advertisements", Thomas Peterson, 2019-10-21, This specification describes a DHCP option and Router Advertisement (RA) extension to inform clients of the presence of a DNS over HTTP (DoH) service to be used for DNS queries. "Datagram PLPMTUD for UDP Options", Gorry Fairhurst, Tom Jones, 2019-10-02, This document specifies how a UDP Options sender implements Datagram Packetization Layer Path Maximum Transmission Unit Discovery (DPLPMTUD) as a robust method for Path Maximum Transmission Unit Discovery. "IPv6 Neighbor Discovery on Wireless Networks", Pascal Thubert, 2019-09-26, This document describes how the original IPv6 Neighbor Discovery and Wireless ND (WiND) can be applied on various abstractions of wireless media. "DNS over Transport Layer Security announcements using DHCP or Router Advertisements", Thomas Peterson, 2019-07-23, This specification describes a DHCP option and Router Advertisement (RA) extension to inform clients of the presence of DNS resolvers with Transport Layer Security (TLS). "L3DL Upper Layer Protocol Configuration", Randy Bush, Keyur Patel, 2019-11-02, This document users the Layer 3 Liveness and Discovery protocol to communicate the parameters needed to exchange inter-device Upper Layer Protocol Configuration for upper layer protocols such as the BGP family. "JSON Schema Language", Ulysse Carion, 2019-07-21, JavaScript Object Notation (JSON) Schema Language is a portable method for describing the format of JSON ([RFC8259], JavaScript Object Notation) data and the errors associated with ill-formed data. "ForCES architecture CUSP applicability", Evangelos Haleplidis, Jamal Hadi Salim, 2019-11-04, This document provides a gap-analysis on how the ForCES architecture meets the requirements for CUSP. In addition it provides a ForCES XML model that implements the current proposed CUSP information model. "Changes in the Internet Threat Model", Jari Arkko, 2019-07-08, Communications security has been at the center of many security improvements in the Internet. The goal has been to ensure that communications are protected against outside observers and attackers. This memo suggests that the existing threat model, while important and still valid, is no longer alone sufficient to cater for the pressing security issues in the Internet. For instance, it is also necessary to protect systems against endpoints that are compromised, malicious, or whose interests simply do not align with the interests of the users. While such protection is difficult, there are some measures that can be taken. It is particularly important to ensure that as we continue to develop Internet technology, non-communications security related threats are properly understood. While the consideration of these issues is relatively new in the IETF, this memo provides some initial ideas about potential broader threat models to consider when designing protocols for the Internet or when trying to defend against pervasive monitoring. Further down the road, updated threat models could result in changes in RFC 3552 (guidelines for writing security considerations) and RFC 7258 (pervasive monitoring), to include proper consideration of non-communications security threats. It may also be necessary to have dedicated guidance on how systems design and architecture affects security. "Using NETCONF over QUIC connection", Jinyou Dai, Xueshun Wang, Yang Kou, Lifen Zhou, 2019-10-28, The Network Configuration Protocol (NETCONF) provides mechanisms to install, manipulate, and delete the configuration of network devices. At present, almost all implementations of NETCONF are based on TCP protocol. QUIC, a new UDP-based transport protocol, can facilitate to improve the transportation performance when being used as an infrastructure layer of NETCONF. This document describes how to use the QUIC protocol as the transport protocol of NETCONF(NETCONFoQUIC). "In-Network Computing for App-Centric Micro-Services", Chathura Sarathchandra, Dirk Trossen, Michael Boniface, 2019-10-30, The application-centric deployment of 'Internet' services has increased over the past ten years with many million applications providing user-centric services, executed on increasingly more powerful smartphones that are supported by Internet-based cloud services in distributed data centres, the latter mainly provided by large scale players such as Google, Amazon and alike. This draft outlines a vision of evolving those data centres towards executing app-centric micro-services; we dub this evolved data centre as an AppCentre. Complemented with the proliferation of such AppCentres at the edge of the network, they will allow for such micro-services to be distributed across many places of execution, including mobile terminals themselves, while specific micro-service chains equal today's applications in existing smartphones. We outline the key enabling technologies that needs to be provided for such evolution to be realized, including references to ongoing IETF work in some areas. "Link relationship types for authentication", Evert Pot, 2019-10-02, This specification defines a set of relationships that may be used to indicate where a user may authenticate, log out, register a new account or find out who is currently authenticated. "The WebTransport Protocol Framework", Victor Vasiliev, 2019-11-03, The WebTransport Protocol Framework enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport. It consists of a set of individual protocols that are safe to expose to untrusted applications, combined with a model that allows them to be used interchangeably. This document defines the overall requirements on the protocols used in WebTransport, as well as the common features of the protocols, support for some of which may be optional. "WebTransport over QUIC", Victor Vasiliev, 2019-11-03, WebTransport [OVERVIEW] is a protocol framework that enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport. This document describes QuicTransport, a transport protocol that uses a dedicated QUIC [QUIC] connection and provides support for unidirectional streams, bidirectional streams and datagrams. "WebTransport over HTTP/3", Victor Vasiliev, 2019-11-03, WebTransport [OVERVIEW] is a protocol framework that enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport. This document describes Http3Transport, a WebTransport protocol that is based on HTTP/3 [HTTP3] and provides support for unidirectional streams, bidirectional streams and datagrams, all multiplexed within the same HTTP/3 connection. "BGP-LS Filters : A Framework for Network Slicing and Enhanced VPNs", John Drake, Adrian Farrel, Luay Jalil, Avinash Lingala, 2019-11-04, Future networks that support advanced services, such as those enabled by 5G mobile networks, envision a set of overlay networks each with different performance and scaling properties. These overlays are known as network slices and are realized over a common underlay network. In order to support network slicing, as well as to offer enhanced VPN services in general, it is necessary to define a mechanism by which specific resources (links and/or nodes) of an underlay network can be used by a specific network slice, VPN, or set of VPNs. This document sets out such a mechanism for use in Segment Routing networks. "An IPv6 stateless interface identifier generation method based on geographic location coding", Pei Zhang, Qianli Zhang, Dandan Li, Yan Ma, Kun Xie, 2019-09-23, This document describes how to generate a stateless IPv6 host interface identifier based on host geographic location information. This method can guarantee the uniqueness and stability of the address generated within a certain geographical range. The method is similar to mechanism introduced in RFC 7217, but remains stable within an adjustable geographical area. "Service Oriented Internet Protocol", Brian Carpenter, Sheng Jiang, Guangpeng Li, 2019-10-28, This document proposes a new, backwards-compatible, approach to packet forwarding, where the service required rather than the IP address required acts as the vector for routing packets at the edge of the network. Deeper in the network, the mechanism can interface to conventional and future methods of service or application aware networking. "Public Key Authenticated Encryption for JOSE: ECDH-1PU", Neil Madden, 2019-08-13, This document describes the ECDH-1PU public key authenticated encryption algorithm for JWE. The algorithm is similar to the existing ECDH-ES encryption algorithm, but adds an additional ECDH key agreement between static keys of the sender and recipient. This additional step allows the recipient to be assured of sender authenticity without requiring a nested signed-then-encrypted message structure. "Shared Use of Experimental Hop-by-Hop and Destination Options", Tom Herbert, 2019-08-20, This document describes how the experimental IPv6 Hop-by-Hop and Destinations Option types can concurrently support different experimental options. This is accomplished by employing a format in the Option Data for experimental option types. The format contains an experiment identifier that indicates an experimental option contained in the trailing Option Data. This approach is robust to experiments that are not registered and to those that do not use this sharing mechanism. It is recommended for all new Destination and Hop-by-Hop options that use experimental codepoints. "The need for email archival option in email clients", pradeep xplorer, 2019-07-21, This document describes the need for a email archive option button or check box in email client to make sure of accountability of emails, transmission delivery and control of email SPAM "ACME Integrations", Owen Friel, Richard Barnes, Rifaat Shekh-Yusef, 2019-10-24, This document outlines multiple advanced use cases and integrations that ACME facilitates without any modifications or enhancements required to the base ACME specification. The use cases include ACME integration with EST, BRSKI and TEAP. "Use of the Walnut Digital Signature Algorithm with CBOR Object Signing and Encryption (COSE)", Derek Atkins, 2019-11-20, This document specifies the conventions for using the Walnut Digital Signature Algorithm (WalnutDSA) for digital signatures with the CBOR Object Signing and Encryption (COSE) syntax. WalnutDSA is a lightweight, quantum-resistant signature scheme based on Group Theoretic Cryptography (see [WALNUTDSA] and [WALNUTSPEC]) with implementation and computational efficiency of signature verification in constrained environments, even on 8- and 16-bit platforms. "IS-IS Extensions To Support The IPv6 Compressed Routing Header (CRH)", Parag Kaneriya, Rejesh Shetty, Shraddha Hegde, Ron Bonica, 2019-11-04, Source nodes can use the IPv6 Compressed Routing Header (CRH) to steer packets through a specified path. This document defines IS-IS extensions that support the CRH. "Coordinating Attack Response at Internet Scale 2 (CARIS2) Workshop Report", Kathleen Moriarty, 2019-12-02, The Coordinating Attack Response at Internet Scale (CARIS) 2 workshop workshop [CARISEvent], sponsored by the Internet Society, took place 28 February and 1 March 2019 in Cambridge, Massachusetts, USA. Participants spanned regional, national, international, and enterprise CSIRTs, operators, service providers, network and security operators, transport operators and researchers, incident response researchers, vendors, and participants from standards communities. This workshop continued the work started at the first CARIS workshop, with a focus for CARIS 2 scaling incident prevention and detection as the Internet industry moves to a stronger and a more ubiquitous deployment of session encryption. "Transactional Authorization", Justin Richer, 2019-12-13, This document defines a mechanism for delegating authorization to a piece of software, and conveying that delegation to the software. "Reliable and Available Wireless Technologies", Pascal Thubert, Dave Cavalcanti, Xavier Vilajosana, Corinna Schmitt, 2019-07-01, This document presents a series of recent technologies that are capable of time synchronization and scheduling of transmission, making them suitable to carry time-sensitive flows with requirements of both reliable delivery in bounded time, and availability at all times, regardless of packet transmission or individual equipement failures. "LOOPS Generic Information Set", Michael Welzl, Carsten Bormann, 2019-11-04, LOOPS (Local Optimizations on Path Segments) aims to provide local (not end-to-end but in-network) recovery of lost packets to achieve better data delivery in the presence of losses. [I-D.li-tsvwg-loops-problem-opportunities] provides an overview over the problems and optimization opportunities that LOOPS could address. The present document is a strawman for the set of information that would be interchanged in a LOOPS protocol, without already defining a specific data packet format. The generic information set needs to be mapped to a specific encapsulation protocol to actually run the LOOPS optimizations. The current version of this document contains sketches of bindings to GUE [I-D.ietf-intarea-gue] and Geneve [I-D.ietf-nvo3-geneve]. "Reporting Progress of Long-Running Operations in HTTP", Austin Wright, 2019-11-21, This document defines a mechanism for following the real-time progress of long-running operations over HTTP. "YANG Data Model for Segment Routing Policy", Kamran Raza, Robert Sawaya, Zhuang Shunwan, Daniel Voyer, Muhammad Durrani, Satoru Matsushima, Vishnu Beeram, 2019-11-04, This document defines a YANG data model for Segment Routing (SR) Policy that can be used for configuring, instantiating, and managing SR policies. The model is generic and apply equally to the MPLS and SRv6 instantiations of SR policies. "RDAP Deployment Findings and Update", Marc Blanchet, 2019-06-13, Registration Access Data Protocol(RDAP) is being deployed in domain and IP address registries. This document describes issues and findings while interfacing with the known server implementations and deployments. It also provides recommendations for the specifications. "The China Mobile, Huawei, and ZTE BNG Simple Control and User Plane Separation Protocol (S-CUSP)", Shujun Hu, Donald Eastlake, Fengwei Qin, Tee Chua, Daniel Huang, 2019-10-19, A Broadband Network Gateway (BNG) in a fixed wireline access network is an Ethernet-centric IP edge router and the aggregation point for subscriber traffic. Control Plane (CP) and User Plane (UP) Separation (CUPS) for such a BNG improves flexibility and scalability but requires various communication between the UP and the CP. China Mobile, Huawei Technologies, and ZTE have developed a simple CUPS control channel Protocol (S-CUSP) to support such communication. This document is not an IETF standard and does not have IETF consensus. S-CUSP is presented here to make its specification conveniently available to the Internet community to enable diagnosis and interoperability. "Asymmetric IPv6 for IoT Networks", Sheng Jiang, Guangpeng Li, Brian Carpenter, 2019-10-28, This document describes a new approach to IPv6 header compression for use in scenarios where minimizing packet size is crucial but routing performance must be maximised. "ISIS Extensions in Support of Inter-Autonomous System (AS) MPLS and GMPLS Traffic Engineering", Mach Chen, Les Ginsberg, Stefano Previdi, Xiaodong Duan, 2019-12-02, This document describes extensions to the Intermediate System to Intermediate System (IS-IS) protocol to support Multiprotocol Label Switching (MPLS) and Generalized MPLS (GMPLS) Traffic Engineering (TE) for multiple Autonomous Systems (ASs). It defines IS-IS extensions for the flooding of TE information about inter-AS links, which can be used to perform inter-AS TE path computation. No support for flooding information from within one AS to another AS is proposed or defined in this document. This document obsoletes RFC 5316. "Use Cases and Requirements for QUIC as a Substrate", Mirja Kuehlewind, Zaheduzzaman Sarker, Thomas Fossati, Lucas Pardue, 2019-11-04, TCP is often used as a proxying or tunneling protocol. QUIC is a new, emerging transport protocol and there is a similar expectation that it too will be used as a substrate once it is widely deployed. Using QUIC instead of TCP in existing scenarios will allow proxying and tunneling services to maintain the benefits of QUIC natively, without degrading the performance and security characteristics. QUIC also opens up new opportunities for these services to have lower latency and better multistreaming support. This document summarizes current and future usage scenarios to derive requirements for QUIC and to provide additional protocol considerations. "New IPv6 Multicast Addresses for Switch ML", Hemant Singh, 2019-12-09, Recently, in-network aggregation to scale distributed machine learning (ML) has been presented. A network switch implementation uses IPv4 broadcast messages from switch to the hosts to send updates to all workers. IPv6 does not support broadcast addresses. This document proposes, IPv6 implementations use the IPv6 link-local all- nodes multicast address, until a new IPv6 link-local multicast address is assigned by IANA for switch to hosts multicast communications. "Security Considerations for SRv6 Networks", Cheng Li, Zhenbin Li, Chongfeng Xie, Hui Tian, Jianwei Mao, 2019-11-04, SRv6 inherits potential security vulnerabilities from Source Routing in general, and also from IPv6. This document describes various threats and security concerns related to SRv6 networks and existing approaches to solve these threats. "The Cooperative Communication Method of the Converged Multi-media Wireless Resource Management Network", Yi Liu, 2019-11-29, This paper describes a cooperative communication method of theconverged multi-media wireless resource management network.It can maximize the utilization of heterogeneous network resources and optimize the access to wireless resources of the network in the form of Mesh, which solves the problem of collaborative wireless resource management in multi-media converged networks. Through the overall consideration of multi-media converged networks including wired network, wireless network, broadband network, and narrowband network, joint access control and resource scheduling for network devices with different characteristics in heterogeneous networks are realized. "RIFT Applicability", Yuehua Wei, Zheng Zhang, Dmitry Afanasiev, Tom Verhaeg, Jaroslaw Kowalczyk, 2019-11-04, This document discusses the properties, applicability and operational considerations of RIFT in different network scenarios. It intends to provide a rough guide how RIFT can be deployed to simplify routing operations in Clos topologies and their variations. "Framework for Network Resource Property Description", Miao Congcong, 2019-06-14, This memo discusses and defines a framework for cyberspace resource property description, which is suitable for the unified classification organization and description of multi-source network resource measurement information. Now, there is no unified description framework for network resource property. The objective of this draft is to establish a general model based on cyberspace identification reference, and implement the reuse of survey data in different users and occasions. Then discuss the basic methodology and propose a less mature framework for further complement and improvement "Design of the native Cyberspace Map", Jilong Wang, Shuying Zhuang, Miao Congcong, Changqing An, 2019-12-13, This memo discusses the design of the native cyberspace map which is stable and flexible to describe cyberspace. Although we have accepted the cyberspace as a parallel new world, we even have not defined its basic coordinate system, which means cyberspace have no its basic space dimension till now. The objective of this draft is to illustrate the basic design methodology of the native coordinate system of cyberspace and show how to design a cyberspace map on this basis. "Framework for Network Resource Property Description", Zhi Sun, Da He, Xian Luo, Jianfeng Chen, Rui Xu, Jilong Wang, Miao Congcong, 2019-06-14, This memo discusses and defines a framework for cyberspace resource property description, which is suitable for the unified classification organization and description of multi-source network resource measurement information. Now, there is no unified description framework for network resource property. The objective of this draft is to establish a general model based on cyberspace identification reference, and implement the reuse of survey data in different users and occasions. Then discuss the basic methodology and propose a less mature framework for further complement and improvement "BBU Agregation: a usecase of the unified radio and optical control architecture", Jiawei Zhang, Sainan Liu, Zhen Liu, Yuefeng Ji, 2019-06-14, This document specifies a usecase, called BBU aggregation, for integreting radio and optical networks. It aims to compact several low-utilized BBU cards into one BBU to improve the BBU utilization. A flexible optical fronthaul network is connecting BBU and RRU to enable BBU aggregation by recongfiguring the lightpath between BBU and RRU. The procedure of the usecase is based on the unified radio and optical control archtecture, and an extended OpenFlow protocol is introduced to realize the procedure. "BBU Agregation: a usecase of the unified radio and optical control architecture", Jiawei Zhang, Sainan Liu, Zhen Liu, Yuefeng Ji, 2019-06-16, This document specifies a usecase, called BBU aggregation, for integreting radio and optical networks. It aims to compact several low-utilized BBU cards into one BBU to improve the BBU utilization. A flexible optical fronthaul network is connecting BBU and RRU to enable BBU aggregation by recongfiguring the lightpath between BBU and RRU. The procedure of the usecase is based on the unified radio and optical control archtecture, and an extended OpenFlow protocol is introduced to