SAVA Update and Refocus

1. SAVA Update and Refocus • SAVA Framework Updated – now just three levels • First Hop SAVA – how to gain trust in SRC Address. • Intra-AS/Domain SAVA – How to preserve trust level from one edge of a domain to the other. • Inter-AS/Domain SAVA – how to communicate and preserve trust level between admin domains. • 2 Levels of trust of SRC address defined: • “Strict SAVA” – host-level granularity. • “Loose SAVA” – address-range/prefix level granularity. • SAVA work is initially being focused on the First Hop. Will need to develop solutions for each access case. • Local subnet in Enterprise networks • Residential broadband, wireless mobile, etc. • Focus for rest of 2007 is work towards BoF in Vancouver • Charter to complete the work on local subnet/first hop and the framework doc.

2. Local Subnet Current Work • draft-baker-sava-simple-00 • Local unicast RPF. • Implemented today in some Cisco switches? • draft-wu-sava-solution-firsthop-eap-00 • Use EAP to establish {switch-port, IP address} binding and tie it into identity management system. • No new requirements on end host • draft-bi-sava-solution-ipv6-edge-network-signature-00 • Uses signatures to prove end host “owns” a particular IPv6 address. Signatures checked and stripped at domain edge. • Does not impose any new requirements on first-hop switch. • draft-haddad-sava-prefix-reachability-detection-00 • Possible work with SeND • Mooted, but not as yet documented in SAVA context • Several commercial solutions/framework • Need to be examined for compliance • More Detailed slides will be sent to SAVA mailing list tonight • To Subscribe: http://www.nrc.tsinghua.edu.cn/mailman/listinfo/sava • Document Repository: http://narl.tsinghua.edu.cn/sava