--- 1/draft-ietf-sidr-bgpsec-ops-03.txt	2012-03-13 00:14:19.470671639 +0100
+++ 2/draft-ietf-sidr-bgpsec-ops-04.txt	2012-03-13 00:14:19.486670892 +0100
@@ -1,18 +1,18 @@
 
 Network Working Group                                            R. Bush
 Internet-Draft                                 Internet Initiative Japan
-Intended status: BCP                                      March 10, 2012
-Expires: September 11, 2012
+Intended status: BCP                                      March 13, 2012
+Expires: September 14, 2012
 
                    BGPsec Operational Considerations
-                     draft-ietf-sidr-bgpsec-ops-03
+                     draft-ietf-sidr-bgpsec-ops-04
 
 Abstract
 
    Deployment of the BGPsec architecture and protocols has many
    operational considerations.  This document attempts to collect and
    present them.  It is expected to evolve as BGPsec is formalized and
    initially deployed.
 
 Requirements Language
 
@@ -28,21 +28,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on September 11, 2012.
+   This Internet-Draft will expire on September 14, 2012.
 
 Copyright Notice
 
    Copyright (c) 2012 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -55,21 +55,21 @@
 Table of Contents
 
    1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
    2.  Suggested Reading . . . . . . . . . . . . . . . . . . . . . . . 3
    3.  RPKI Distribution and Maintenance . . . . . . . . . . . . . . . 3
    4.  AS/Router Certificates  . . . . . . . . . . . . . . . . . . . . 3
    5.  Within a Network  . . . . . . . . . . . . . . . . . . . . . . . 4
    6.  Considerations for Edge Sites . . . . . . . . . . . . . . . . . 4
    7.  Routing Policy  . . . . . . . . . . . . . . . . . . . . . . . . 5
    8.  Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
-   9.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
+   9.  Security Considerations . . . . . . . . . . . . . . . . . . . . 7
    10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
    11. References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
      11.1.  Normative References . . . . . . . . . . . . . . . . . . . 7
      11.2.  Informative References . . . . . . . . . . . . . . . . . . 8
    Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 8
 
 1.  Introduction
 
    BGPsec is a new protocol with many operational considerations.  It is
    expected to be deployed incrementally over a number of years.  As
@@ -134,40 +134,44 @@
    local policy within its network, see Section 7.  In deployment this
    policy should fit into the AS's existing policy, preferences, etc.
    This allows a network to incrementally deploy BGPsec capable border
    routers.
 
    eBGP speakers which face more critical peers or up/downstreams would
    be candidates for the earliest deployment.  Both securing one's own
    announcements and validating received announcements should be
    considered in partial deployment.
 
+   On the other hand, an operator wanting to monitor router loading,
+   shifts in traffic, etc. will want to deploy incrementally while
+   watching those and similar effects.
+
    As they are not signed, an eBGP listener SHOULD NOT strongly trust
    unsigned markings such as communities received across a trust
    boundary.
 
 6.  Considerations for Edge Sites
 
    An edge site which does not provide transit and trusts its
    upstream(s) SHOULD only originate a signed prefix announcement and
    need not validate received announcements.
 
    BGPsec protocol capability negotiation provides for a speaker signing
    the data it sends but being unable to accept signed data.  Thus a
    smallish edge router may hold only its own signing key(s) and sign
    it's announcement but not receive signed announcements and therefore
    not need to deal with the majority of the RPKI.  Thus such routers
    CPU, RAM, and crypto needs are trivial and additional hardware should
    not be needed.
 
    As the vast majority (84%) of ASs are stubs, and they announce the
-   majority of prefixes, this allows for simpler and cheaper early
+   majority of prefixes, this allows for simpler and less expensive
    incremental deployment.  It may also mean that edge sites concerned
    with routing security will be attracted to upstreams which support
    BGPsec.
 
 7.  Routing Policy
 
    Unlike origin validation based on the RPKI, BGPsec marks a received
    announcement as Valid or Invalid, there is no NotFound state.  How
    this is used in routing is up to the operator's local policy.  See
    [I-D.ietf-sidr-pfx-validate].
@@ -189,21 +193,21 @@
 
    Because of possible RPKI version skew, an AS Path which does not
    validate at router R0 might validate at R1.  Therefore, signed paths
    that are invalid and yet propagated (because they are chosen as best
    path) SHOULD have their signatures kept intact and MUST be signed if
    sent to external BGPsec speakers.
 
    This implies that updates which a speaker judges to be invalid MAY be
    propagated to iBGP peers.  Therefore, unless local policy ensures
    otherwise, a signed path learned via iBGP MAY be invalid.  If needed,
-   the validation state SHOULD be signaled by normal local policy
+   the validation state should be signaled by normal local policy
    mechanisms such as communities or metrics.
 
    On the other hand, local policy on the eBGP edge might preclude iBGP
    or eBGP announcement of signed AS Paths which are invalid.
 
    A BGPsec speaker receiving a path SHOULD perform origin validation
    per [I-D.ietf-sidr-pfx-validate].
 
    If it is known that a BGPsec neighbor is not a transparent route
    server, and the router provides a knob to disallow a received pCount
@@ -268,22 +272,22 @@
               draft-ietf-sidr-bgpsec-protocol-01 (work in progress),
               October 2011.
 
    [I-D.ietf-sidr-ghostbusters]
               Bush, R., "The RPKI Ghostbusters Record",
               draft-ietf-sidr-ghostbusters-16 (work in progress),
               December 2011.
 
    [I-D.ietf-sidr-origin-ops]
               Bush, R., "RPKI-Based Origin Validation Operation",
-              draft-ietf-sidr-origin-ops-13 (work in progress),
-              November 2011.
+              draft-ietf-sidr-origin-ops-15 (work in progress),
+              March 2012.
 
    [I-D.lepinski-bgpsec-overview]
               Lepinski, M. and S. Turner, "An Overview of BGPSEC",
               draft-lepinski-bgpsec-overview-00 (work in progress),
               March 2011.
 
    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", BCP 14, RFC 2119, March 1997.
 
    [RFC6480]  Lepinski, M. and S. Kent, "An Infrastructure to Support