realize the procedure. "eCoMP:a usecase of the unified radio and optical control architecture", Zhen Liu, Jiawei Zhang, Sainan Liu, Yuefeng Ji, 2019-06-16, This document specifies a usecase, called enhanced coordinated multi- point (eCoMP), for integreting radio and optical networks. It focus on the fronthaul flexibility that allows "any-RRH_A to any-BBU_A" connection to improve the eCoMP service performance. The procedure of the usecase is based on the unified radio and optical control archtecture, and an extended OpenFlow protocol is introduced to realize the procedure. "An Unified Control Plane Architecture for the convergency of radio and optical networks", Jiawei Zhang, Zhen Liu, Yuefeng Ji, 2019-06-16, This memo specifies an unified radio and optical control architecture based on Software Defined Networking (SDN). The architecture is designed for the purposes of end-to-end 5G Radio Access Networks (RAN) service, which enables joint radio and optical network resoures orchestration. Based on this architecture, some new applications could be achieved, such as enhanced Coordinated MultiPoint (eCoMP) service, Baseband Unit (BBU) aggregation, fronthaul traffic prediction and so on. "Clarification of Enrollment over Secure Transport (EST): transfer encodings and ASN.1", Michael Richardson, Thomas Werner, Wei Pan, 2019-11-03, This document updates RFC7030: Enrollment over Secure Transport (EST) to resolve some errata that was reported, and which has proven to have interoperability when RFC7030 has been extended. This document deprecates the specification of "Content-Transfer- Encoding" headers for EST endpoints, providing a way to do this in an upward compatible way. This document additional defines a GRASP discovery mechanism for EST endpoints, and specifies requirements for them. Finally, this document fixes some syntactical errors in ASN.1 that was presented. "Introducing the Local Base Name in SenML", Hannes Tschofenig, 2019-06-18, The Sensor Measurement Lists (SenML) specification defines a format for representing simple sensor measurements and device parameters. This specification defines a new label to relax the requirement for global identification of every measurement. "Path validation with RPKI", Iljitsch van Beijnum, 2019-06-20, This memo adds the capability to validate the full BGP AS path to the RPKI mechanism. "Exploiting Packet Replication and Elimination in Complex Tracks in LLNs", Georgios Papadopoulos, Remous-Aris Koutsiamanis, Nicolas Montavont, Pascal Thubert, 2019-06-20, The Packet Replication and Elimination (PRE) mechanism duplicates data packets into several paths in the network to increase reliability and provide low jitter. PRE may be used to complement layer-2 Automatic Repeat reQuest (ARQ) and receiver-end Ordering to form the PAREO functions. Over a wireless medium, this technique can take advantage of communication Overhearing, when parallel transmissions over two adjacent paths are scheduled. This document presents the concept and details the required changes to the current specifications that will be necessary to enable the PAREO functions. "Abstract", Young Lee, Daniele Ceccarelli, Jeff Tantsura, 2019-06-20, This document outlines the applicability of Abstraction and Control of Traffic Engineered Networks (ACTN) to Packet & Optical Integration (POI). It also identifies a number of deployment scenarios to support L3VPN and L2VPN in operator's networks and provides implementation guidelines. "SCIM Profile for Provisioning Users Into Relying Party Applications", Mark Wahl, 2019-06-21, This document specifies a profile of the System for Cross-Domain Identity Management Protocol (SCIM). This profile defines how an identity provider, acting as a SCIM client, can notify a relying party application of changes to user accounts. "RTP Payload Format for CCSDS Compressed Image Data", Rolando Herrero, Claude St.Pierre, 2019-06-21, This memo describes an RTP payload format for the Consultative Committee for Space Data Systems (CCSDS) Compressed Image Data standard [CCSDS122.0]. The compression is typically applied to two- dimensional and three-dimensional data cubes resulting from multispectral and hyperspectral imagining instruments. "IETF Meeting Network Requirements", Karen O'Donoghue, Robert Hinden, 2019-11-04, The IETF Meeting Network has become integral to the success of any physical IETF meeting. Building such a network, which provides service to thousands of heavy users and their multitude of devices, spread throughout the event venue, with very little time for setup and testing is a challenge. This document provides a set of requirements, derived from hard won experience, as an aid to anyone involved in designing and deploying such future networks. "Extensible Provisioning Protocol (EPP) Secure Authorization Information for Transfer", James Gould, Richard Wilhelm, 2019-08-05, The Extensible Provisioning Protocol (EPP), in RFC 5730, defines the use of authorization information to authorize a transfer. The authorization information is object-specific and has been defined in the EPP Domain Name Mapping, in RFC 5731, and the EPP Contact Mapping, in RFC 5733, as password-based authorization information. Other authorization mechanisms can be used, but in practice the password-based authorization information has been used at the time of object create, managed with the object update, and used to authorize an object transfer request. What has not been fully considered is the security of the authorization information that includes the complexity of the authorization information, the time-to-live (TTL) of the authorization information, and where and how the authorization information is stored. This document defines an operational practice, using the EPP RFCs, that leverages the use of strong random authorization information values that are short-lived, that are not stored by the client, and that are stored using a cryptographic hash by the server to provide for secure authorization information used for transfers. "DHCPv6 Prefix Delegating relay", Ian Farrer, Naveen Kottapalli, Martin Hunek, Richard Patterson, 2019-11-17, Operational experience with DHCPv6 prefix delegation has shown that when the DHCPv6 relay function is not co-located with the DHCPv6 server function, issues such as timer synchronization between the DHCP functional elements, rejection of client's messages by the relay, and other problems have been observed. These problems can result in prefix delegation failing or traffic to/from clients addressed from the delegated prefix being unrouteable. Although [RFC8415] mentions this deployment scenario, it does not provide necessary detail on how the relay element should behave when used with PD. This document describes functional requirements for a DHCPv6 PD relay when used for relaying prefixes delegated by a separate DHCPv6 server. "GOST R 34.12-2015: Block Cipher "Magma"", Vasily Dolmatov, Dmitry Eremin-Solenikov, 2019-11-17, In addition to a new cipher with block length of n=128 bits (referred to as "Kyznyechik" and described in RFC 7801) Russian Federal standard GOST R 34.12-2015 includes an updated version of the block cipher with block length of n=64 bits and key length k=256 bits, which is also referred to as "Magma". The algorithm is an updated version of an older block cipher with block length of n=64 bits described in GOST 28147-89 (RFC 5830). This document is intended to be a source of information about the updated version of the 64-bit cipher. It may facilitate the use of the block cipher in Internet applications by providing information for developers and users of GOST 64-bit cipher with the revised version of the cipher for encryption and decryption. "A Framework for Constructing Service Function Chaining Systems Based on Segment Routing", Cheng Li, Ahmed El Sawaf, Ruizhao Hu, Zhenbin Li, 2019-11-04, Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of topological sub-paths, called "segments". Segment routing architecture can be implemented over an MPLS data plane as well as an IPv6 data plane. Service Function Chaining (SFC) provides support for the creation of composite services that consist of an ordered set of Service Functions (SF) that are to be applied to packets and/or frames selected as a result of classification. SFC can be implemented based on several technologies, such as Network Service Header (NSH) and SR. This document describes a framework for constructing SFC based on Segment Routing. The document reviews the control plane solutions for route distribution of service function instance and service function path, and steering packets into a service function chain. "Multicast-only Fast Reroute Based on Topology Independent Loop-free Alternate Fast Reroute", Yisong Liu, Mike McBride, 2019-11-23, Multicast-only Fast Reroute (MoFRR) has been defined in [RFC7431], but the selection of the secondary multicast next hop only according to the loop-free alternate fast reroute, which has restrictions in multicast deployments. This document describes a mechanism for Multicast-only Fast Reroute by using Topology Independent Loop-free Alternate fast reroute, which is independent of network topology and can achieve covering more network environments. "Data Center Congestion Management requirements", Fei Chen, Wenhao Sun, Yolanda Yu, Roni Even, 2019-07-07, On IP-routed datacenter networks, RDMA is deployed using RoCEv2 protocol or iWARP. RoCEv2 specification does not define a strong congestion management mechanisms and load balancing methods. RoCEv2 relies on the existing Link-Layer Flow-Control IEEE 802.1Qbb(Priority-based Flow Control, PFC) to provide a lossless fabric. RoCEv2 Congestion Management(RCM) use ECN(Explicit Congestion Notification, defined in RFC3168) to signal the congestion to the destination and use the congestion notification to reduce the rate of injection and increase the injection rate when the extent of congestion decreases. iWRAP depends on TCP congestion handling. This document describes the current state of flow control and congestion handling in the DC and provides requirements for new directions for better congestion control. "IS-IS Flooding Speed advertisement", Bruno Decraene, Chris Bowers, Jayesh J, Tony Li, Gunter Van de Velde, 2019-07-05, This document proposes a mechanism that can be used to increase the speed at which link state information is flooded across a network when multiple LSPDUs need to be flooded, such as in case of a node failure. It also reduces the likelihood of overloading the downstream flooding neighbors. This document defines a new TLV to be advertised in IS-IS Hello messages. This TLV carries two parameters indicating the performance capacity to receive LSPDUs: the minimum delay between two consecutive LSPDUs and the number of LSPDUs which can the received back to back. "Methodology for Researching Security Considerations Sections", Mark McFadden, 2019-06-27, RFC3552 provides guidance to authors in crafting RFC text on Security Considerations. The RFC is more than fifteen years old. With the threat landscape and security ecosystem significantly changed since the RFC was published, RFC3552 is a candidate for update. This draft proposes that, prior to drafting an update to RFC3552, an examination of recent, published Security Considerations sections be carried out as a baseline for how to improve RFC3552. It suggests a methodology for examining Security Considerations sections in published RFCs and the extraction of both quantitative and qualitative information that could inform a revision of the older guidance. "Support for Data Reduction Extended Attributes in nfsv4 Version 2", Sorin Faibish, David Black, Philip Shilane, 2019-06-28, This document proposes extending NFSv4 operations to enable file extended attributes or xattr to be used in the protocol to provide information about the data reduction properties of files. New xattrs are proposed to allow the client application to communicate to the NFSv4 server data reduction attributes associated with files and directories using opaque metadata, not interpreted by the file system, but communicated to the Block Storage data reduction engines. Corresponding new file attributes are proposed to allow clients and client applications to query the server for data reduction xattr support and allow to get and set data reduction xattrs on files and directories. Such data reduction metadata is used as hints to the file server about what type of data reduction to apply. The proposed data reduction attributes include achievable ratios for compression and deduplication plus whether each data reduction technique applies to the file. "TLS Metadata for Load Balancers", Benjamin Schwartz, 2019-10-31, A load balancer that does not terminate TLS may wish to provide some information to the backend server, in addition to forwarding TLS data. This draft proposes a protocol between load balancers and backends that enables secure, efficient delivery of TLS with additional information. The need for such a protocol has recently become apparent in the context of split mode ESNI. "HTTP Partial POST Replay", Alan Frindell, 2019-06-28, This memo introduces a method of exchanging HTTP [RFC7230] messages between a web server and a cooperating intermediary - such as a reverse proxy load balancer - that enables faster restarts for the web server with minimal disruption for users. "Domain Contact Information (WHOIS) over DNS", John Bambenek, Richard Porter, 2019-06-30, Domain contact information over DNS provides a vehicle for exchanging contact information in a programmatic and reliable manner. DNS has a ubiquitous presence within the internet infrastructure and will act as a reliable publication method for contact information exchange. This RFC provides an agreed upon structure, voluntarily, to publish points of contact for domains. This document outlines the methodology for utilizing DNS TXT records for voluntary publication of various forms of contact. The intended purpose is to provide a faster means of reliable contact for professionals, cyber-defense of domains. "Guidelines for Internet Congestion Control at Endpoints", Gorry Fairhurst, 2019-11-03, This document provides guidance on the design of methods to avoid congestion collapse and to provide congestion control. Recommendations and requirements on this topic are distributed across many documents in the RFC series. This therefore seeks to gather and consolidate these recommendations and provide overall guidance. It is intended to provide input to the design of new congestion control methods in protocols, such as the IETF Quick UDP Internet Connections (QUIC) transport. The present document is for discussion and comment by the IETF. If published, it plans to update or replace the Best Current Practice in BCP 41, which currently includes "Congestion Control Principles" provided in RFC2914. "BIER IPv6 Encapsulation (BIERv6) Support via IS-IS", Jingrong Xie, Aijun Wang, Gang Yan, Senthil Dhanaraj, 2019-07-01, This document defines IS-IS extensions to support multicast forwarding using the Bit Index Explicit Replication (BIER) with IPv6 encapsulation (BIERv6). "Enhanced IPv6 Stateless Address autoconfiguration", Lin Luo, Qianli Zhang, 2019-07-01, This document specifies new flag in the format of a Prefix Information Option, IPv6 routers advertise the address refresh capability and address generation mechanism to IPv6 hosts. "Controller Identification Extension for MUD", Eliot Lear, 2019-07-01, Manufacturer Usage Descriptions (MUD) are a means by which devices can establish expectations about how they are intended to behave, and how the network should treat them. This extension provides a means for a MUD controller to identify itself through its own MUD file. "TCP ACK Pull", Carles Gomez, Jon Crowcroft, 2019-11-04, Delayed Acknowledgments (ACKs) allow reducing protocol overhead in many scenarios. However, in some cases, Delayed ACKs may significantly degrade network and device performance in terms of link utilization, latency, memory usage and/or energy consumption. This document defines the TCP ACK Pull (AKP) mechanism, which allows a sender to request the ACK for a data segment to be sent without additional delay by the receiver. AKP makes use of one of the reserved bits in the TCP header, which is defined in this specification as the AKP flag. "Security Considerations for Networks Using SRv6", Charles Perkins, 2019-07-01, This document identifies various threats to networks employing segment routing over an IPv6 transport. Segment Routing inherits potential security vulnerabilities from source routing in general, and from label-switching approaches such as MPLS. The document discusses how common security vulnerabilities may be present in SRv6 networks, depending on the security policies that are imposed. "Preferred Path Loop-Free Alternate (pLFA)", Stewart Bryant, Uma Chunduri, Toerless Eckert, 2019-07-02, Fast re-route (FRR) is a technique that allows productive forwarding to continue in a network after a failure has occurred, but before the network has has time to re-converge. This is achieved by forwarding a packet on an alternate path that will not result in the packet looping. Preferred Path Routing (PPR) provides a method of injecting explicit paths into the routing protocol. The use of PPR to support FRR has a number of advantages. This document describes the advantages of using PPR to provide a loop-free alternate FRR path, and provides a framework for its use in this application. "5G Transport Slice Connectivity Interface", Reza Rokui, Shunsuke Homma, Diego Lopez, Xavier de Foy, Luis Contreras, Jose Ordonez-Lucena, Pedro Martinez-Julia, Mohamed Boucadair, Philip Eardley, Kiran Makhijani, Hannu Flinck, 2019-07-02, The 5G Network slicing is an approach to provide separate independent E2E logical network from user equipment (UE) to applications where each network slice has different SLA requirements. Each E2E network slice consists of multitude of RAN-slice, Core-slice and Transport- slices, each with its own controller. To provide automation, assurance and optimization of the network slices, an E2E network slice controller is needed which interacts with controller in RAN, Core and Transport slices. The interfaces between the E2E network slice controller and RAN and Core controllers are defined in various 3GPP technical specifications. However, 3GPP has not defined the same interface for transport slices. The aim of this document is to provide the clarification of this interface and to provide the information model of this interface for automation, monitoring and optimization of the transport slices. "Requirement and Solution for Multicast Traffic Telemetry", Haoyu Song, Mike McBride, Gregory Mirsky, 2019-11-01, This document discusses the requirement of on-path telemetry for multicast traffic. The existing solutions are examined and their issues are addressed with new modifications that adapt to the multicast scenario. "Support Postcard-Based Telemetry for SRv6 OAM", Haoyu Song, 2019-10-14, Applications such as SRv6 TE may require to collect detailed performance data on SR paths. Existing in-situ OAM techniques incur encapsulation and header overhead issues. This document describes a method based on Postcard-based Telemetry with Packet Marking for SRv6 on-path OAM, which avoids the extra overhead for encapsulating telemetry-related instruction and metadata in SRv6 packets. "Deterministic Networking (DetNet) Controller Plane Framework", Andrew Malis, Xuesong Geng, Mach Chen, Fengwei Qin, 2019-07-24, This document provides a framework overview for the Deterministic Networking (DetNet) controller plane. It discusses concepts and requirements that will be basis for Detnet controller plane solution documents. "PCEP Operational Clarification", Mike Koldychev, Siva Sivabalan, Mahendra Negi, Diego Achaval, Hari Kotni, 2019-07-02, This document is meant to provide better clarity about how PCEP operates and hence to facilitate better interoperability between different equipment vendors. The content of this document has been compiled based on the feedback from several multi-vendor interop exercises. Several constructs are introduced to facilitate this, such as the LSP-DB and the ASSO-DB. "Defeating DNS/UDP Fragmentation Attacks", Mark Andrews, 2019-07-02, It is possible to force a DNS server to fragment its response such that a fragmentation reassembly attack can insert records into the response. This document uses TSIG with a well known key to defeat such attacks. "The Some Congestion Experienced ECN Codepoint", Jonathan Morton, Rodney Grimes, 2019-11-04, This memo reclassifies ECT(1) to be an early notification of congestion on ECT(0) marked packets, which can be used by AQM algorithms and transports as an earlier signal of congestion than CE. It is a simple, transparent, and backward compatible upgrade to existing IETF-approved AQMs, RFC3168, and nearly all congestion control algorithms. "Lightweight Fair Queueing", Jonathan Morton, Peter Heist, 2019-07-02, This note presents Lightweight Fair Queueing (LFQ), a fair queueing algorithm with a small code footprint, low memory requirements, no multiply operations, only two physical queues, and only one set of AQM state. LFQ provides throughput fairness, sparse flow prioritization and ordering guarantees, making it suitable for a mixture of traffic flow types. "Some Congestion Experienced One and Two-Flow Tests", Peter Heist, Rodney Grimes, Jonathan Morton, 2019-07-02, This note presents one and two-flow test results for the SCE (Some Congestion Experienced) reference implementation. These tests are not intended to be a comprehensive real-world evaluation of SCE, but an illustration of SCE's influence on basic TCP metrics in a controlled environment. "QUIC for SATCOM", Nicolas Kuhn, Gorry Fairhurst, John Border, Stephan Emile, 2019-11-04, QUIC has been designed for use across Internet