Re: [RPSEC] BGP Security Requirements v08

Tony,

Thanks for updating the requirements document. I see that almost all 
of my suggested edits were incorporated, but a couple of questions I 
raised in my comments were not addressed, which leaves some 
ambiguity.  Here are the residual questions/comments:

In (new) section 4.2 (Incremental Deployment), the second bullet says:

o  A BGP security mechanism MUST provide backward compatibility in 
the message formatting, transmission, and processing of routing 
information carried through a mixed security environment.  Message 
formatting in a fully secured environment MAY be handled in a 
non-backward compatible fashion though care must be taken to ensure 
UPDATES can traverse intermediate routers which don't support the new 
format.

My comment was:  One might interpret this to mean that any extended 
form of UDATE message MUST be transmitted through ASes that are not 
capable of processing it. This is imposing an unnecessary burden on 
solutions, since an
alternative is to just mot send such messages through ASes than can't 
make use of them.

I'd like to see a clarification of the intent of this bullet, 
relative to the concern I raised in my comment.

The next bullet in the section says:

In an environment where both secured and non-secured systems are 
interoperating a mechanism MUST exist for secured systems to identify 
whether an originator intended the information to be secured.

My questions was: Does this refer to the Origin AS or the neighbor AS?

I still think we need to say to which originator this bullet refers.

Finally, the last paragraph of (new) section 8 says:

An associated delegation criteria is the requirement to allow for 
non-BGP stub networks.  As a result, all secured BGP implementations 
MUST allow for the contemporaneous origination of a route for a 
prefix by more than one AS.

I had suggested adding the phrase "subject to the authorization 
criteria above." at the end of the last sentence. I was wondering why 
you chose to not add this?

Steve