| Number | Files | Title | Authors | Date | More Info | Status |
|---|---|---|---|---|---|---|
| RFC 7115,BCP 185 | Origin Validation Operation Based on the Resource Public Key Infrastructure (RPKI) | R. Bush | January 2014 | Errata | Best Current Practice | |
| RFC 9319,BCP 185 | The Use of maxLength in the Resource Public Key Infrastructure (RPKI) | Y. Gilad, S. Goldberg, K. Sriram, J. Snijders, B. Maddison | October 2022 | Best Current Practice |
Deployment of BGP origin validation that is based on the ResourcePublic Key Infrastructure (RPKI) has many operational considerations.This document attempts to collect and present those that are mostcritical. It is expected to evolve as RPKI-based origin validationcontinues to be deployed and the dynamics are better understood.
This document recommends ways to reduce the forged-origin hijackattack surface by prudently limiting the set of IP prefixes that areincluded in a Route Origin Authorization (ROA). One recommendation isto avoid using the maxLength attribute in ROAs except in somespecific cases. The recommendations complement and extend those inRFC 7115. This document also discusses the creation of ROAs forfacilitating the use of Distributed Denial of Service (DDoS)mitigation services. Considerations related to ROAs and RPKI-basedRoute Origin Validation (RPKI-ROV) in the context ofdestination-based Remotely Triggered Discard Route (RTDR) (elsewherereferred to as "Remotely Triggered Black Hole") filtering are alsohighlighted.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.