paths. Initial designs of QUIC have focussed on common deployment scenarios for web traffic and have not focussed on the performance when using a path with a large Bandwidth-Delay Product (BDP). A path can combine satellites network segment together with a wide variety of other network technologies (Ethernet, cable modems, WiFi, cellular, radio links, etc): this complicates the characteristics of the end-to-end path. One example of such a scenario occurs when a satellite communication (SATCOM) system is used to provide all or a part of the end-to-end path. If this is not addressed, the end-to-end quality of experience can be degraded. This memo identifies the characteristics of a SATCOM link that impact the operation of the QUIC transport protocol and proposes current practice to ensure acceptable protocol performance. "Updated YANG Module Revision Handling", Benoit Claise, Joe Clarke, Reshad Rahman, Robert Wilton, Balazs Lengyel, Jason Sterne, Kevin D'Souza, 2019-10-15, This document specifies a new YANG module update procedure that can document when non-backwards-compatible changes have occurred during the evolution of a YANG module. It extends the YANG import statement with an earliest revision filter to better represent inter-module dependencies. It provides help and guidelines for managing the lifecycle of YANG modules and individual schema nodes. This document updates RFC 7950, RFC 8407 and RFC 8525. "Network Device Attestation Workflow", Guy Fedorkow, Jessica Fitzgerald-McKay, 2019-11-05, This document describes a workflow for network device attestation. "A well-known URI for publishing ESNIKeys", Stephen Farrell, 2019-07-05, We propose use of a well-known URI at which web servers can publish ESNIKeys as a way to help get those published in the DNS. "Carrying SID Algorithm information in PCE-based Networks.", Alexej Tokar, Siva Sivabalan, Mahendra Negi, 2019-07-03, The Algorithm associated with a prefix Segment-ID (SID) defines the path computation Algorithm used by Interior Gateway Protocols (IGPs). This information is available to controllers such as the Path Computation Element (PCE) via topology learning. This document proposes an approach for informing headend routers regarding the Algorithm associated with each prefix SID used in PCE-computed paths. "Avoid IP fragmentation in DNS", Kazunori Fujiwara, Paul Vixie, 2019-09-27, Path MTU discovery remains widely undeployed due to security issues, and IP fragmentation has exposed weaknesses in application protocols. Currently, DNS is known to be the largest user of IP fragmentation. It is possible to avoid IP fragmentation in DNS by limiting response size where possible, and signaling the need to upgrade from UDP to TCP transport where necessary. This document proposes to avoid IP fragmentation in DNS. "Maintenance Notification Improvements Using iCalendar", Ryan Gunter, 2019-07-03, This document proposes a maintenance notification convention that requires the use an iCalendar file augmented with standarzied and machine parseable metadata. The metadata is constructed by using the x-name property in the iCalendar file in compliance with [RFC 5545] [RFC5545]. This specification substantially reduces automation efforts, and still provides easy calendaring for manual processing. "Main logging schema for qlog", Robin Marx, 2019-10-14, This document describes a high-level schema for a standardized logging format called qlog. This format allows easy sharing of data and the creation of reusable visualization and debugging tools. The high-level schema in this document is intended to be protocol- agnostic. Separate documents specify how the format should be used for specific protocol data. "QUIC and HTTP/3 event definitions for qlog", Robin Marx, 2019-10-14, This document describes concrete qlog event definitions and their metadata for QUIC and HTTP/3-related events. These events can then be embedded in the higher level schema defined in [QLOG-MAIN]. "The Use of Path Segment in SR Inter-domain Scenarios", Quan Xiong, Gregory Mirsky, Weiqiang Cheng, 2019-10-17, This document discusses the inter-domain scenarios for SR-MPLS networks and proposes the solution with the use of path segments. "The Use of Path Segment in SR-MPLS and MPLS Interworking", Quan Xiong, Gregory Mirsky, Weiqiang Cheng, 2019-10-17, This document discusses the SR-MPLS and MPLS interworking scenarios and proposes the solution with the use of path segments. "Inter-Domain Multicast Deployment using BIERv6", Liang Geng, Jingrong Xie, Mike McBride, Gang Yan, 2019-07-04, Bit Index Explicit Replication IPv6 encapsulation (BIERv6) introduces an approach to use IPv6 extension header to carry BIER header with IPv6 unicast address as destination address. It provides the ability to replicate a packet from one router to another router in a different domain as well as in the same domain. This document introduces the techniques for multicast deployment across multiple domains using BIERv6, and demonstrate how BIERv6 is beneficial for such deployment. "RTO considerations in LPWAN", Carles Gomez, Jon Crowcroft, 2019-07-04, Low-Power Wide Area Network (LPWAN) technologies are characterized by very low physical layer bit and message transmission rates. Moreover, a response to a message sent by an LPWAN device may often only be received after a significant delay. As a result, Round-Trip Time (RTT) values in LPWAN are often (sometimes, significantly) greater than typical default values of Retransmission TimeOut (RTO) algorithms. Furthermore, buffering at network elements such as radio gateways may interact negatively with LPWAN technology transmission mechanisms, potentially exacerbating RTTs by up to several orders of magnitude. This document provides guidance for RTO settings in LPWAN, and describes an experimental dual RTO algorithm for LPWAN. "DetNet Control Plane Framework", Xuesong Geng, Mach(Guoyi) Chen, Fengwei Qin, 2019-07-04, This document defines DetNet control plane framework. It specifies the guidance of DetNet control plane implementation. "PMS/Head-end based MPLS Ping and Traceroute in Inter-AS SR Networks", Shraddha Hegde, Kapil Arora, Samson Ninan, Mukul Srivastava, Nagendra Kumar, 2019-11-04, Segment Routing (SR) architecture leverages source routing and tunneling paradigms and can be directly applied to the use of a Multiprotocol Label Switching (MPLS) data plane. Segment Routing also provides an easy and efficient way to provide inter connectivity in a large scale network as described in [RFC8604]. [RFC8287] illustrates the problem and defines extensions to perform LSP Ping and Traceroute for Segment Routing IGP-Prefix and IGP-Adjacency Segment Identifiers (SIDs) with an MPLS data plane. It is useful to have the LSP Ping and traceroute procedures when an SR end-to-end path spans across multiple ASes. This document describes mechanisms to facilitae LSP ping and traceroute in inter-AS SR networks in an efficient manner with simple OAM protocol extension which uses dataplane forwarding alone for sending Echo-Reply. "Advertising L2 Bundle Member Link Attributes in OSPF", Ketan Talaulikar, Peter Psenak, 2019-07-04, There are deployments where the Layer 3 interface on which OSPF operates is a Layer 2 interface bundle. Existing OSPF advertisements only support advertising link attributes of the Layer 3 interface. If entities external to OSPF wish to control traffic flows on the individual physical links which comprise the Layer 2 interface bundle link attribute information about the bundle members is required. This document introduces the ability for OSPF to advertise the link attributes of layer 2 (L2) Bundle members. "Modern Network Unicode", Carsten Bormann, 2019-07-08, RFC 5198 both defines common conventions for the use of Unicode in network protocols and caters for the specific requirements of the legacy protocol Telnet. In applications that do not need Telnet compatibility, some of the decisions of RFC 5198 are cumbersome. The present specification defines "Modern Network Unicode" (MNU), which is a form of RFC 5198 Network Unicode that can be used in specifications that require the exchange of plain text over networks and where just mandating UTF-8 (RFC 3629) may not be sufficient, but there is also no desire to import all of the baggage of RFC 5198. In addition to a basic "Clean Modern Network Unicode" (CMNU), this specification defines a number of variances that can be used to tailor MNU to specific areas of application. In particular, "Modern Network Unicode with lines" can be used in applications that require line-structured text such as plain text documents or markdown format. "Industrial Use Cases for In-Network Computing", Ike Kunze, Klaus Wehrle, 2019-11-04, Cyber-physical systems and the Industrial Internet of Things are characterized by diverse sets of requirements which can hardly be satisfied using standard networking technology. One example are latency-critical computations which become increasingly complex and are consequently outsourced to more powerful cloud platforms for feasibility reasons. The intrinsic physical propagation delay to these remote sites can, however, already be too high for given requirements. The challenge is to develop techniques that bring together these requirements. Utilizing available computational capabilities within the network can be a solution to this challenge which makes in-network computing concepts a promising starting point. This document discusses select industrial use cases to demonstrate how in-network computing concepts can be applied to the industrial domain and to point out essential requirements of industrial applications. "BGP based Virtual Private Network (VPN) Services over SRv6+ enabled IPv6 networks", Srihari Ramachandra, Ron Bonica, 2019-07-22, This document defines BGP protocol extensions for encoding and carrying SRv6+ Per-Path Service Instruction information to support Virtual Private Network services. This is applicable when the VPN services are offered in a SRv6+ enabled IPv6 network such that the VPN payload is transported over IPv6. The Per-Path Service Instruction information is encoded in the IPv6 Destination Option Header in the IPv6 data packets. "An Open Congestion Control Architecture with network cooperation for RDMA Fabric", Zhuangyan, Rachel Huang, 2019-07-05, This document describes an open congestion control architecture with network cooperation (including network proactive and passive control) for high performance RDMA fabric to provide low latency and high throughput for datacenter applications such as the AI computing. "RAW use cases", Georgios Papadopoulos, Pascal Thubert, Fabrice Theoleyre, Carlos Bernardos, 2019-11-04, The wireless medium presents significant specific challenges to achieve properties similar to those of wired deterministic networks. At the same time, a number of use cases cannot be solved with wires and justify the extra effort of going wireless. This document presents wireless use cases demanding reliable and available behavior. "Operations, Administration and Maintenance (OAM) features for RAW", Fabrice Theoleyre, Georgios Papadopoulos, 2019-11-04, The wireless medium presents significant specific challenges to achieve properties similar to those of wired deterministic networks. At the same time, a number of use cases cannot be solved with wires and justify the extra effort of going wireless. This document presents some of these use-cases. "Distributed Denial-of-Service Open Threat Signaling (DOTS) Telemetry", Tirumaleswar Reddy.K, Mohamed Boucadair, Ehud Doron, chenmeiling, 2019-10-18, This document aims to enrich DOTS signal channel protocol with various telemetry attributes allowing optimal DDoS attack mitigation. This document specifies the normal traffic baseline and attack traffic telemetry attributes a DOTS client can convey to its DOTS server in the mitigation request, the mitigation status telemetry attributes a DOTS server can communicate to a DOTS client, and the mitigation efficacy telemetry attributes a DOTS client can communicate to a DOTS server. The telemetry attributes can assist the mitigator to choose the DDoS mitigation techniques and perform optimal DDoS attack mitigation. "Using GOST ciphers in ESP and IKEv2", Valery Smyslov, 2019-10-31, This document defines a set of encryption transforms for use in Encapsulating Security Payload (ESP) and Internet Key Exchange version 2 (IKEv2) protocols. The transforms are based on Russian cryptographic standard algorithms (GOST) in a Multilinear Galois Mode (MGM). "Reporting MUD behavior to vendors", Eliot Lear, Mudumbai Ranganathan, 2019-07-05, As with other technology, manufacturers would like to understand how networks implementing MUD are treating devices that are providing MUD URLs and MUD files. This memo specifies an extension to MUD that permits certain behaviors to be reported. "OAM for use in GENEVE", Gregory Mirsky, Min Xiao, Sami Boutros, David Black, 2019-07-05, This document defines encapsulation for active Operations, Administration, and Maintenance protocols in Geneve protocol. Also, the format and operation of the Echo Request and Echo Reply mechanism in Geneve are defined. "BMP Extension for Path Marking TLV", Camilo Cardona, Paolo Lucente, Pierre Francois, Yunan Gu, Thomas Graf, 2019-10-31, The BGP Monitoring Protocol (BMP) provides an interface for obtaining BGP Path information. BGP Path Information is conveyed within BMP Route Monitoring (RM) messages. This document proposes an extension to BMP to convey the status of a BGP path after being processed by the BGP best-path selection algorithm. This extension makes use of the TLV mechanims described in draft-lucente-bmp-tlv [I-D.lucente-bmp-tlv]. "Observe Notifications as CoAP Multicast Responses", Marco Tiloca, Rikard Hoeglund, Christian Amsuess, Francesca Palombini, 2019-11-04, The Constrained Application Protocol (CoAP) allows clients to "observe" resources at a server, and receive notifications as unicast responses upon changes of the resource state. In some use cases, such as based on publish-subscribe, it would be convenient for the server to send a single notification to all the clients observing a same target resource. This document defines how a CoAP server sends observe notifications as response messages over multicast, by synchronizing all the observers of a same resource on a same shared Token value. Besides, this document defines how Group OSCORE can be used to protect multicast notifications end-to-end from the CoAP server to the multiple observer clients. "Group OSCORE Profile of the Authentication and Authorization for Constrained Environments Framework", Marco Tiloca, Rikard Hoeglund, Ludwig Seitz, Francesca Palombini, 2019-11-04, This document specifies a profile for the Authentication and Authorization for Constrained Environments (ACE) framework. The profile uses Object Security for Constrained RESTful Environments (OSCORE) and/or Group OSCORE to provide communication security between a Client and (a group of) Resource Server(s). Furthermore, the profile uses (Group) OSCORE to provide server authentication, and OSCORE to achieve proof-of-possession for a key owned by the Client and bound to an OAuth 2.0 Access Token. Also, the profile provides proof-of-group-membership for the Client, by securely binding the pre-established Group OSCORE Security Context to the pairwise OSCORE Security Context newly established with the Resource Server. "IS-IS Extensions to Support Packet Network Slicing using Segment Routing", Yongqing Zhu, Ran Chen, Shaofu Peng, Fengwei Qin, 2019-12-03, [I-D.peng-teas-network-slicing] defines a unified TN-slice identifier, AII(administrative instance identifier), to indicate the topology, computing, storage resources of the dedicated virtual network for both intra-domain and inter-domain network slicing scenarios. This draft describes the IS-IS extensions required to support Packet Network Slicing using Segment Routing. "Reaction of Stateless Address Autoconfiguration (SLAAC) to Flash- Renumbering Events", Fernando Gont, Jan Zorz, Richard Patterson, 2019-11-01, In scenarios where network configuration information related to IPv6 prefixes becomes invalid without any explicit signaling of that condition (such as when a CPE crashes and reboots without knowledge of the previously-employed prefixes), nodes on the local network will continue using stale prefixes for an unacceptably long period of time, thus resulting in connectivity problems. This document documents this problem, and discusses operational workarounds that may help to improve network robustness. Additionally, it highlights areas where further work may be needed. "YANG Data Model for p2mp sr policy", Hooman Bidgoli, Daniel Voyer, Jayant Kotalwar, Rishabh Parekh, Tarek Saad, 2019-10-30, SR P2MP policies are set of policies that enable architecture for P2MP service delivery. A P2MP policy consists of candidate paths that connects the Root of the Tree to a set of Leaves. The P2MP policy is composed of replication segments. A replication segment is a forwarding instruction for a candidate path which is downloaded to the Root, transit nodes and the leaves. This document defines a YANG data model for SR P2MP Policy Configuration and operation. "M-LDP Signaling Through BIER Core", Hooman Bidgoli, Jayant Kotalwar, Zhaohui Zhang, Eddie Leyton, mankamana mishra, 2019-11-04, Bit Index Explicit Replication (BIER) is an architecture that provides multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast related per-flow state. Neither does BIER require an explicit tree-building protocol for its operation. A multicast data packet enters a BIER domain at a "Bit-Forwarding Ingress Router" (BFIR), and leaves the BIER domain at one or more "Bit-Forwarding Egress Routers" (BFERs). The BFIR router adds a BIER header to the packet. Such header contains a bit-string in which each bit represents exactly one BFER to forward the packet to. The set of BFERs to which the multicast packet needs to be forwarded is expressed by the according set of bits switched on in BIER packet header. This document describes the procedure needed for mLDP tunnels to be signaled over and stitched through a BIER core, allowing LDP routers to run traditional Multipoint LDP services through a BIER core. "Domain Name System (DNS) Resource Record types for transferring covert information from primary to secondaries", Witold Krecicki, Evan Hunt, Dan Mahoney, 2019-07-06, The Domain Name System (DNS) Resource Record TYPEs IANA registry reserves the range 128-255 for Q-TYPEs and Meta-TYPEs [RFC6895] - Resource Records that can only be queried for or contain transient data associated with a particular DNS message. This document reserves a range of RR TYPE numbers for Covert-TYPEs - types that are an integral part of the zone but cannot be accessed via a normal QUERY operation. Uses for such records could include zone comments that are transferrable with the zone, expiry times for dynamically updated records, or Zone Signing Keys for inline signing. This document, however, does not define any specific Covert RR types. "Clarifications for Elliptic Curve Cryptogtaphy Subject Public Key Information", Tadahiko Ito, Sean Turner, 2019-08-13, This document updates RFC 5480 to specify semantics for the keyEncipherment and dataEncipherment key usage bits when used in certificates that support Elliptic Curve Cryptography. "SR Path Ingress Protection", Huaimo Chen, Mehmet Toy, Aijun Wang, Zhenqiang Li, Lei Liu, Xufeng Liu, 2019-10-23, This document describes extensions to Border Gateway Protocol (BGP) for protecting the ingress node of a Segment Routing (SR) tunnel or path. "SR Path Ingress Protection", Huaimo Chen, Mehmet Toy, Aijun Wang, Zhenqiang Li, Lei Liu, Xufeng Liu, 2019-10-24, This document describes extensions to Path Computation Element (PCE) communication Protocol (PCEP) for protecting the ingress node of a Segment Routing (SR) tunnel or path. "A method for dots server deployment", chenmeiling, Li Su, Jin Peng, 2019-11-03, As DOTS is used for DDoS Mitigation signaling, in practice, there are different deployment scenarios for DOTS agents deployment depending on the network deployment mode. This document made an accommandation for DOTS Server deployment which may be Suitable for ISP. The goal is to provide some guidance for DOTS agents deployment. "CMP Updates", Hendrik Brockhaus, 2019-11-04, This document contains a set of updates to the base syntax of Certificate Management Protocol (CMP) version 2. This document updates RFC 4210. Specifically, the CMP services updated in this document comprise the enabling of using EnvelopedData instead of EncryptedValue and the definition of extended key usages to identify certificates of CMP endpoints on certification and registration authorities. "Using DHCP to Manage Node and Ring SID Assignment", Kireeti Kompella, Ron Bonica, 2019-07-07, Node and ring segment identifiers (SIDs) assignements in a particular domain (such as an IGP area) must follow certain rules: they must be allocated from a configured set of SID blocks; they must be unique; and the values should be sticky, i.e., the same value(s) should be assigned to a node should its assignment expire (as might happen if the node resets). This memo suggests the use of the Dynamic Host Configuration Protocol to handle such assignments. "Robots Exclusion Protocol", Martijn Koster, Gary Illyes, Henner Zeller, Lizzi Harvey, 2019-07-07, This document standardizes and extends the "Robots Exclusion Protocol" method originally defined by Martijn Koster in 1996 for service owners to control how content served by their services may be accessed, if at all, by automatic clients known as crawlers. "Taxonomy of Issues in Internet Media", Jake Holland, 2019-07-07, This document provides a taxonomy of networking issues that pertain to quality of experience in delivery of video or other high-bitrate media over the internet. "BIER Source