draft-ietf-sidr-bgpsec-ops-15.txt   draft-ietf-sidr-bgpsec-ops-16.txt 
Network Working Group R. Bush Network Working Group R. Bush
Internet-Draft Internet Initiative Japan Internet-Draft Internet Initiative Japan
Intended status: Best Current Practice January 5, 2017 Intended status: Best Current Practice January 5, 2017
Expires: July 9, 2017 Expires: July 9, 2017
BGPsec Operational Considerations BGPsec Operational Considerations
draft-ietf-sidr-bgpsec-ops-15 draft-ietf-sidr-bgpsec-ops-16
Abstract Abstract
Deployment of the BGPsec architecture and protocols has many Deployment of the BGPsec architecture and protocols has many
operational considerations. This document attempts to collect and operational considerations. This document attempts to collect and
present the most critical and universal. It is expected to evolve as present the most critical and universal. It is expected to evolve as
BGPsec is formalized and initially deployed. BGPsec is formalized and initially deployed.
Requirements Language Requirements Language
skipping to change at page 3, line 16 skipping to change at page 3, line 16
It is assumed that the reader understands BGP, see [RFC4271], BGPsec, It is assumed that the reader understands BGP, see [RFC4271], BGPsec,
[I-D.ietf-sidr-bgpsec-protocol], the RPKI, see [RFC6480], the RPKI [I-D.ietf-sidr-bgpsec-protocol], the RPKI, see [RFC6480], the RPKI
Repository Structure, see [RFC6481], and Route Origin Authorizations Repository Structure, see [RFC6481], and Route Origin Authorizations
(ROAs), see [RFC6482]. (ROAs), see [RFC6482].
3. RPKI Distribution and Maintenance 3. RPKI Distribution and Maintenance
The considerations for RPKI objects (Certificates, Certificate The considerations for RPKI objects (Certificates, Certificate
Revocation Lists (CRLs), manifests, Ghostbusters Records [RFC6481]), Revocation Lists (CRLs), manifests, Ghostbusters Records [RFC6481]),
Trust Anchor Locators (TALs) [RFC6490], cache behaviours of Trust Anchor Locators (TALs) [RFC7730], cache behaviours of
synchronisation and validation from the section on RPKI Distribution synchronisation and validation from the section on RPKI Distribution
and Maintenance of [RFC7115] apply. Specific considerations relating and Maintenance of [RFC7115] apply. Specific considerations relating
to ROA objects do not apply to this document. to ROA objects do not apply to this document.
4. AS/Router Certificates 4. AS/Router Certificates
As described in [I-D.ietf-sidr-rtr-keying] BGPsec-speaking routers As described in [I-D.ietf-sidr-rtr-keying] BGPsec-speaking routers
are capable of generating their own public/private key-pairs and are capable of generating their own public/private key-pairs and
having their certificates signed and published in the RPKI by the having their certificates signed and published in the RPKI by the
RPKI CA system, and/or are given public/private key-pairs by the RPKI CA system, and/or are given public/private key-pairs by the
skipping to change at page 8, line 5 skipping to change at page 8, line 5
12.1. Normative References 12.1. Normative References
[I-D.ietf-sidr-bgpsec-protocol] [I-D.ietf-sidr-bgpsec-protocol]
Lepinski, M., "BGPSEC Protocol Specification", draft-ietf- Lepinski, M., "BGPSEC Protocol Specification", draft-ietf-
sidr-bgpsec-protocol-07 (work in progress), February 2013. sidr-bgpsec-protocol-07 (work in progress), February 2013.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC6490] Huston, G., Weiler, S., Michaelson, G., and S. Kent,
"Resource Public Key Infrastructure (RPKI) Trust Anchor
Locator", RFC 6490, February 2012.
[RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI) [RFC6493] Bush, R., "The Resource Public Key Infrastructure (RPKI)
Ghostbusters Record", RFC 6493, February 2012. Ghostbusters Record", RFC 6493, February 2012.
[RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R. [RFC6811] Mohapatra, P., Scudder, J., Ward, D., Bush, R., and R.
Austein, "BGP Prefix Origin Validation", RFC 6811, January Austein, "BGP Prefix Origin Validation", RFC 6811, January
2013. 2013.
[RFC7115] Bush, R., "Origin Validation Operation Based on the [RFC7115] Bush, R., "Origin Validation Operation Based on the
Resource Public Key Infrastructure (RPKI)", BCP 185, Resource Public Key Infrastructure (RPKI)", BCP 185,
RFC 7115, DOI 10.17487/RFC7115, January 2014, RFC 7115, DOI 10.17487/RFC7115, January 2014,
<http://www.rfc-editor.org/info/rfc7115>. <http://www.rfc-editor.org/info/rfc7115>.
[RFC7730] Huston, G., Weiler, S., Michaelson, G., and S. Kent,
"Resource Public Key Infrastructure (RPKI) Trust Anchor
Locator", RFC 7730, DOI 10.17487/RFC7730, January 2016,
<http://www.rfc-editor.org/info/rfc7730>.
12.2. Informative References 12.2. Informative References
[I-D.ietf-sidr-as-migration] [I-D.ietf-sidr-as-migration]
George, W. and S. Murphy, "BGPSec Considerations for AS George, W. and S. Murphy, "BGPSec Considerations for AS
Migration", draft-ietf-sidr-as-migration-06 (work in Migration", draft-ietf-sidr-as-migration-06 (work in
progress), December 2016. progress), December 2016.
[I-D.ietf-sidr-bgpsec-rollover] [I-D.ietf-sidr-bgpsec-rollover]
Gagliano, R., Patel, K., and B. Weis, "BGPSEC router key Gagliano, R., Patel, K., and B. Weis, "BGPSEC router key
rollover as an alternative to beaconing", draft-ietf-sidr- rollover as an alternative to beaconing", draft-ietf-sidr-
 End of changes. 4 change blocks. 
6 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/