--- 1/draft-ietf-sidr-rpki-rtr-protocol-mib-03.txt	2012-11-28 23:14:30.425342028 +0100
+++ 2/draft-ietf-sidr-rpki-rtr-protocol-mib-04.txt	2012-11-28 23:14:30.473342916 +0100
@@ -1,23 +1,23 @@
 
 Network Working Group                                            R. Bush
 Internet-Draft                                 Internet Initiative Japan
 Intended status: Standards Track                               B. Wijnen
-Expires: June 1, 2013                                           RIPE NCC
+Expires: June 2, 2013                                           RIPE NCC
                                                                 K. Patel
                                                            Cisco Systems
                                                                  M. Baer
                                                                   SPARTA
-                                                       November 28, 2012
+                                                       November 29, 2012
 
       Definitions of Managed Objects for the RPKI-Router Protocol
-                draft-ietf-sidr-rpki-rtr-protocol-mib-03
+                draft-ietf-sidr-rpki-rtr-protocol-mib-04
 
 Abstract
 
    This document defines a portion of the Management Information Base
    (MIB) for use with network management protocols in the Internet
    community.  In particular, it describes objects used for monitoring
    the RPKI Router protocol.
 
 Status of this Memo
 
@@ -27,21 +27,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on June 1, 2013.
+   This Internet-Draft will expire on June 2, 2013.
 
 Copyright Notice
 
    Copyright (c) 2012 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -53,24 +53,24 @@
 
 Table of Contents
 
    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
      1.1.  Requirements Language  . . . . . . . . . . . . . . . . . .  3
    2.  Internet-Standard Management Framework . . . . . . . . . . . .  3
    3.  Overview . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
    4.  Definitions  . . . . . . . . . . . . . . . . . . . . . . . . .  4
    5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 20
    6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 21
-   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 21
-     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 21
+   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
+     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 22
      7.2.  Informative References . . . . . . . . . . . . . . . . . . 22
-   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22
+   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 23
 
 1.  Introduction
 
    This document defines a portion of the Management Information Base
    (MIB) for use with network management protocols in the Internet
    community.  In particular, it defines objects used for monitoring the
    RPKI Router protocol [I-D.ietf-sidr-rpki-rtr].
 
 1.1.  Requirements Language
 
@@ -938,29 +938,32 @@
    Most of the readable objects in this MIB module (i.e., objects with a
    MAX-ACCESS other than not-accessible) may be considered sensitive or
    vulnerable in some network environments.  They are vulnerable in the
    sense that when an intruder sees the information in this MIB module,
    then it might help him/her to setup a an attack on the router or
    cache server.  It is thus important to control even GET and/or NOTIFY
    access to these objects and possibly to even encrypt the values of
    these objects when sending them over the network via SNMP.
 
    SNMP versions prior to SNMPv3 did not include adequate security.
-   Even if the network itself is secure (for example by using IPSec),
+   Even if the network itself is secure (for example by using IPsec),
    even then, there is no control as to who on the secure network is
    allowed to access and GET/SET (read/change/create/delete) the objects
    in this MIB module.
 
-   It is RECOMMENDED that implementers consider the security features as
-   provided by the SNMPv3 framework (see [RFC3410], section 8),
-   including full support for the SNMPv3 cryptographic mechanisms (for
-   authentication and privacy).
+   Implementations MUST provide the security features described by the
+   SNMPv3 framework (see [RFC3410]), including full support for
+   authentication and privacy via the User-based Security Model (USM)
+   [RFC3414] with the AES cipher algorithm [RFC3826].  Implementations
+   MAY also provide support for the Transport Security Model (TSM)
+   [RFC3591] in combination with a secure transport such as SSH
+   [RFC3592] or TLS/DTLS [RFC3593]
 
    Further, deployment of SNMP versions prior to SNMPv3 is NOT
    RECOMMENDED.  Instead, it is RECOMMENDED to deploy SNMPv3 and to
    enable cryptographic security.  It is then a customer/operator
    responsibility to ensure that the SNMP entity giving access to an
    instance of this MIB module is properly configured to give access to
    the objects only to those principals (users) that have legitimate
    rights to indeed GET or SET (change/create/delete) them.
 
 7.  References
@@ -997,20 +999,40 @@
 
 7.2.  Informative References
 
    [RFC1982]  Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982,
               August 1996.
 
    [RFC3410]  Case, J., Mundy, R., Partain, D., and B. Stewart,
               "Introduction and Applicability Statements for Internet-
               Standard Management Framework", RFC 3410, December 2002.
 
+   [RFC3414]  Blumenthal, U. and B. Wijnen, "User-based Security Model
+              (USM) for version 3 of the Simple Network Management
+              Protocol (SNMPv3)", STD 62, RFC 3414, December 2002.
+
+   [RFC3591]  Lam, H-K., Stewart, M., and A. Huynh, "Definitions of
+              Managed Objects for the Optical Interface Type", RFC 3591,
+              September 2003.
+
+   [RFC3592]  Tesink, K., "Definitions of Managed Objects for the
+              Synchronous Optical Network/Synchronous Digital Hierarchy
+              (SONET/SDH) Interface Type", RFC 3592, September 2003.
+
+   [RFC3593]  Tesink, K., "Textual Conventions for MIB Modules Using
+              Performance History Based on 15 Minute Intervals",
+              RFC 3593, September 2003.
+
+   [RFC3826]  Blumenthal, U., Maino, F., and K. McCloghrie, "The
+              Advanced Encryption Standard (AES) Cipher Algorithm in the
+              SNMP User-based Security Model", RFC 3826, June 2004.
+
    [RFC4252]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
               Authentication Protocol", RFC 4252, January 2006.
 
    [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
               (TLS) Protocol Version 1.2", RFC 5246, August 2008.
 
    [RFC5925]  Touch, J., Mankin, A., and R. Bonica, "The TCP
               Authentication Option", RFC 5925, June 2010.
 
 Authors' Addresses