Protection", Zheng Zhang, Gregory Mirsky, Quan Xiong, 2019-07-07, This document describes the multicast source protection functions in Bit Index Explicit Replication BIER domain. "Usecases definition for IoT DDoS attacks prevention", Sorin Faibish, 2019-07-07, This document specifies several usecases related to the different ways IoT devices are exploited by malicious adversaries to instantiate Distributed Denial of Services (DDoS) attacks. The attacks are generted from IoT devices that have no proper protection against generating unsolicited communication messages targeting a certain network and creating large amounts of network traffic. The attackers take advantage of breaches in the configuration data in unprotected IoT devices exploited for DDoS attacks. The attackers take advantage of the IoT devices that can send network packets that were generated by malicious code that interacts with an OS implementation that runs on the IoT devices. The prupose of this draft is to prsent possible IoT DDoS usecases that need to be prevented by TEE. The major enabler of such attacks is related to IoT devices that have no OS or unprotected EE OS and run code that is downloaded to them from the TA and modified by man-in-the-middle that inserts malicious code in the OS. "DOTS client carry ddos attack informations in signal channel", chenmeiling, Li Su, Jin Peng, 2019-08-22, This document describes DDoS attack information which can be obtained by DOTS client when the enterprise suspects it is under DDoS attack, these informations will be send from DOTS client to DOTS server in mitigation request using Signal channel or Data channel. "RDAP jCard Profile", Tom Harrison, George Michaelson, 2019-07-07, The Registration Data Access Protocol (RDAP) is used by Regional Internet Registries (RIRs) and Domain Name Registries (DNRs) to provide access to their resource registration information. RDAP uses jCard to convey information about individuals and other entities: for example, for the technical contact for a domain name. In practice, server operators are only using a small subset of jCard's functionality, so in an effort to simplify the requirements on the client side, this document defines a jCard profile for use with RDAP. "Publish-Subscribe Service in ICN-based Vehicular Network", Haksuh Kim, Paul Choi, Hee Jung, Sunme Kim, 2019-07-07, As autonomous vehicle is becoming a major research in automotive engineering, the importance of vehicular network is also increasing. Content-oriented vehicular network requires new communication architecture that is different from the existing IP-based architecture. ICN is one of the best alternatives for vehicular network to serve as communication infrastructure. ICN only supports pull-based communication. Therefore, an efficient communication method is needed for disseminating safety information for vehicles, and the publish/subscribe(pub/sub) system can be a good alternative. This document proposes a pub/sub service architecture and procedures for disseminating safety information between vehicles and infrastructure. "Inter-Domain Traffic Steering with BGP Labeled Colored Unicast (BGP-LCU)", Louis Chan, Rafal Szarecki, 2019-07-07, This document describes technology that enables for Inter-Domain signaling of existence of E2E path that satisfy high-level traffic treatment behavior intent. The inter-domain path is built by the BGP protocol, as a concatenation of per TE-domain internal paths (segments), provisioned by one of existing intra-domain techniques. The traffic treatment behavior is encoded as an integer value called as "COLOR". The domain internal paths/tunnels are marked as satisfying given traffic treatment behavior. Then the tunnel destination and its COLOR are exchanged between TE-Domains using a new BGP LABELED-COLORED-UNICAST NLRI (BGP-LCU) defined in this document. "SRv6 and MPLS interworking for VPN service", Shaofu Peng, Zheng Zhang, Gregory Mirsky, 2019-07-07, This document describes a method to achieve an inter-domain connection for a VPN (Virtual Private Network) service. "Privacy threats and possible countermeasures for Multipath-TCP (MPTCP)", Marcelo Bagnulo, Amelia Andersdotter, Christoph Paasch, 2019-07-08, This note performs a differential analysis of the threats regarding privacy of the Multipath TCP protocol compared to regular TCP and proposes a set of countermeasures for the threats identified. "rLEDBAT: receiver-driven Low Extra Delay Background Transport for TCP", Marcelo Bagnulo, Alberto Garcia-Martinez, Gabriel Montenegro, Praveen Balasubramanian, 2019-10-29, This document specifies the rLEDBAT, a set of mechanisms that enable the execution of a less-than-best-effort congestion control algorithm for TCP at the receiver end. "BFD for Geneve", Min Xiao, Gregory Mirsky, Juniper Networks, 2019-10-22, This document describes the use of the Bidirectional Forwarding Detection (BFD) protocol in point-to-point Generic Network Virtualization Encapsulation (Geneve) tunnels forming up an overlay network. "IoT Edge Computing Challenges and Functions", Jungha Hong, Yong-Geun Hong, Xavier de Foy, Matthias Kovatsch, Eve Schooler, Dirk Kutscher, 2019-11-04, This document describes new challenges such as strict latency, uplink cost, uninterrupted services, privacy and security, for IoT services originated from the IoT environmental changes. In order to address those new challenges, the integration of Edge computing and IoT has emerged as a promising solution. This document describes the concept of IoT integrated with Edge computing as well as the state-of-the-art of IoT Edge computing. It also proposes a general model for IoT Edge computing. The direction of Edge computing for IoT should be discussed in the IETF/IRTF. "Intelligent Reasoning on External Events for Network Management", Pedro Martinez-Julia, 2019-07-08, The adoption of AI in network management solutions is becoming a reality. It is mainly supported by the need to resolve complex problems arisen from the acceptance of SDN/NFV technologies as well as network slicing. This allows current computer and network system infrastructures to constantly grow in complexity, in parallel to the demands of users. However, exploiting the possibilities of AI is not an easy task. There has been a lot of effort to make Machine Learning (ML) solutions reliable and acceptable but, at the same time, other mechanisms have been forgotten. It is the particular case of reasonsing. Although it can provide enormous benefits to management solutions by, for example, infering new knowledge and applying differnet kind of rules (eg.g logical) to choose from several actions, it has received little attention. While ML solutions work with data, so their only requirement from the network infrastructure is data retrieval, reasoning solutions work in collaboration to the network they are managing. This makes the challenges arisen from intelligent reasoning to be a key for the evolution of network management towards the full adoption of AI. "SRv6 Network Migration", Chongfeng Xie, Li Cong, Shuping Peng, Zhenbin Li, Yaqun Xiao, 2019-07-08, SRv6 has significant advantages over SR-MPLS which has attracted more and more attentions and interests from operators and verticals. The smooth network migration towards SRv6 is a key focal point for the SRv6 deployers. This document provides network migration guidance and recommendations on solutions in various scenarios. "Hop-by-Hop Authentication in Content-Centric Networking/Named Data Networking", Ruidong Li, Hitoshi Asaeda, 2019-11-16, The unpredictability of consumers, routers, copyholders, and publishers for the in-network data retrievals in Content-Centric Networking (CCN) / Named Data Networking (NDN) poses a challenge to design an authentication mechanism to inhibit the malicious consumers to flood data requests and prevent the fake data from being provided. Signature is adopted as the fundamental function in CCN / NDN, which however can only provide publisher authentication with additional certificate acquisition. This document describes the the Hop-by-Hop Authentication mechanism (HopAuth) integrating certificate collection and packet forwarding potentially with the assistance from certificate authority to provide consumer authentication, copyholder authentication and path authentication to enable the in-network data retrieval to be trustworthy, besides the publisher authentication. "Requirement of Computing in network", Peng Liu, Liang Geng, 2019-11-03, New technology such as IOT, edge computing,etc. propose the requirement of computing in network, so convergence of network and computing has become a trend. This document points out the requirements of computing in network according to the development of new Industry, including the performance, function and management requirements. "5G transport network benchmarking", Luis Contreras, Juan Rodriguez, Lourdes Luque, 2019-07-08, New 5G services are starting to be deployed in operational networks, leveraging in a number of novel technologies and architectural concepts. The purpose of this document is to overview the implications of 5G services in transport networks and to provide guidance on bechmarking of the infratructures supporting those services. "SRv6 for Deterministic Networking (DetNet)", Xuesong Geng, Zhenbin Li, Mach Chen, 2019-07-08, Deterministic Networking provides service with low jitter, bounded latency and low loss rate, using technologies of explicit route, resource reservation and service protection.This document specifies how to implement Deterministic Networking (DetNet) in a SRv6 Network. "Queue Protection to Preserve Low Latency", Bob Briscoe, Greg White, 2019-07-08, This informational document defines and explains the specification of the queue protection algorithm used in DOCSIS 3.1. It is believed this algorithm will be useful in scenarios other than DOCSIS. A shared low latency queue relies on the non-queue-building behaviour of every traffic flow using it. However, some flows might not take such care, either accidentally or maliciously. If a queue is about to exceed a threshold level of delay, the queue protection algorithm can rapidly detect the flow(s) most likely to be responsible. It can then prevent selected packets of these flows (or whole flows) from harming the queuing delay of other traffic in the low latency queue. "Distributed SFC control for fog environments", Carlos Bernardos, Alain Mourad, 2019-07-08, Service function chaining (SFC) allows the instantiation of an ordered set of service functions and subsequent "steering" of traffic through them. In order to set up and maintain SFC instances, a control plane is required, which typically is centralized. In certain environments, such as fog computing ones, such centralized control might not be feasible, calling for distributed SFC control solutions. This document introduces the role of SFC pseudo- controller and specifies solutions to select and initialize such new logical function. "Gateway Function for Network Slicing", Shunsuke Homma, Xavier de Foy, A. Galis, Luis Contreras, 2019-11-03, This document describes the roles and requirements for a slice gateway that is a function or function group for handling data plane traffic, such as connecting/disconnecting and compose/decompose network slice subnet instances and providing network slices from end to end. The interworkings between management and control elements at the management and control planes with the gateway function for controlling and orchestrating end-to-end network slices are also presented in this document. "Protocol Assisted Protocol (PAP)", Zhenbin Li, Lei Li, Yunan Gu, 2019-07-08, For routing protocol troubleshooting, different approaches exibit merits w.r.t. different situations. They can be generally divided into two categories, the distributive way and the centralized way. A very commonly used distributive approach is to log in possiblly all related devices one by one to check massive data via CLI. Such approach provides very detailed device information, however it requires operators with high NOC (Network Operation Center) experience and suffers from low troubleshooting efficiency and high cost. The centralized approach is realized by collecting data from devices via approaches, like the streaming Telemetry or BMP(BGP Monitoring Protocol) RFC7854 [RFC7854], for the centralized server to analyze all gathered data. Such approach allows a comprehensive view fo the whole network and facilitates automated troubleshooting, but is limited by the data collection boundary set by different management domains, as well as high network bandwidth and CPU computation costs. This document proposes a semi-distributive and semi-centralized approach for fast routing protocol troubleshooting, localizing the target device and possibly the root cause, more precisely. It defines a new protocol, called the PAP (Protocol assisted Protocol), for devices to exchange protocol related information between each other in both active and on-demand manners. It allow devices to request specific information from other devices and receive replies to the requested data. It also allows actively transmission of information without request to inform other devices to better react w.r.t. network issues. "Endpoint Taxonomy for CLESS", Mark McFadden, 2019-07-08, A separate document [I-D:draft-taddei-smart-cless-introduction] (CLESS) attempts to establish the capabilities and limitations of endpoint-only security solutions and explore potential alternative approaches. That document discusses endpoints in general terms. It has been suggested that there are classes of endpoints that have different characteristics. Those classes may have completely different threat landscapes and the endpoints may have completely different security capabilities. In support of the work on CLESS, this document provides a taxonomy of endpoints that is intended to provide a foundation for further work on CLESS and research on approaches to providing endpoint security alternatives in a diverse group of settings. "Encapsulation of Path Segment in SRv6", Cheng Li, Weiqiang Cheng, Zhenbin Li, Dhruv Dhody, 2019-11-04, Segment Routing (SR) allows for a flexible definition of end-to-end paths by encoding paths as sequences of sub-paths, called "segments". Segment routing architecture can be implemented over IPv6 data plane, called SRv6. In some use-cases such as end-to-end SR Path Protection and Performance Measurement (PM), SRv6 path need to be identified. This document defines the encoding and processing of Path Segment in SRv6 networks. "Lightweight CMP Profile", Hendrik Brockhaus, Steffen Fries, David von Oheimb, 2019-11-04, The goal of this document is to facilitate interoperability and automation by profiling the Certificate Management Protocol (CMP) version 2 and the related Certificate Request Message Format (CRMF) version 2. It specifies a subset of CMP and CRMF focusing on typical uses cases relevant for managing certificates of devices in many industrial and IoT scenarios. To limit the overhead of certificate management for more constrained devices only the most crucial types of transactions are specified as mandatory. To foster interoperability also in more complex scenarios, other types of transactions are specified as recommended or optional. "Enhancement of IPv6 Extension Header", Zhenbin Li, Shuping Peng, 2019-07-08, As SRv6 and the new services such as SFC and IOAM are progressing, more and more new requirements are imposed upon the IPv6 extension headers, i.e.. Hop-by-hop Options Header, Destination Options Header and Routing Header. This document defines new IPv6 extension headers and corresponding processing procedures considering the interactions among the existing IPv6 extension headers, SRH and the newly introduced IPv6 extension headers. "Instant Congestion Assessment Network (iCAN) for Traffic Engineering", Joanna Dang, Bing Liu, Guangming Yang, Kyungtae Lee, 2019-11-04, This draft proposes a new technology named iCAN (instant Congestion Assessment Network), which represents a set of mechanisms running directly on network nodes. These mechanisms allow the nodes adjusting the flows' paths based on real-time measurement of the candidate paths. The measurement is to reflect the congestion situation of each path, so that the nodes could decide which flows need to be switched from a path to another. This is something that current TE technologies can hardly achieve. In current TE, the paths are usually planned in a certralized controller, which is far from the data plane, thus neither be able to assess the real-time congestion situation of each path, nor able to assure the data plane always go as expected (especially in SRv6 scenarios). In a result, traditional TE is not able to adjust the flow paths in real-time to fit for the change of traffic instantly. iCAN can work with traditional TE perfectly: the controller plans multi-path transmission in relatively long period (e.g. minutes), and iCAN does the flow path optimization in a much shorter interval (e.g. milliseconds). "Multipath TCP Inactivity Time Option", Viet-Hoang Tran, Olivier Bonaventure, 2019-07-08, This document discusses the lifetime of idle MPTCP sessions, and defines an MPTCP Option subkind for hosts to announce and request this value. "Multipath TCP Subflow Rate Limit Option", Viet-Hoang Tran, Olivier Bonaventure, 2019-07-08, This document defines a new MPTCP Option that enables hosts to request their peers to limit the maximum transfer rate on a per- subflow basis. "Real Time Internet Peering Protocol", Jonathan Rosenberg, Cullen Jennings, Anthony Minessale, Jason Livingood, Justin Uberti, 2019-07-08, This document specifies the Realtime Internet Peering Protocol (RIPP). RIPP is used to provide telephony peering between a trunking provider (such as a telco), and a trunking consumer (such as an enterprise, cloud PBX provider, cloud contact center provider, and so on). RIPP is an alternative to SIP, SDP and RTP for this use case, and is designed as a web application using HTTP/3. Using HTTP/3 allows trunking consumers to more easily build their applications on top of cloud platforms, such as AWS, Azure and Google Cloud, all of which are heavily focused on HTTP based services. RIPP also addresses many of the challenges of traditional SIP-based trunking. Most notably, it mandates secure caller ID via STIR, and provides automated trunk provisioning as a mandatory protocol component. RIPP supports both direct and "BYO" trunk configurations. Since it runs over HTTP/3, it works through NATs and firewalls with the same ease as HTTP does, and easily supports load balancing with elastic cluster expansion and contraction, including auto-scaling - all because it is nothing more than an HTTP application. RIPP also provides built in mechanisms for migrations of calls between RIPP client and server instances, enabling failover with call preservation. "BGP Request for Advertising Candidate Path of Segment Routing TE Policies", Zhenbin Li, Lei Li, 2019-07-08, An SR Policy is a set of candidate paths. The headend of an SR Policy may learn multiple candidate paths for an SR Policy via a number of different mechanisms, e.g., CLI, NetConf, PCEP, or BGP. BGP distribute candidate paths has been defined in [I-D.ietf-idr-segment-routing-te-policy]. This document defines an extension of BGP to request BGP speaker(controller) advertise the candidate paths. The goal is to unify the protocol when the candidate path of SR Policy provision is via BGP to reduce the network complexity and potential bugs cause by different protocol interactions. "EVPN DEFAULT MAC", Haibo Wang, 2019-07-08, A principal feature of EVPN is the ability to support multihoming from a customer equipment (CE) to multiple provider edge equipment (PE) with all-active links. This draft specifies a mechanism of default mac to reduce amounts of advertising mac route and enhance EVPN network reliability. "Privacy and Security Threat Analysis and Requirements for Private Messaging", Iraklis Symeonidis, Bernie Hoeneisen, 2019-07-08, [RFC8280] has identified and documented important principles, such as Data Minimization, End-to-End, and Interoperability in order to enable access to fundamental Human Rights. While (partial) implementations of these concepts are already available, many current applications lack Privacy support that the average user can easily navigate. This document covers analysis of threats to privacy and security and derives requirements from this threat analysis. "Application-aware IPv6 Networking", Zhenbin Li, Shuping Peng, Chongfeng Xie, Li Cong, 2019-07-08, A multitude of applications are carried over the network, which have varying needs for network bandwidth, latency, jitter, and packet loss, etc. Some applications such as online gaming and live video streaming have very demanding network requirements thereof require special treatments in the network. However, in current networks, the network and applications are decoupled, that is, the network is not aware of the applications' requirements in a finer granularity. Therefore, it is difficult to provide truly fine-granular traffic operations for the applications and guarantee their SLA requirements. This document proposes a new framework, named Application-aware IPv6 Networking, and also the solution to guarantee SLA for applications, which makes use of IPv6 extensions header in order to convey the application related information including its requirements along with the packet to the network so to facilitate the service deployment and network resources adjustment. Then, it defines the application-aware options which can be used in the different IPv6 extension headers for the purpose. "Abstract", Young Lee, John Kaippallimalil, 2019-07-08, This draft is aimed to provide an applicability of Abstraction and Control of Traffic Engineered (TE) Networks (ACTN) for an end-to- end service assurance mechanism for 5G transport network. ACTN is an IETF standard architecture enabling virtual network operations to control and manage large-scale multi-domain, multi-layer and multi-vendor TE networks, so as to facilitate network programmability, automation, efficient resource sharing. 3GPP 5G requirements calls for Network Slicing support for various use cases such as enhanced mobile broadband (eMBB), massive machine- type communications (mMTC) and ultra-reliable and low latency communications (URLLC). In order to support these new requirements over multiple transport networks for 5G transport, the current 3GPP 5G architecture needs to support dynamic instantiation of end-to-end paths that assure service assurance and performance guarantee for traffic classes characterized by network slicing. "A Mechanism to Reduce the junky queries to Authoritative Name Servers Serving Small Size Zones", Jiankang Yao, 2019-07-08, Some zones are small, public and stable, but very important. They might deal with millions of queries every day. But many of the queries are junky. For examples, many queries DNS root servers receive are junky. The queried junky names are not in the root, but the root servers have to waste a lot of resources to deal with them. It has been an obstacle to increase the performance of DNS root query. In order to save the resource caused by the DNS junky queries, this document proposes a new mechanism by aggressive use of the owner name list of the DNS zone. "Network Programming extension: SRv6 uSID instruction", Clarence Filsfils, Pablo Camarillo, Dezhong Cai, Zhichun Jiang, Daniel Voyer, Ahmed Shawky, Nicolai Leymann, Dirk Steinberg, Shawn Zandi, Gaurav Dawra, Israel Meilik, Jim Uttaro, Luay Jalil, Ning So, Michael Fiumano, Mazen Khaddam, 2019-08-28, The SRv6 "micro segment" (SRv6 uSID or uSID for short) instruction is defined and illustrated. It is a straightforward extension to the SRv6 Network Programming model and its SRH encapsulation. "PCEP extensions for p2mp sr policy", Hooman Bidgoli, Daniel Voyer, Saranya Rajarathinam, Jayant Kotalwar, Siva Sivabalan, Tarek Saad, 2019-11-04, SR P2MP policies are set of policies that enable architecture for P2MP service delivery. This document specifies extensions to the Path Computation Element Communication Protocol (PCEP) that allow a stateful PCE to compute and initiate P2MP paths from a Root to a set of Leaves. "Enabling Network Traffic Obfuscation - Pluggable Transports", Brandon Wiley, David Oliver, 2019-07-08, Pluggable Transports (PTs) are a mechanism enabling the rapid development and deployment of network traffic obfuscation techniques used to circumvent surveillance and censorship. This specification does not define or limit the techniques themselves, but rather focuses on the startup, shutdown, and inter-process communication mechanisms required to make these technologies interoperable with applications. This document is based heavily on [PT2.1]. "BGP Usage for SDWAN Overlay Networks", Linda Dunbar, Jim Guichard, Ali Sajassi, John Drake, 2019-11-04, The document describes three distinct SDWAN scenarios and discusses the applicability of BGP for each of those scenarios. The goal of the document is to make it easier for future SDWAN control plane protocols discussion. SDWAN edge nodes are commonly interconnected by multiple underlay networks that are owned and managed by different network providers. A BGP-based control plane is chosen for handling large number of SDWAN edge nodes with little manual intervention. "Multicast in L3VPNs Signaled by EVPN SAFI", Zhaohui Zhang, Wen Lin, Jorge Rabadan, 2019-07-08, [ietf-bess-evpn-prefix-advertisement] specifies an EVPN SAFI Type-5 route that can be used to signal L3VPNs. This document specifies procedures for multicast in such an L3VPN. "Applicability of Abstraction and Control of Traffic Engineered Networks (ACTN) to Packet Optical Integration (POI)", Fabio Peruzzini, Italo Busi, Daniel King, Sergio Belotti, Gabriele Galimberti, Zheng Yanlei, Washington Correia, Jean-Francois Bouquier, 2019-10-31, This document considers the applicability of ACTN to Packet Optical Integration (POI) and IP and Optical DWDM domain internetworking, and specifically the YANG models being defined by the IETF to support this deployment architecture. In this document we highlight the IETF protocols and data models that may be used for the ACTN and control of POI networks, with particular focus on the interfaces between the MDSC (Multi-Domain Service Coordinator) and the underlying Packet and Optical Domain Controllers (P-PNC and O-PNC) to support Packet Optical Integration (POI) use cases. "Multipath TCP Extension for Robust Session Establishment", Markus Amend, Jiao Kang, 2019-11-04, Multipath TCP extends the plain, single-path limited, TCP towards the capability of multipath transmission. This greatly improves the reliability and performance of TCP communication. For backwards compatibility reasons the Multipath TCP was designed to setup successfully an initial path first, after which subsequent paths can be added for multipath transmission. For that reason the Multipath TCP has the same limitations as the plain TCP during connection setup, in case the selected path is not functional. This document proposes a set of implementations and possible combinations thereof, that provide a more Robust Establishment (RobE) of MPTCP sessions. It includes RobE_TIMER, RobE_SIM, RobE_eSIM and RobE_IPS. RobE_TIMER is designed to stay close to MPTCP in that standard functionality is used wherever possible. Resiliency against network outages is achieved by modifying the SYN retransmission timer: If one path is defective, another path is used. RobE_SIM and RobE_eSIM provides the ability to simultaneously use multiple paths for connection setup. They ensure connectivity if at least one functional path out of a bunch of paths is given and offers beside that the opportunity to significantly improve loading times of Internet services. RobE_IPS provides a heuristic to select properly an initial path for connection establishment with a remote host based on empirical data derived from previous connection information. In practice, these independent solutions can be complementary used. This document also presents the design and protocol procedure for those combinations in addition to the respective stand-alone solutions. "Operations, Administration and Maintenance (OAM) for Deterministic Networks (DetNet) with MPLS Data Plane", Gregory Mirsky, Mach Chen, 2019-07-08, This document lists functional requirements for Operations, Administration, and Maintenance (OAM) toolset in Deterministic Networks (DetNet) and, using these requirements; defines format and use principals of the DetNet service Associated Channel over a DetNet network with the MPLS data plane.. "Operations, Administration and Maintenance (OAM) for Deterministic Networks (DetNet) with IP Data Plane", Gregory Mirsky, Mach Chen, 2019-07-08, This document defines the principals for using Operations, Administration, and Maintenance protocols and mechanisms in the Deterministic Networking networks with IP data plane. "Return Routability Check for DTLS 1.2 and DTLS 1.3", Thomas Fossati, Hannes Tschofenig, 2019-07-08, This document specifies a return routability check for use in context of the Connection ID (CID) construct for the Datagram Transport Layer Security (DTLS) protocol versions 1.2 and 1.3. "DNS Zone Transfer using DNS Stateful Operations", Han Zhang, Pallavi Aras, Willem Toorop, Sara Dickinson, Allison Mankin, 2019-07-08, DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. This document specifies use of DNS Stateful Operations to enable a subscribe/publish mechanism for zone transfers reducing the over head introduced by NOTITY/SOA interactions prior to zone transfer request. This additionally prevents zone contents collection via passive monitoring of zone transfers by restricting XFR using DSO to require TLS. "An Intent-driven Management Framework", Qiong Sun, Will LIU, Kun Xie, 2019-07-08, Intent was defined as an abstract high-level policy (or instruction) used to trigger network operations (not only configuration aspects, but also continuous tuning to adjust the measured/actual network state to an expected state). This document describes the intent- driven management architecture, its key elements, and interfaces. "DNS Resolver-Based Policy Detection Domain", Andy Grover, Peter Saint-Andre, 2019-07-08, This document specifies the behavior that is expected from the Domain Name System with regard to DNS queries for the special-use domain name 'TBD.arpa' and designates this domain as a special-use domain name. "YANG data model for BGP Segment Routing Extensions", Kausik Majumdar, Kamran Raza, Bruno Decraene, 2019-07-08, This document defines a YANG data model that can be used to configure and manage Segment Routing extensions in BGP. "An Internet for Users Again", Dominique Lazanski, 2019-07-08, RFC 3552 introduces a threat model that does not include endpoint security. In the fifteen years since RFC 3552 security issues and cyber attacks have increased, especially on the endpoint. This document proposes a new approach to Internet cyber security protocol development that focuses on the user of the Internet, namely those who use the endpoint and are the most vulnerable to attacks. "YANG data model for BGP Segment Routing TE Extensions", Kausik Majumdar, Kamran Raza, Bruno Decraene, Zhichun Jiang, 2019-07-08, This document defines a YANG data model that can be used to configure and manage Segment Routing TE extensions in BGP. "Multicast Routing In Fat Trees", Zhaohui Zhang, Pascal Thubert, 2019-07-08, This document specifies multicast procedures with RIFT. Multicast in RIFT is similar to Bidirectional Protocol Independent Multicast (PIM- Bidir), with the Rendezvous Point Link (RP-Link) simulated by a spanning tree of some Top of Fabric (ToF) nodes and sub-ToF nodes. "PCEP Extensions for Preferred Path Routing", Yingzhen Qu, Huaimo Chen, 2019-07-08, This document specifies extensions to the Path Computation Element Protocol (PCEP) that allow a stateful PCE to initiate Preferred Path Routing (PPR) paths. It also specifies how PCC should react to the PCEP messages. "DoH Preference Hints for HTTP", David Schinazi, Nick Sullivan, Jesse Kipp, 2019-07-08, When using a publicly available DNS-over-HTTPS (DoH) server, some clients may suffer poor performance when the authoritative DNS server is located far from the DoH server. For example, a publicly available DoH server provided by a Content Delivery Network (CDN) should be able to resolve names hosted by that CDN with good performance but might take longer to resolve names provided by other CDNs, or might provide suboptimal results if that CDN is using DNS- based load balancing and returns different address records depending or where the DNS query originated from. This document attempts to lessen these issues by allowing the web server to indicate to the client which DoH server can best resolve its addresses. This document defines an HTTP header field that enables web host operators to inform user agents of the preferred DoH servers to use for subsequent DNS lookups for the host's domain. "Authoritative DNS-over-TLS Operational Considerations", Karl Henderson, Tim April, Jason Livingood, 2019-08-13, DNS over TLS (DoT) has been gaining attention, primarily as a means of communication between stub resolvers and recursive resolvers. There have also been discussions and experiments involving the use of DoT to communicate with authoritative nameservers (Authoritative DNS over TLS or "ADoT"), including communication between recursive and authoritative resolvers. However, we have identified a number of operational concerns with ADoT that have arisen as DNS operators have begun to experiment with and prepare for deploying DoT. These operational concerns need to be addressed prior to ADoT's deployment at scale by DNS operators in order to maintain the stability and resilience of the global DNS. The document also provides some suggested next steps to advance the operator community's understanding of ADoT's operational impact. "Yang Data Model for SRv6 based Services", Kamran Raza, Kausik Majumdar, Bruno Decraene, Zhichun Jiang, Satoru Matsushima, 2019-07-08, This document defines a YANG data model that can be used to configure and manage SRv6 based services in BGP. The YANG module in this document conforms to the Network Management Datastore Architecture (NMDA). "WebFinger Email Automatic Configuration", Paul Jones, Gonzalo Salgueiro, 2019-07-08, This document describes procedures for automatically configuring an email client by using WebFinger to convey mail server configuration and security-related information. "Directions for Computing in the Network", Dirk Kutscher, Teemu Karkkainen, Joerg Ott, 2019-11-04, In-network computing can be conceived in many different ways - from active networking, data plane programmability, running virtualized functions, service chaining, to distributed computing. This memo proposes a particular direction for Computing in the Networking (COIN) research and lists suggested research challenges. "IP RSVP-TE: Extensions to RSVP for P2P IP-TE LSP Tunnels", Tarek Saad, Vishnu Beeram, 2019-11-04, This document describes the use of RSVP (Resource Reservation Protocol), including all the necessary extensions, to establish Point-to-Point (P2P) Traffic Engineered IP (IP-TE) Label Switched Path (LSP) tunnel(s) for use in native IP forwarding networks. This document proposes specific extensions to the RSVP protocol to allow the establishment of explicitly routed IP paths using RSVP as the signaling protocol. The result is the instantiation of an IP Path which can be automatically routed away from network failures, congestion, and bottlenecks. "Packet Loss Signaling for Encrypted Protocols", Alexandre Ferrieux, Isabelle Hamchaoui, Igor Lubashev, 2019-11-04, This document describes a protocol-independent method that employs two bits to allow endpoints to signal packet loss in a way that can be used by network devices to measure and locate the source of the loss. The signaling method applies to all protocols with a protocol- specific way to identify packet loss. The method is especially valuable when applied to protocols that encrypt transport header and do not allow an alternative method for loss detection. "An Information Model for Assertions used in RATS", Henk Birkholz, Michael Eckel, 2019-07-08, This document defines a standardized information model (IM) for assertions that can be used in remote attestation procedures (RATS). The information elements defined include attestation assertions which provide information about system components characteristics, as well as commonly used attributes and attribute structures that are required by protocols facilitating remote attestation. "Describing Protocol Data Units with Augmented Packet Header Diagrams", Stephen McQuistin, Vivian Band, Colin Perkins, 2019-11-04, This document describes a machine-readable format for specifying the syntax of protocol data units within a protocol specification. This format is comprised of a consistently formatted packet header diagram, followed by structured explanatory text. It is designed to maintain human readability while enabling support for automated parser generation from the specification document. This document is itself an example of how the format can be used. "Preferred Path Routing (PPR) OAM and Accounting", Alexander Clemm, Padma Pillay-Esnault, Uma Chunduri, 2019-07-08, This document defines OAM and traffic accounting capabilities for Preferred Path Routing (PPR) for IS-IS and OSPF protocols. Specifically, this document specifies OAM capabilities that allow to assert proper PPR connectivity and to trace PPR path information. In addition, a set of statistics and operational data to facilitate PPR traffic accounting on a per-PPR path basis are defined. This includes a number of Information Elements that extend IPFIX to export path information, as well as a YANG Data Model to be used in conjunction with management and control protocols. Collectively the capabilities defined in this document provide network operators with the necessary means to ensure proper working of their PPR deployments. "Operational Considerations for use of DNS in IoT devices", Michael Richardson, 2019-11-04, This document details concerns about how Internet of Things devices use IP addresses and DNS names. The issue becomes acute as network operators begin deploying RFC8520 Manufacturer Usage Description (MUD) definitions to control device access. This document explains the problem through a series of examples of what can go wrong, and then provides some advice on how a device manufacturer can best make deal with these issues. The recommendations have an impact upon device and network protocol design. "Source specific multicast range distribution for L2 multicast networks", Ramakrishnan Sundaram, Stig Venaas, 2019-07-08, In an IGMP snooping multicast network with version 3 (v3) enabled on the routers, when a v2 join/leave is received for a multicast group the router operates on V2 compatible mode. For SSM ranges a (*,G)v2 or v3 report should be ignored by the router/switch. The IGMP snooping switches may not have knowledge about the user configured SSM range in the network to correctly discard/ignore the v2 join/ leave. Accepting (*,G) v2 or v3 will cause SSM operations to fail. This draft discusses distribution of SSM ranges in the L2 multicast network so that L2 snooping switches can learn about the configured SSM ranges and discard any (*,G) v2/v3 reports for the said ranges. "Asymmetric Loss-Tolerant Authentication", Kyle Rose, 2019-07-08, Establishing authenticity of a stream of datagrams in the presence of multiple receivers is naively achieved through the use of per-packet asymmetric digital signatures, but at high computational cost for both senders and receivers. Timed Efficient Stream Loss-Tolerant Authentication (TESLA) instead employs relatively cheap symmetric authentication, achieving asymmetry via time-delayed key disclosure, while adding latency to verification and imposing requirements on time synchronization between receivers and the sender to prevent forgery. This document introduces Asymmetric Loss-Tolerant Authentication (ALTA), which employs an acyclic graph of message authentication codes (MACs) transmitted alongside data payloads, with redundancy to enable authentication of all received payloads in the presence of certain patterns of loss, along with regularly paced digital signatures. ALTA requires no time synchronization and enables authentication of payloads as soon as sufficient authentication material has been received. "Asymmetric Loss-Tolerant Authentication", Kyle Rose, Jake Holland, 2019-07-08, Establishing authenticity of a stream of datagrams in the presence of multiple receivers is naively achieved through the use of per-packet asymmetric digital signatures, but at high computational cost for both senders and receivers. Timed Efficient Stream Loss-Tolerant Authentication (TESLA) instead employs relatively cheap symmetric authentication, achieving asymmetry via time-delayed key disclosure, while adding latency to verification and imposing requirements on time synchronization between receivers and the sender to prevent forgery. This document introduces Asymmetric Loss-Tolerant Authentication (ALTA), which employs an acyclic graph of message authentication codes (MACs) transmitted alongside data payloads, with redundancy to enable authentication of all received payloads in the presence of certain patterns of loss, along with regularly paced digital signatures. ALTA requires no time synchronization and enables authentication of payloads as soon as sufficient authentication material has been received. "IPv6 Path MTU Option", Erik Kline, 2019-07-08, This document describes an IPv6 Neighbor Discovery (ND) Path MTU Option (PMO) for inclusion in Router Advertisements (RAs). This allows some environments greater flexibility to support, for example, a higher MTU for on-link or intra-administrative-domain communications than for broader Internet communications. "HyStart++: Modified Slow Start for TCP", Praveen Balasubramanian, Yi Huang, Matt Olson, 2019-07-22, This informational memo describes HyStart++, a simple modification to the slow start phase of TCP congestion control algorithms. HyStart++ combines the use of one variant of HyStart and Limited Slow Start (LSS) to prevent overshooting of the ideal sending rate value, while also mitigating poor performance which can result from false positives when HyStart is used alone. This memo also describes the details of the current implementation in the Windows operating system. "Clarifying the Historical Record for RFC 32", Heather Flanagan, 2019-07-08, This document identifies an issue found in the historical record of the RFC Series with regards to RFC 32, a number issued to two separate documents in the early days of the Series. This document serves as a reference point such that errata can be registered against those RFCs that refer to RFC 32. "Some Congestion Experienced in TCP", Rodney Grimes, Peter Heist, 2019-11-04, This memo classifies a TCP code point ESCE ("Echo Some Congestion Experienced") for use in feedback of IP code point SCE ("Some Congestion Experienced"). "HTTP Transport Authentication", David Schinazi, 2019-07-08, The most common existing authentication mechanisms for HTTP are sent with each HTTP request, and authenticate that request instead of the underlying HTTP connection, or transport. While these mechanisms work well for existing uses of HTTP, they are not suitable for emerging applications that multiplex non-HTTP traffic inside an HTTP connection. This document describes the HTTP Transport Authentication Framework, a method of authenticating not only an HTTP request, but also its underlying transport. "Segment Routing Generic TLV for MPLS Label Switched Path (LSP) Ping/ Traceroute", Nagendra Kumar, Carlos Pignataro, Zafar Ali, Clarence Filsfils, 2019-07-09, RFC8402 introduces Segment Routing architecture that leverages source routing and tunneling paradigms and can be directly applied to the Multi Protocol Label Switching (MPLS) data plane. A node steers a packet through a controlled set of instructions called segments, by prepending the packet with Segment Routing header. SR architecture defines different types of segments with different forwarding semantics associated. SR can be applied to the MPLS directly and to IPv6 dataplane using a new routing header. RFC8287 defines the extensions to MPLS LSP Ping and Traceroute for Segment Routing IGP-Prefix and IGP-Adjacency Segment Identifier (SIDs) with an MPLS data plane. Various SIDs are proposed as part of SR architecture with different associated instructions that raises a need to come up with new Target FEC Stack Sub-TLV for each such SIDs. This document defines a new Target FEC Stack Sub-TLV that is used to validate the instruction associated with any SID. "SMPTE 2110 Normative References", Glenn Deen, 2019-07-10, This document lists the normative references of the SMPTE 2110 suite of standards from SMTPE that define the transport of professional video over IP networks. The purpose of this list is to capture and illustrate to the IETF reader the dependencies and diversity of needs that the standards in this suite have on the work of the IETF. This document is being discussed on the ggie@ietg.org mailing list. "DDoS Mitigation Offload: DOTS Applicability and Deployment Considerations", Yuhei Hayashi, Kaname Nishizuka, Mohamed Boucadair, 2019-07-21, This document describes a deployment scenario to assess the applicability of DOTS protocols together with a discussion on DOTS deployment considerations of such scenario. This scenario assumes that a DMS (DDoS Mitigation System) whose utilization rate is high sends its blocked traffic information to an orchestrator using DOTS protocols, then the orchestrator requests forwarding nodes such as routers to filter the traffic. Doing so enables service providers to mitigate the DDoS attack traffic automatically while ensuring interoperability and distributed filter enforcement. "EVPN Interoperability Modes", Lukas Krattiger, Ali Sajassi, Samir Thoria, Jorge Rabadan, John Drake, 2019-07-21, Ethernet VPN (EVPN) provides different functional modes in the area of Service Interface, Integrated Route and Bridge (IRB) and IRB Core connectivity. This document specifies how the different EVPN functional modes and types can interoperate with each other. This document doesn't aim to redefine the existing functional modes but extend them for interoperability. "5G Fixed Mobile Convergence User Plane Encapsulation", Dave Allan, Donald Eastlake, David Woolley, 2019-07-21, As part of providing wireline access to the 5G core, deployed wireline networks carry user data between 5G residential gateways and the 5G Access Gateway Function (AGF). The encapsulation used needs to meet a variety of requirements including being able to multiplex the traffic of multiple PDU sessions within a VLAN delineated access circuit, to permit legacy equipment in the data path to snoop certain packet fields, to carry 5G QoS information associated with the data, and to be efficiently encoded. This memo specifies an encapsulation that meets these requirements. "Compressed SRv6 Network Programming", Zhenbin Li, Cheng Li, Shuping Peng, Zhongzhen Wang, Bing Liu, 2019-07-21, Segment Routing can be applied to the IPv6 data plane by leveraging a new type of Routing Extension Header, called Segment Routing Header(SRH). However, the overhead introduced by SRH may be a challenge for the current hardware capability, which would have much effect on the forwarding performance and the payload efficiency. This document defines a compressed SRv6 network programming mechanism in order to reduce the overhead of SRv6 by introducing the Compressed Segment Identifier(C-SID) and the Compressed SRH(C-SRH). The C-SRH can be a new Routing Header or an enhancement of SRH, which is compatible with SRH well. "Indication of Local DNS Privacy Service During User Access", Zhiwei Yan, Guanggang Geng, 2019-07-21, This document aims to support the indication of privacy service of recursive resolver during the user access. "SRv6 for Inter-Layer Network Programming", Jie Dong, Zongpeng Du, 2019-07-21, This document defines a new SRv6 network function which can be used for SRv6 inter-layer network programming. It is a variant of the End.X function. Instead of pointing to an L3 adjacency, this function points to an underlay interface. Such a interface can stand for a underlay link or path/connection between two routers, which may be invisible in the L3 topology. "Registration Report Definition", Joseph Yee, 2019-07-21, This document specifies the domain registration report definition format in JavaScript Object Notation (JSON) that could be communicated between client and server in various mechanisms such SFTP and HTTP. If there is a preference to send registration report definition over EPP , the format could change from JSON to XML. "Authenticated Chunks for the Stream Control Transmission Protocol (SCTP) bis", Nagesh Shamnur, 2019-07-22, This document obsoletes RFC4895 if approved. This document describes a new chunk type, several parameters, and procedures for the Stream Control Transmission Protocol (SCTP). This new chunk type can be used to authenticate SCTP chunks by using shared keys between the sender and receiver. The new parameters are used to establish the shared keys. This document describes the limitations with the current SCTP AUTH RFC4895 and thus enhances the document to resolve such ambiguities and thus strengthen the overall AUTH procedure. "IPv6 Application of the Alternate Marking Method", Giuseppe Fioccola, Tianran Zhou, Mauro Cociglio, 2019-12-04, This document describes how the Alternate Marking Method can be used as the passive performance measurement tool in an IPv6 domain and reports implementation considerations. It proposes how to define a new Extension Header Option to encode alternate marking technique and also considers the Segment Routing Header TLV alternative. "Numeric Pattern Normalization (NPN)", john.woodworth@centurylink.com, Dean Ballew, Shashwath Raghavan, David Lawrence, 2019-07-22, The Numeric Pattern Normalization (NPN) resource record provides pre- processing information to reduce the number of possible variants which can be generated by pattern-based RR's into a single signable record. "SenML Base Name Prefix Indication", Ari Keranen, Christian Amsuess, 2019-07-22, The Sensor Measurement Lists (SenML) media type uses globally unique names to facilitate information exchange across systems. This requirement often leads to long names and hence large amount of data to be transmitted with each SenML Pack. This document defines an efficient mechanism to indicate a globally unique prefix for names. "Meeting Modalities for the Future", Eliot Lear, 2019-07-22, The IETF currently meets three times per year in various parts of the world. Somewhere around 1,000 people all get into planes, consume carbon, and then attend various meetings in what often is a jetlagged stupor. We gotta stop meeting like this. This draft calls on the LLC to research on the community's behalf new modalities for IETF face-to-face meetings. "LEDBAT++: Congestion Control for Background Traffic", Praveen Balasubramanian, Osman Ertugay, Daniel Havey, 2019-11-04, This experimental memo describes LEDBAT++, a set of enhancements to the LEDBAT (Low Extra Delay Background Transport) congestion control algorithm for background traffic. The LEDBAT congestion control algorithm has several shortcomings that prevent it from working effectively in practice. LEDBAT++ extends LEDBAT by adding a set of improvements, including reduced congestion window gain, modified slow-start, multiplicative decrease and periodic slowdowns. This set of improvement mitigates the known issues with the LEDBAT algorithm, such as latency drift, latecomer advantage and inter-LEDBAT fairness. LEDBAT++ has been implemented as a TCP congestion control algorithm in the Windows operating system. LEDBAT++ has been deployed in production at scale on a variety of networks and been experimentally verified to achieve the original stated goals of LEDBAT. "DNS64 Exclusion List RA Option", Mark Andrews, 2019-07-22, To allow automatic device configuration to a DNS64 process behind a IPv6-only link it is necessary to provide AAAA and A record exclusion lists. This document provide such a mechanism. "OAuth 2.0 Integrity Verification for Authorization Requests (IVAR)", Daniel Fett, John Bradley, 2019-07-22, This document describes a mechanism for the integrity protection of OAuth 2.0 authorization requests. "PCEP Extension for SR-MPLS Entropy Label Position", Shaofu Peng, Quan Xiong, 2019-09-12, This document proposes a set of extensions for PCEP to configure the entropy label position for SR-MPLS networks. "Cheap Nasty Queueing", Jonathan Morton, Peter Heist, 2019-11-04, This note presents Cheap Nasty Queueing (CNQ), a queueing algorithm intended as a bare-minimum functionality standard for hardware implementations. It provides stateless or single-instance AQM and basic sparse-flow prioritisation. "TLS Authentication using IEEE 1609.2 certificate", Mounira Msahli, Nancy Cam-Winget, Ahmed Serhrouchni, Houda Labiod, William Whyte, 2019-11-17, The IEEE and ETSI have specified end-entity certificates. This docment defines an experimental change to TLS to support IEEE/ETSI certificate types to authenticate TLS entities. "YANG Object Universal Parsing Interface", Ivaylo Petrov, 2019-11-04, YANG Object Universal Parsing Interface (YOUPI) specification describes generic way to encode and decode binary data based on a YANG model for use of constrainted devices. YOUPI is a generic mechanism designed for great flexibility, so that it can be adapted for any of the constainted devices. "EVPN LOOP PREVENTION BASED ON TRUSTED MAC", Haibo Wang, 2019-07-23, A principal feature of EVPN is the ability to support mac duplication detection based on mac mobility extened community. This draft specifies a mechanism of valid loop prevention based on trusted mac to avoid servce interruption of the specifed source or destination mac address due to "black- holing". "A Data Center Profile for Software Defined Networking (SDN)-based IPsec", Yoav Nir, 2019-07-23, This document presents two profiles for configuring IPsec within a data center using an SDN controller and the YANG model described in the sdn-ipsec draft. Two profiles are described to allow both the IKE and IKE-less cases because some data centers may be required to use a standardized method of key exchange rather than SDN. "Improved Extensible Authentication Protocol Using Only a Password", Dan Harkins, 2019-07-24, Passwords are a popular form of credential for user authentication. EAP-pwd (RFC 5931) is a popular method of performing secure password authenticaiton. EAP-pwd requires a secret element in a finite cyclic group, unfortunately the technique it uses to derive this secret is open to timing and cache attacks. This improved version, EAP-pwd', uses a different technique to derive the secret element which is resistant to timing and cache attacks. "SACM Information Model", Christopher Inacio, 2019-07-25, This defines the information model for the Security Automation and Continuous Monitoring (SACM) standards. The working group faces a set of complex issues when trying to define an information model that complicates this effort: o There are many standards in the SACM space which are not interoperable o There exists an extremely large and diverse set of data types which are desirable to exchange o Many data types depend on the operating systems from which they are collected; making a universal typing harder o A goal of SACM is to cover a diverse set of system types These complex needs create a information model which is difficult to unify within the environment. Instead, this information model design is focused on minimum needed functionality with the desire to include a type system design into the information model allowing for easy expandability. It is envisioned that this information model will serve the following purposes: o Enough well specified elements in order to exchange key data fields between systems o Sufficient typing system to expand key fields over time and use of a registry to standardize common expansions o Meta information such that compplete information exchange using various other formats understood by all parties can be used as needed to exchange complete records on demand o Sufficient action verbs defined to allow orchestration between various systems to allow unified control of federated components "Declaring Support for HTTP/2 Priorities", Bradford Lassey, Lucas Pardue, 2019-07-25, HTTP/2 provides a prioritization scheme but experience has shown that implementation support varies. This document defines an HTTP/2 setting that endpoints can use as an affirmative signal to indicate their support for HTTP/2 Priorities. "Deprecation of HTTP/2 Priority Signaling Hints", Martin Thomson, Roberto Peon, 2019-07-25, This document deprecates HTTP/2 priority signaling hints. "The need for Geo location transport protocol", pradeep xplorer, 2019-07-25, This document describes the need for a Geo location based transport protocol "Updates to the Allocation Policy for the Border Gateway Protocol - Link State (BGP-LS) Parameters Registries", Adrian Farrel, 2019-11-03, RFC 7752 defines Border Gateway Protocol - Link State (BGP-LS). IANA created a registry consistent with that document called the "Border Gateway Protocol - Link State (BGP-LS) Parameters Registry" with a number of sub-registries. The allocation policy applied by IANA for those policies is "Specification Required" as defined in RFC 8126. This document updates RFC 7752 by changing the allocation policy for all of the registries to "Expert Review" and by updating the guidance to the Designated Experts. "Area Abstraction for IS-IS", Tony Li, 2019-07-26, Link state routing protocols have hierarchical abstraction already built into them. However, when lower levels are used for transit, they must expose their internal topologies, leading to scale issues. To avoid this, this document discusses extensions to the IS-IS routing protocol that would allow level 1 areas to provide transit, yet only inject an abstraction of the level 1 topology into level 2. "Cross-Area Work in the IETF", Zhenbin Li, 2019-07-26, This document investigates the benefits of cross-area work in the IETF. It is examines existing cross-area work and identifies other possibilities for work that spans more than one area. The intention is to help community members who focus their work within a specific area to understand related work in other areas and to motivate efficient cooperation across different areas in the IETF. "Definition of new tags for relations between RFCs", Mirja Kuehlewind, Suresh Krishnan, 2019-09-04, An RFC can include a tag called "Updates" which can be used to link a new RFC to an existing RFC. On publication of such an RFC, the existing RFC will include an additional metadata tag called "Updated by" which provides a link to the new RFC. However, this tag pair is not well-defined and therefore it is currently used for multiple different purposes, which leads to confusion about the actual meaning of this tag and inconsistency in its use. This document recommends the discontinuation of the use of the updates/updated by tag pair, and instead proposes three new tag pairs that have well-defined meanings and use cases. "IPv6 Neighbor Discovery Unicast Lookup", Pascal Thubert, Eric Levy-Abegnoli, 2019-07-29, This document updates RFC 8505 in order to enable unicast address lookup from a 6LoWPAN Border Router acting as an Address Registrar. "Legacy RSASSA-PKCS1-v1_5 codepoints for TLS 1.3", David Benjamin, 2019-07-29, This document allocates code points for the use of RSASSA-PKCS1-v1_5 with client certificates in TLS 1.3. "Batch Signing for TLS", David Benjamin, 2019-11-01, This document describes a mechanism for batch signing in TLS. "PCE TE Constraints for Network Slicing", Shaofu Peng, Quan Xiong, Fengwei Qin, 2019-11-29, This document proposes a set of extensions for PCEP to support the constraints for network slicing during path computation, e.g, IGP instance, virtual network, specific application, color template and FA-id etc. "Version Capability for BGP", Donatas Abraitis, 2019-11-30, In this document, we introduce a new BGP capability that allows the advertisement of a BGP speaker's version. "The "RRSERIAL" EDNS option for the SOA serial of a RR's zone", Hugo Salgado, 2019-07-30, The "RRSERIAL" EDNS option allows a DNS querier to ask a DNS authoritative server to add a EDNS option in the answer of such query with the SOA serial number field of the origin zone which contains the answered resource record. This "RRSERIAL" data allows to debug problems and diagnosis by helping to recognize the origin of an answer, associating this answer with a respective zone version. "Evaluation of a Sample of RFC Produced in 2018", Christian Huitema, 2019-10-07, This document presents a first attempt at evaluating the recently published RFC. We analyze a set of randomly chosen RFC approved in 2018, looking for history and delays. The average RFC was produced in 3 years and 4 months, of which 2 years and 10 months were spent in the working group, 3 to 4 months for IETF consensus and IESG review, and 3 to 4 months in RFC production. The main variation in RFC production delays comes from the AUTH48 phase. We also measure the number of citations of the chosen RFC using Semantic Scholar, and compare citation counts with what we know about deployment. We show that citation counts indicate academic interest, but correlate only loosely with deployment or usage of the specifications. The measurement of delays could be automated by processing dates and events recorded in the data tracker. The measurement of published RFC could be complemented by statistics on abandoned drafts, which would measure the efficiency of the IETF triaging process. "Maintaining CCNx or NDN flow balance with highly variable data object sizes", David Oran, 2019-08-10, Deeply embedded in some ICN architectures, especially Named Data Networking (NDN) and Content-Centric Networking (CCNx) is the notion of flow balance. This captures the idea that there is a one-to-one correspondence between requests for data, carried in Interest messages, and the responses with the requested data object, carried in Data messages. This has a number of highly beneficial properties for flow and congestion control in networks, as well as some desirable security properties. For example, neither legitimate users nor attackers are able to inject large amounts of un-requested data into the network. Existing congestion control approaches however cannot deal effectively with a widely varying MTU of ICN data messages, since the protocols allow a dynamic range of 1-64K bytes. Since Interest messages are used to allocate the reverse link bandwidth for returning Data, there is large uncertainty in how to allocate that bandwidth. Unfortunately, current congestion control schemes in CCNx and NDN only count Interest messages and have no idea how much data is involved that could congest the inverse link. This document proposes a method to maintain flow balance by accommodating the wide dynamic range in Data message MTU. "Extensible Provisioning Protocol (EPP) Industrial Internet Identifier Mapping", Yuying Chen, Jiagui Xie, Zhiping Li, Zhipeng Fan, 2019-08-04, This document describes an Extensible Provisioning Protocol (EPP)mapping for the provisioning and management of Industrial Internet Identifiers. Specified in XML, the mapping defines EPP command syntax and semantics as applied to identifiers. "Sampled Traffic Streaming", Andrew Gray, Lawrence Wobker, 2019-11-04, This document standardizes both 1) a means of requesting a stream of packet samples from any device generating, routing, or forwarding traffic, and 2) receiving metadata information from the network element about these packet samples, and the structure of said stream metadata. A main design requirement is to provide network elements with widely varying capabilities (e.g., ASICs, NPUs, NICs, vSwitches, CPUs) a mechanism to sample and export packets at high rates, by allowing communication of the specific bit formats of internal data headers applied to the packet flow, in a way that enhances interoperability between traffic sources and sinks. Historically, Netflow and similar mechanisms have been used for these use cases; however, the increasing packet rates of very high-speed devices and increasing variance in the information available to data planes lends itself to both a less-prescriptive set of packet formats as well as a decoupling of the sampling action from the collection and analysis mechanisms. "Support for Data Reduction Attributes in nfsv4 Version 2", Sorin Faibish, David Black, Philip Shilane, 2019-08-05, This document proposes extending NFSv4 operations to enable file extended attributes or xattr to be used in the protocol to provide information about the data reduction properties of files. New xattrs are proposed to allow the client application to communicate to the NFSv4 server data reduction attributes associated with files and directories using opaque metadata, not interpreted by the file system, but communicated to the Block Storage data reduction engines. Corresponding new file attributes are proposed to allow clients and client applications to query the server for data reduction xattr support and allow to get and set data reduction xattrs on files and directories. Such data reduction metadata is used as hints to the file server about what type of data reduction to apply. The proposed data reduction attributes include achievable ratios for compression and deduplication plus whether each data reduction technique applies to the file. "JSON Schema Language (JSL)", Ulysse Carion, 2019-08-09, JSON Schema Language (JSL) is a portable method for describing the format of JavaScript Object Notation (JSON) data and the errors associated with ill-formed data. JSL is designed to enable code generation from schemas. "MUD (D)TLS profiles for IoT devices", Tirumaleswar Reddy.K, Dan Wing, 2019-09-03, This memo extends Manufacturer Usage Description (MUD) to model DTLS and TLS usage. This allows a network element to notice abnormal DTLS or TLS usage which has been strong indicator of other software running on the endpoint, typically malware. "Use of The IPv4 Reserved-flag for OAM", Ashish Ghule, Ron Bonica, 2019-08-07, This document defines new IPv4 Operations and Management (OAM) capabilities. In order to support these capabilities, this document defines a new interpretation of the IPv4 Reserved-flag. "SCIM Protocol: Multi-Value Paging Extension", Phil Hunt, Gregg Wilson, 2019-08-07, The System for Cross-Domain Identity Management (SCIM) specifications define a profile of HTTP protocol and a schema that enable managing identities in cross-domain scenarios. This specification extends SCIM protocol resource retrieval and query functions to enable paging of SCIM resources that contain large complex multi-valued attributes such as SCIM Groups. "Considerations in the development of a QoS Architecture for CCNx-like ICN protocols", David Oran, 2019-12-03, This is a position paper. It documents the author's personal views on how Quality of Service (QoS) capabilities ought to be accommodated in ICN protocols like CCNx or NDN which employ flow-balanced Interest/Data exchanges and hop-by-hop forwarding state as their fundamental machinery. It argues that such protocols demand a substantially different approach to QoS from that taken in TCP/IP, and proposes specific design patterns to achieve both classification and differentiated QoS treatment on both a flow and aggregate basis. It also considers the effect of caches as a resource in addition to memory, CPU and link bandwidth that should be subject to explicitly unfair resource allocation. The proposed methods are intended to operate purely at the network layer, providing the primitives needed to achieve both transport and higher layer QoS objectives. It explicitly excludes any discussion of Quality of Experience (QoE) which can only be assessed and controlled at the application layer or above. "How Requests for IANA Action Will be Handled on the Independent Stream", Adrian Farrel, 2019-09-23, The Internet Assigned Numbers Authority (IANA) maintains registries to track codepoints used by protocols such as those defined by the IETF and documented in RFCs developed on the IETF Stream. The Independent Submissions Stream is another source of documents that can be published as RFCs. This stream is under the care of the Independent Submissions Editor (ISE). This document complements RFC 4846 by providing a description of how the ISE currently handles documents in the Independent Submissions Stream that request actions from the IANA. Nothing in this document changes existing IANA registries or their allocation policies, nor does it change any previously documented processes. "YANG Data Model for OSPFv3 Segment Routing", Acee Lindem, Yingzhen Qu, 2019-08-13, This document defines a YANG data module augmenting the IETF OSPF Segment Routing (SR) YANG model to support OSPFv3 extensions for SR. It can be used to configure and manage OSPFv3 Segment Routing in MPLS dataplane. "ShangMi (SM) Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3", Paul Yang, 2019-11-26, This document specifies a set of cipher suites for the Transport Layer Security (TLS) protocol version 1.3 to support ShangMi (SM) cryptographic algorithms. The use of these cipher suites with TLSv1.3 is not endorsed by the IETF. The SM cipher suites are becoming mandatory in China, and so this document provides a description of how to use the SM cipher suites with TLSv1.3 so that implementers can produce interworking implementations. "Commercial National Security Algorithm (CNSA) Suite Profile for TLS and DTLS 1.2 and 1.3", Dorothy Cooley, 2019-12-12, This document defines a base profile for TLS protocol versions 1.2 and 1.3, as well as DTLS protocol versions 1.2 and 1.3 for use with the United States Commercial National Security Algorithm (CNSA) Suite. The profile applies to the capabilities, configuration, and operation of all components of US National Security Systems that use TLS or DTLS. It is also appropriate for all other US Government systems that process high-value information. The profile is made publicly available here for use by developers and operators of these and any other system deployments. "Advertising OTN Fixed Time slot constraints in OSPF", Vijayanand Chandrasekar, 2019-08-16, This document describes the extensions needed to OSPF for advertising the constraints that exists in some OTN switches while switching timeslots between ports. This advertisement would be needed for computing path of LSP through these switches taking into account the above mentioned constraint. This document proposes extensions to existing OSPF for advertising the timeslots available on each OTN port in a new sub-tlv and the connectivity matrix representing the capability of the device to cross connect these timeslots in another new sub-tlv "IGP Flooding Optimization Methods", Shaofu Peng, Zheng Zhang, 2019-08-19, This document mainly describe a method to optimize IGP flooding by visited record, the visited record information could be encapsulated in outer carring header, or as a part of IGP PDU. "URI Design and Ownership", Mark Nottingham, 2019-10-06, Section 1.1.1 of RFC 3986 defines URI syntax as "a federated and extensible naming system wherein each scheme's specification may further restrict the syntax and semantics of identifiers using that scheme." In other words, the structure of a URI is defined by its scheme. While it is common for schemes to further delegate their substructure to the URI's owner, publishing independent standards that mandate particular forms of substructure in URIs is often problematic. This document provides guidance on the specification of URI substructure in standards. "Packet Network Slicing using Segment Routing", Shaofu Peng, Ran Chen, Gregory Mirsky, Fengwei Qin, 2019-11-04, This document presents a mechanism aimed at providing a solution for network slicing in the transport network for 5G services. The proposed mechanism uses a unified administrative instance identifier to distinguish different virtual network resources for both intra- domain and inter-domain network slicing scenarios. Combined with the segment routing technology, the mechanism could be used for both best-effort and traffic engineered services for tenants. "LDP behaviour on link-shut scenarios", Anush Mohan, Anup T, 2019-08-22, This document is intended as clarification of LDP behaviour in link- down scenarios. Base LDP RFC5036 lacks sufficient clarity on what an LDP enabled node should be doing when a link down event is received, and the only LDP adjacency for an LDP peer is over this link. Different vendors have handled this scenario differently, with some immediately resetting tcp session with neighbor and some waiting for igp recovergence instead of reacting directly to link events. With this document we intend to clarify the expected behaviour explicitly so that any interop issues can be avoided. "JSON Data Definition Format (JDDF)", Ulysse Carion, 2019-11-18, This document proposes a format, called JSON Data Definition Format (JDDF), for describing the shape of JavaScript Object Notation (JSON) messages. Its main goals are to enable code generation from schemas as well as portable validation with standardized error indicators. To this end, JDDF is strategically limited to be no more expressive than the type systems of mainstream programming languages. This strategic limitation, as well as the decision to make JDDF schemas be JSON documents, also makes tooling atop of JDDF easier to build. This document does not have IETF consensus and is presented here to facilitate experimentation with the concept of JDDF. "Post-quantum Multi-Key Mechanisms for PKIX-like protocols; Problem Statement and Overview of Solution Space", Mike Ounsworth, 2019-09-17, With the widespread adoption of post-quantum (PQ) cryptography will come uncertainty about the strength of cryptographic primitives. For example; when will RSA and ECC fall? Are Lattice schemes as strong as we believe? The cryptographic community is calling for hybrid schemes that combine classic and post-quantum crypto in ways that remain strong so long as at least one of the algorithms used remains strong. This document defines the problem statement for digital signatures in PKIX-like protocols, and gives an overview of the general families of solutions. "Fragmentation in LPWAN considerations: CoAP Block vs SCHC fragmentation", Carles Gomez, Jon Crowcroft, 2019-08-27, The SCHC adaptation layer provides header compression and fragmentation functionality between IPv6 and an underlying LPWAN technology. SCHC fragmentation has been specifically designed for the characteristics of LPWANs. However, when CoAP is used at the application layer, there exists an alternative approach for fragmentation, which is using the CoAP Block option. This document aims at illustrating the advantages and limitations of each approach for transferring larger payloads. "Discovery Of Restconf Metadata for Source-specific multicast", Jake Holland, 2019-09-26, This document defines DORMS (Discovery Of Restconf Metadata for Source-specific multicast), a method to discover and retrieve extensible metadata about source-specific multicast channels using RESTCONF. The reverse IP DNS zone for a multicast sender's IP address is configured to use SRV resource records to advertise the hostname of a RESTCONF server that publishes metadata according to a new YANG module with support for extensions. A new service name and the new YANG module are defined. "OAuth 2.0 Rich Authorization Requests", Torsten Lodderstedt, Justin Richer, Brian Campbell, 2019-11-04, This document specifies a new parameter "authorization_details" that is used to carry fine grained authorization data in the OAuth authorization request. "OAuth 2.0 Client Intermediary Metadata", Aaron Parecki, 2019-08-29, This specification defines a mechanism for including information about additional parties involved in an OAuth transaction by adding a new section to the OAuth 2.0 Dynamic Client Registration request, as well as requires that authorization servers surface this information to users during an OAuth transaction. "TLV support for BMP Route Monitoring and Peer Down Messages", Paolo Lucente, Yunan Gu, Henk Smit, 2019-09-03, Most of the message types defined by the BGP Monitoring Protocol (BMP) do provision for optional trailing data; however Route Monitoring message (to provide a snapshot of the monitored Routing Information Base) and Peer Down message (to indicate that a peering session was terminated) do not. Supporting optional data in TLV format across all BMP message types allows for an homogeneous and extensible surface that would be useful for the most different use- cases that need to convey additional data to a BMP station. While this document does not want to cover any specific utilization scenario, it defines a simple way to support optional TLV data in all message types. "YANG Data Model for Dynamic Flooding", Srinath Dontula, Tony Li, 2019-09-05, This document defins YANG data models that can be used to configure and manage Dynamic Flooding for IS-IS and OSPF. "LDP behaviour on link-shut scenarios", Anush Mohan, Anup T, 2019-09-04, This document is intended as clarification of LDP behaviour in link- down scenarios. Base LDP RFC5036 lacks sufficient clarity on what an LDP enabled node should be doing when a link down event is received, and the only LDP adjacency for an LDP peer is over this link. Different vendors have handled this scenario differently, with some immediately resetting tcp session with neighbor and some waiting for igp recovergence instead of reacting directly to link events. With this document we intend to clarify the expected behaviour explicitly so that any interop issues can be avoided. "RateLimit Header Fields for HTTP", Roberto Polli, Alejandro Ruiz, 2019-10-21, This document defines the RateLimit-Limit, RateLimit-Remaining, RateLimit-Reset header fields for HTTP, thus allowing servers to publish current request quotas and clients to shape their request policy and avoid being throttled out. "Usage of PAKE Protocols with IKEv2", Valery Smyslov, 2019-09-10, This memo discusses how PAKE (Password Authenticated Key Exchange) protocols can be integrated into the IKEv2 (Internet Key Exchange) protocol. "DNS over HTTPS (DoH) Considerations for Operator Networks", Andy Fidler, Bert Hubert, Jason Livingood, Jim Reid, Nicolai Leymann, 2019-09-10, The introduction of DNS over HTTPS (DoH), defined in RFC8484, presents a number of challenges to network operators. These are described in this document. The objective is to document the problem space and make suggestions that could help inform network operators on how to take account of DoH deployment. This document also identifies topics that may require further analysis. "BRSKI Cloud Registrar", Owen Friel, Rifaat Shekh-Yusef, Michael Richardson, 2019-10-23, This document specifies the behaviour of a BRSKI Cloud Registrar, and how a pledge can interact with a BRSKI Cloud Registrar when bootstrapping. "Automatic Peering for SIP Trunks", Kaustubh Inamdar, Sreekanth Narayanan, Cullen Jennings, 2019-11-04, This draft specifies a configuration workflow to enable enterprise Session Initiation Protocol (SIP) networks to solicit the capability set of a SIP service provider network. The capability set can subsequently be used to configure features and services on the enterprise edge element, such as a Session Border Controller (SBC), to ensure smooth peering between enterprise and service provider networks. "Hierarchical HITs for HIPv2", Robert Moskowitz, Stuart Card, Adam Wiethuechter, 2019-10-17, This document describes using a hierarchical HIT to facilitate large deployments of managed devices. Hierarchical HITs differ from HIPv2 flat HITs by only using 64 bits for mapping the Host Identity, freeing 32 bits to bind in a hierarchy of Registering Entities that provide services to the consumers of hierarchical HITs. "Hierarchical HIT Registries", Robert Moskowitz, Stuart Card, Adam Wiethuechter, 2019-10-17, This document describes using the registration protocol and registries to support hierarchical HITs (HHITs). New and existing HIP parameters are used to communicate Registry Policies and data about the HHIT device and the Registries. Further Registries are expected to provide RVS services for registered HHIT devices. "New Cryptographic Algorithms for HIP", Robert Moskowitz, Stuart Card, Adam Wiethuechter, 2019-12-13, This document provides new cryptographic algorithms to be used with HIP. The Edwards Elliptic Curve and the Keccak sponge functions are the main focus. The HIP parameters and processing instructions impacted by these algorithms are defined. "Additional Parameter sets for LMS Hash-Based Signatures", Scott Fluhrer, Quynh Dang, 2019-09-16, This note extends LMS (RFC 8554) by defining parameter sets by including additional hash functions. Hese include hash functions that result in signatures with significantly smaller than the signatures using the current parameter sets, and should have sufficient security. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF. "Reliable and Available Wireless Problem Statement", Pascal Thubert, Georgios Papadopoulos, 2019-10-23, Due to uncontrolled interferences, including the self-induced multipath fading, deterministic networking can only be approached on wireless links. The radio conditions may change -way- faster than a centralized routing can adapt and reprogram, in particular when the controller is distant and connectivity is slow and limited. RAW separates the routing time scale at which a complex path is recomputed from the forwarding time scale at which the forwarding decision is taken for an individual packet. RAW operates at the forwarded time scale. The RAW problem is to decide, within the redundant solutions that are proposed by the routing, which will be used for each individual packet to provide a DetNet service while minimizing the waste of resources. "Framework for Network Resources Categorization", Jilong Wang, Congcong Miao, Shuying Zhuang, Qianli Zhang, Jianfeng Chen, 2019-10-14, This memo presents the definition of cyberspace resource, and then discusses a classification framework for cyberspace resources. Cyberspace is widely applied in people's daily life and it is regarded as a new space, paralleled to the geographic space. There are various resources in cyberspace. However, they have not been systematically defined and classified. The objective of this draft is to present the deifinition of cyberspace resource and a standard classification framework, thus, supporting the unified resource storage and shares. "OAuth 2.0 Pushed Authorization Requests", Torsten Lodderstedt, Brian Campbell, Nat Sakimura, Dave Tonge, Filip Skokan, 2019-11-03, This document defines the pushed authorization request endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent authorization request. "A YANG Module for uCPE management.", Dmytro Shytyi, Laurent Beylier, Luigi Iannone, 2019-11-20, This document provides a YANG data model for uCPE management (VYSM) and definition of the uCPE equipment. The YANG Model serves as a base framework for managing an universal Customer-Premises Equipment (uCPE) subsystem. The model can be used by a Network Orchestrator. "RTP Payload Format for Versatile Video Coding (VVC)", Shuai Zhao, Stephan Wenger, 2019-09-23, This memo describes an RTP payload format for the video coding standard ITU-T Recommendation H.266 and ISO/IEC International Standard 23090-3, both also known as Versatile Video Coding (VVC) and developed by the Joint Video Experts Team (JVET). The RTP payload format allows for packetization of one or more Network Abstraction Layer (NAL) units in each RTP packet payload as well as fragmentation of a NAL unit into multiple RTP packets. The payload format has wide applicability in videoconferencing, Internet video streaming, and high-bitrate entertainment-quality video, among others. "BGP Flexible Color-Based Tunnel Selection", Yimin Shen, Ravi Singh, 2019-09-24, This document discusses color-based tunnel selection for BGP payload prefixes. It defines a set of extended mapping modes, and describes how to use these modes to construct tunnel selection schemes to achieve flexible tunnel selection. Tunnel selection schemes can be implemented as policies on routers performing tunnel selection, or signaled by next hop routers or a central controller via BGP. "Revised BGP Maximum Prefix Limits", Job Snijders, Melchior Aelmans, 2019-09-24, This document updates RFC4271 by revising control mechanism which limit the negative impact of route leaks (RFC7908) and/or resource exhaustion in Border Gateway Protocol (BGP) implementations. "SRv6 NET-PGM extension: Insertion", Clarence Filsfils, Pablo Camarillo, John Leddy, Daniel Voyer, Satoru Matsushima, Zhenbin Li, 2019-09-24, Traffic traversing an SR domain is encapsulated in an outer IPv6 header for its journey through the SR domain. To implement transport services strictly within the SR domain, the SR domain may require insertion or deletion of an SRH after the outer IPv6 header of the SR domain. Any segment within the SRH is strictly contained within the SR domain. This document extends SRv6 Network Programming [I-D.ietf-spring-srv6-network-programming] with new SR endpoint and transit behaviors to be performed only within the SR domain in any packet owned by the domain. "IPv4 Hop-by-Hop Options and Destination Options Extension Headers", Tom Herbert, 2019-09-24, This specification enables the use of Hop-by-Hop Options and Destination Options extension headers which are defined for IPv6 to be used with IPv4. The goal is to provide a uniform and feasible method of extensibility that is common between IPv4 and IPv6. "Cyberspace Resources Measurement", Jianfeng Chen, Zhi Sun, Da He, Rui Xu, Jilong Wang, 2019-09-24, This memo describes the measurement of cyberspace resource; it adopts a multi-level hierarchical indicator system, which focuses on the unified calculation of the measurement weigh of cyberspace resources. The goal of this draft is to discuss the basic principles and the methodology of measurement standards. Additionally, demonstrating how the cyberspace resources can be measured based on the existing economy information measurement, geographic information measurement and statistical theory. "Framework for Network Resource Property Description", Zhi Sun, Da He, Jianfeng Chen, Rui Xu, Jilong Wang, 2019-09-26, This memo discusses and defines a framework for cyberspace resource property description, which is suitable for the unified classification organization and description of multi-source network resource measurement information. Now, there is no unified description framework for network resource property. The objective of this draft is to establish a general model based on cyberspace identification reference, and implement the reuse of survey data in different users and occasions. Then discuss the basic methodology and propose a less mature framework for further complement and improvement "Problem Statement and Use Cases of Application-aware IPv6 Networking (APN6)", Zhenbin Li, Shuping Peng, Daniel Voyer, Chongfeng Xie, Peng Liu, Chang Liu, Kentaro Ebisawa, Stefano Previdi, Jim Guichard, 2019-11-03, Network operators are facing the challenge of providing better network services for users. As the ever developing 5G and industrial verticals evolve, more and more services that have diverse network requirements such as ultra-low latency and high reliability are emerging, and therefore differentiated service treatment is desired by users. However, network operators are typically unaware of which applications are traversing their network infrastructure, which means that only coarse-grained services can be provided to users. As a result, network operators are only evolving their infrastructure to be large but dumb pipes without corresponding revenue increases that might be enabled by differentiated service treatment. As network technologies evolve including deployments of IPv6 and SRv6, the programmability provided by IPv6 and SRv6 encapsulations can be augmented by conveying application related information into the network. Adding application knowledge to the network layer allows applications to specify finer granularity requirements to the network operator. This document analyzes the existing problems caused by lack of application awareness, and outlines various use cases that could benefit from an Application-aware IPv6 Networking (APN6) architecture. "Circuit Breaker Assisted Congestion Control", Jake Holland, 2019-09-26, This document specifies Circuit Breaker Assisted Congestion Control (CBACC). CBACC enables fast-trip Circuit Breakers by publishing rate metadata about multicast channels from senders to intermediate network nodes or receivers. The circuit breaker behavior is defined as a supplement to receiver driven congestion control systems, to preserve network health if receivers subscribe to a volume of traffic that exceeds capacity policies or capability for a network or receiver. "IP Traffic Engineering Architecture with Network Programming", Robert Raszuk, 2019-09-26, This document describes a control plane based IP Traffic Engineering Architecture where path information is kept in the control plane by selected nodes instead of being inserted into each packet on ingress of an administrative domain. The described proposal is also fully compatible with the concept of network programming. It is positioned as a complimentary technique to native SRv6 and can be used when there are concerns with increased packet size due to depth of SID stack, possible concerns regarding exceeding MTU or more strict simplicity requirements typically seen in number of enterprise networks. The proposed solution is applicable to both IPv4 or IPv6 based networks. As an additional added value, detection of end to end path liveness as well as dynamic path selection based on real time path quality is integrated from day one in the design. "Client DNS Filtering Profile Request", Wes Hardaker, 2019-09-27, This document defines a mechanism under which a client can request that an upstream recursive resolver perform DNS filtering on behalf of a client-requested policy. This is may be done, for example, under a subscription model, where the client wishes not to get redirected to domains known to host malware or malicious content. This request is sent as an EDNS0 option with every DNS request, or potentially to just the first DNS request in a stream when using DNS over TLS, DNS over DTLS or DNS over DOH for example. "Link Local Next Hop Handling for BGP", Russ White, Donald Sharp, Dinesh Dutt, Biswajit Sadhu, Jeff Tantsura, 2019-09-30, BGP, described in [RFC4271], was originally designed to provide reachability between domains and between the edges of a domain. As such, BGP assumes the next hop towards any reachable destination may not reside on the advertising speaker, but rather may either be through a router connected to the same subnet as the speaker, or through a router only reachable by traversing multiple hops through the network. Because of this, BGP does not recognize the use of IPv6 link local addresses, as described in [RFC4291], as a valid next hop for forwarding purposes. However, BGP speakers are now often deployed on point-to-point links in networks where multihop reachability of any kind is not assumed or desired (all next hops are assumed to be the speaker reachable through a directly connected point-to-point link). This is common, for instance, in data center fabrics. In these situations, a global IPv6 address is not required for the advertisement of reachability information; in fact, providing global IPv6 addresses in these kinds of networks can be detrimental to Zero Touch Provisioning (ZTP). This draft standardizes the operation of BGP over a point-to-point link using link local IPv6 addressing only. "IP Traffic Engineering Architecture with Network Programming", Robert Raszuk, 2019-10-02, This document describes a control plane based IP Traffic Engineering Architecture where path information is kept in the control plane by selected nodes instead of being inserted into each packet on ingress of an administrative domain. The described proposal is also fully compatible with the concept of network programming. It is positioned as a complimentary technique to native SRv6 and can be used when there are concerns with increased packet size due to depth of SID stack, possible concerns regarding exceeding MTU or more strict simplicity requirements typically seen in number of enterprise networks. The proposed solution is applicable to both IPv4 or IPv6 based networks. As an additional added value, detection of end to end path liveness as well as dynamic path selection based on real time path quality is integrated from day one in the design. "DNS server privacy policy with assertion token", Tirumaleswar Reddy.K, Dan Wing, Michael Richardson, 2019-10-25, Users want to control how their DNS queries are handled by DNS servers so they can configure their system to use DNS servers that comply with their privacy expectations. This document defines a mechanism for a DNS server to communicate its privacy policy to a DNS client. This communication is cryptographically signed to attest to its authenticity. By evaluating the DNS privacy policy and the signatory, the DNS client can choose a DNS server that best supports its desired privacy policies. The privacy assertion token is particularly useful for DNS-over-TLS and DNS-over-HTTPS servers, both public resolvers and those discovered on the local network. "Session Initiation Protocol (SIP) Non-eXempt Rate Control", Philip Williams, 2019-10-03, A SIP overload control signalling protocol framework has previously been published, with the flexibility to allow different SIP request rate limiting algorithms to be selected. This document proposes a similar algorithm of maximum rate type with two advantages over existing proposals. Firstly, it exempts certain classes of SIP requests that are fundamental to correct operation of the SIP protocol which, if rejected by control, would worsen rather than improve SIP performance. Secondly, it allows target servers to control SIP traffic from sources not compliant with this document so that it can be deployed in heterogeneous network environments. "Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection", Russ Housley, 2019-10-03, This document updates the Cryptographic Message Syntax (CMS) specified in RFC 5652 to ensure that algorithm identifiers are adequately protected. "Area Proxy for IS-IS", Tony Li, Yunxia Chen, 2019-10-03, Link state routing protocols have hierarchical abstraction already built into them. However, when lower levels are used for transit, they must expose their internal topologies to each other, leading to scale issues. To avoid this, this document discusses extensions to the IS-IS routing protocol that would allow level 1 areas to provide transit, yet only inject an abstraction of the level 1 topology into level 2. Each level 1 area is represented as a single level 2 node, thereby enabling greater scale. "Adaptive DNS: Improving Privacy of Name Resolution", Eric Kinnear, Tommy Pauly, Christopher Wood, Patrick McManus, 2019-11-01, This document defines an architecture that allows clients to dynamically discover designated resolvers that offer encrypted DNS services, and use them in an adaptive way that improves privacy while co-existing with locally provisioned resolvers. These resolvers can be used directly when looking up names for which they are designated. These resolvers also provide the ability to proxy encrypted queries, thus hiding the identity of the client requesting resolution. "Oblivious DNS Over HTTPS", Eric Kinnear, Patrick McManus, Tommy Pauly, Christopher Wood, 2019-11-01, This document describes an extension to DNS Over HTTPS (DoH) that allows hiding client IP addresses via proxying encrypted DNS transactions. This improves privacy of DNS operations by not allowing any one server entity to be aware of both the client IP address and the content of DNS queries and answers. "Ecosystem Effects of Web Packaging", Jeffrey Yasskin, 2019-10-07, This document analyzes how Web Packaging may affect the web ecosystem. Note to Readers This document has NOT been reviewed widely and probably contains lots of mistakes. Discussion of this draft takes place on the wpack mailing list (wpack@ietf.org), which is archived at https://www.ietf.org/mailman/listinfo/wpack [1]. The source code and issues list for this draft can be found in https://github.com/jyasskin/wpack-ecosystem-effects [2]. "RADIUS Extensions for 0-RTT TCP Converters", Mohamed Boucadair, Christian Jacquenet, 2019-10-07, Because of the lack of important TCP extensions, e.g., Multipath TCP support at the server side, some service providers now consider a network-assisted model that relies upon the activation of a dedicated function called Transport Converters. For example, network-assisted Multipath TCP deployment models are designed to facilitate the adoption of Multipath TCP for the establishment of multi-path communications without making any assumption about the support of Multipath TCP by the remote servers. Transport Converters located in the network are responsible for establishing multi-path communications on behalf of endpoints, thereby taking advantage of Multipath TCP capabilities to achieve different goals that include (but are not limited to) optimization of resource usage (e.g., bandwidth aggregation), of resiliency (e.g., primary/backup communication paths), and traffic offload management. This document specifies a new Remote Authentication Dial-In User Service (RADIUS) attributes that carry the IP addresses that will be returned to authorized users to reach one or multiple Converters. "In-Flight IPv6 Extension Header Insertion Considered Harmful", Mark Smith, Naveen Kottapalli, Ron Bonica, Fernando Gont, Tom Herbert, 2019-11-03, In the past few years, as well as currently, there have and are a number of proposals to insert IPv6 Extension Headers into existing IPv6 packets while in-flight. This contradicts explicit prohibition of this type of IPv6 packet proccessing in the IPv6 standard. This memo describes the possible failures that can occur with EH insertion, the harm they can cause, and the existing model that is and should continue to be used to add new information to an existing IPv6 and other packets. "BGPsec Validation State Signaling", Oliver Borchert, Doug Montgomery, Daniel Kopp, 2019-11-18, This document updates RFC 8097 by adding the BGPsec path validation state to the reserved portion of the extended community in RFC 8097. BGP speakers that receive this community string can use the embedded BGPsec validation state and configure local policies that allow it being used to influence their decision process. This is especially helpful because Section 5 of RFC 8205 specifically allows putting BGPsec path validation temporarily on hold. This allows reducing the load of validation particularly from IBGP learned routes or EBGP learned routes when warranted. "BGP Provisioned IPsec Transport Mode Protected Tunnel Configuration", Jun Hu, 2019-10-10, This document defines a method of using BGP to advertise IPsec transport mode protected tunnel (like GRE tunnel with IPsec transport mode protection) configuration along with NLRI, based on [I-D.ietf-idr-tunnel-encaps] and [I-D.hujun-idr-bgp-ipsec]. "SR Replication Segment for Multi-point Service Delivery", Daniel Voyer, Clarence Filsfils, Rishabh Parekh, Hooman Bidgoli, Zhaohui Zhang, 2019-11-27, This document describes the SR Replication segment for multi-point service delivery. A SR Replication segment allows a packet to be replicated from a replication node to downstream nodes. "Segment Routing Point-to-Multipoint Policy", Daniel Voyer, Clarence Filsfils, Rishabh Parekh, Hooman Bidgoli, Zhaohui Zhang, 2019-10-11, This document describes an architecture to construct a Point-to- Multipoint (P2MP) tree to deliver Multi-point services in a Segment Routing domain. A SR P2MP tree is constructed by stitching a set of Replication segments together. A SR Point-to-Multipoint (SR P2MP) Policy is used to define and instantiate a P2MP tree which is computed by a PCE. "Remote Attestation Architecture", Dave Thaler, 2019-11-04, In network protocol exchanges, it is often the case that one entity (a relying party) requires evidence about the remote peer (and system components [RFC4949] thereof), in order to assess the trustworthiness of the peer. This document describes an architecture for such remote attestation procedures (RATS), which enable relying parties to decide whether to consider a remote system component trustworthy or not. "Default IPv6 Local Only Addressing for Non-Internet Devices", Mark Smith, 2019-10-14, For certain types or models of devices it should be clear and obvious that, by default, they should not be reachable from the global IPv6 Internet, or able to reach the global IPv6 Internet, even though the network they are attached to provides global IPv6 Internet connectivity. This memo proposes that these types of devices refuse to configure and use global IPv6 Internet addresses by default. "OpenPGP Example Keys and Certificates", Bjarni Einarsson, juga, Daniel Gillmor, 2019-10-15, The OpenPGP development community benefits from sharing samples of signed or encrypted data. This document facilitates such collaboration by defining a small set of OpenPGP certificates and keys for use when generating such samples. "Eliding and Querying RPL Information", Pascal Thubert, Rahul Jadhav, Li Zhao, Dominique Barthel, 2019-11-17, This document presents a method to safely elide a group of RPL options in a DIO message by synchronizing the state associated with each of these options between parent and child using a new sequence counter in DIO messages. A child that missed a DIO message with an update of any of those protected options detects it by the change of sequence counter and queries the update with a DIS Message. The draft also provides a method to fully elide the options in a DAO message. "BMP Compression", Mukul Srivastava, Paolo Lucente, 2019-10-15, This document provides specification for an optional compressed BMP Feed from a router to BMP station. "Quick and Dirty Security for GRASP", Brian Carpenter, 2019-10-29, A secure substrate is required by the Generic Autonomic Signaling Protocol (GRASP) used by Autonomic Service Agents. This document describes QUADS, a QUick And Dirty Security method using symmetric cryptography and preconfigured keys or passwords. It also describes a simplistic QUADS Key Infrastructure based on asymmetric cryptography used over insecure instances of GRASP. "IPv6 over Controller Area Network", Alexander Wachter, 2019-10-17, Controller Area Network (CAN) is a fieldbus initially designed for automotive applications. It is a multi-master bus with 11-bit or 29-bit frame identifiers. The CAN standard (ISO 11898 series) defines the physical and data-link layer. This document describes how to transfer IPv6 packets over CAN using ISO-TP, a dedicated addressing scheme, and IP header compression (IPHC). "An Alternative Approach for Postquantum Preshared Keys in IKEv2", Valery Smyslov, 2019-10-17, An IKEv2 extension defined in [I-D.ietf-ipsecme-qr-ikev2] allows IPsec traffic to be protected against someone storing VPN communications today and decrypting it later, when (and if) Quantum Computers are available. However, this protection doesn't cover an initial IKEv2 SA, which might be unacceptable in some scenarios. This specification defines an alternative way get the same protection against Quantum Computers, which allows to extend it on the initial IKEv2 SA. "attack type unification", chenmeiling, Li Su, 2019-10-17, This document put forward a method to unify DDoS attack type classification and attack definition description, this will help different mitigators to mitigate DDoS attacks together. "Artificial Intelligence (AI) based ECN adaptive reconfiguration for datacenter networks", Zhuangyan, Bai Zhang, Haotao Pan, 2019-10-18, This document is to provide an artificial intelligence (AI) based ECN adaptive reconfiguration for datacenter networks. "TM-RID Authentication Formats", Adam Wiethuechter, Stuart Card, Robert Moskowitz, 2019-10-31, This document describes how to include trust into the proposed ASTM Remote ID specification defined in WK65041 by the F38 Committee under a Broadcast Remote ID (RID) scenario. It defines a few different message schemes (based on the authentication message) that can be used to assure past messages sent by a UA and also act as a assurance for UA trustworthiness in the absence of Internet connectivity at the receiving node. "Performance Measurement for Segment Routing Networks with MPLS Data Plane", Rakesh Gandhi, Clarence Filsfils, Daniel Voyer, Stefano Salsano, Mach Chen, 2019-12-04, Segment Routing (SR) leverages the source routing paradigm. RFC 6374 specifies protocol mechanisms to enable the efficient and accurate measurement of packet loss, one-way and two-way delay, as well as related metrics such as delay variation in MPLS networks using probe messages. This document utilizes these mechanisms for Performance Delay and Loss Measurements in Segment Routing (SR) networks with MPLS data plane (SR-MPLS), for both SR links and end-to-end SR Policies. In addition, this document defines Return Path TLV for two-way performance measurement and Block Number TLV for loss measurement. "Segment Routing with MPLS Data Plane Encapsulation for In-situ OAM Data", Rakesh Gandhi, Zafar Ali, Clarence Filsfils, Frank Brockners, Bin Wen, Voitek Kozak, 2019-12-06, In-situ Operations, Administration, and Maintenance (IOAM) records operational and telemetry information in the data packet while the packet traverses a path between two nodes in the network. Segment Routing (SR) technology leverages the source routing paradigm. This document defines how IOAM data fields are transported using the Segment Routing with MPLS data plane (SR-MPLS) encapsulation. The procedures defined are also equally applicable to all other MPLS data plane encapsulations. "Using Netconf Pub/Sub Model for RATS Interaction Procedure", Liang Xia, Wei Pan, 2019-10-21, This draft defines the a new method of using the netconf pub/sub model in the RATS interaction procedure, to increse its flexibility, efficiency and scalability. "Path Steering in CCNx and NDN", Ilya Moiseenko, David Oran, 2019-10-21, Path Steering is a mechanism to discover paths to the producers of ICN content objects and steer subsequent Interest messages along a previously discovered path. It has various uses, including the operation of state-of-the-art multipath congestion control algorithms and for network measurement and management. This specification derives directly from the design published in _Path Switching in Content Centric and Named Data Networks_ (4th ACM Conference on Information-Centric Networking - ICN'17) and therefore does not recapitulate the design motivations, implementation details, or evaluation of the scheme. Some technical details are different however, and where there are differences, the design documented here is to be considered definitive. "Using QUIC Datagrams with HTTP/3", David Schinazi, 2019-11-04, The QUIC DATAGRAM extension provides application protocols running over QUIC with a mechanism to send unreliable data while leveraging the security and congestion-control properties of QUIC. However, QUIC DATAGRAM frames do not provide a means to demultiplex application contexts. This document defines how to use QUIC DATAGRAM frames when the application protocol running over QUIC is HTTP/3 by adding an identifier at the start of the frame payload. Discussion of this work is encouraged to happen on the QUIC IETF mailing list quic@ietf.org [1] or on the GitHub repository which contains the draft: https://github.com/DavidSchinazi/draft- h3-datagram [2]. "LSVR IETF Organizationally Specific TLVs for IEEE Std 802.1AB (LLDP)", Paul Congdon, Paul Bottorff, 2019-10-22, IEEE Std 802.1AB, commonly known as the Link Layer Discovery Protocol (LLDP), provides a means for individual organizations to define their own Type-Length-Value (TLV) objects for exchange over the protocol. The IETF is a standards development organization with an IANA OUI (RFC 7042) that can be used in LLDP organizationally specific TLVs. This document specifies IETF Organizationally Specific TLVs that support LSVR protocols. "EDX - Edge Exchanger", Sweta Jaiswal, Karthikeyan Arunachalam, Jamsheed Ppallan, Dronamraju Sabareesh, Madhan Kanagarathinam, 2019-12-04, This document describes a new DNS resource record (RR) type, called the Edge Exchanger (EDX) RR, that is used to find services and location of the server(s) for any specific domain (the word domain is used here in the strict RFC1034 sens