Re: [secdir] Secdir review of draft-ietf-sidr-bgpsec-ops-12

Randy Bush <> Mon, 02 January 2017 00:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3E34D129493; Sun, 1 Jan 2017 16:26:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.001
X-Spam-Status: No, score=-10.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-3.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6pX59toofUlR; Sun, 1 Jan 2017 16:26:47 -0800 (PST)
Received: from ( [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1A9C5129475; Sun, 1 Jan 2017 16:26:47 -0800 (PST)
Received: from localhost ([] by with esmtp (Exim 4.86_2) (envelope-from <>) id 1cNqSa-0004KX-Gj; Mon, 02 Jan 2017 00:26:44 +0000
Date: Mon, 02 Jan 2017 09:26:41 +0900
Message-ID: <>
From: Randy Bush <>
To: Rich Salz <>
In-Reply-To: <>
References: <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/24.5 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <>
Cc: IESG <>, secdir <>
Subject: Re: [secdir] Secdir review of draft-ietf-sidr-bgpsec-ops-12
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Jan 2017 00:26:48 -0000

thanks for the review.  always a pleasure to get competent reviews.

> Section 1:
>   BGPsec need be spoken only by an AS's eBGP speaking, AKA border, routers,
> I suggest the following (if I got the meaning right); hyphenate and use or not AKA
>   BGPsec need be spoken only by an AS's eBGP-speaking, or border, routers,

no problem with hyphen.  but "or" implies an alternative, which could
confuse.  what bothers you about "AKA?"  want it unpacked?  "often

> Should section 2 be merged into section 1?

certainly could.  dunno about should. :)

> ROA should be spelled out when first used.


> Section 4, "A large operator ... may accept" Perhaps deploy, not
> accept?

eenie meenie.  by "accept" i meant to imply a tradeoff.  but fine.

> I think the "On the other extreme" is redundant and could be removed.

ok, how about "At the other end of the spectrum?"  i am trying to paint
a tradeoff space.

> Section 5 change the comma to a colon in the first sentence?

you drove me back to strunk & white.  imiho, the second clause is
insufficiently independent (no verb, does not begin with "and," "but,"
etc), to use a semicolon.  and it certainly is not a 'follow' list,
which would use a colon.

> In "The operator should be aware..." change to "An" ?  Similarly in
> section 6, "Operators might need to ..."  Change to "An operator"?
> This is part of having overall consistency about one/the/an operator
> reference.  A level of nit we don't ordinarily think about :)

you're worse than my grandmother, an english teacher, who used to send
my letters back red-marked.

> Section 7, spell out iBGP at first use?

hmmm.  we did not unpack eBGP, BGP, or BGPsec.  we could go nuts, or is
it nits, here.  let's save finding the detent on this knob to rfced.
they are pretty careful in this space.

> Section 9, perhaps add a sentence like: "This document outlines some
> of the operational issues defined there" or some such.

i tried that, changing "defined" to "described."  but actually that
document does not describe, let alone define, most of the operational
considerations this document tries to address.  as adding such a
sentence does not really add a lot to the semantics, i hope you do not
mind if i pass on this one.

> Section 11, are you thinking three parties or two?  If three, put the
> design group last; if two, put the two names in parens.

one where the oxford comma did not bail me out.  good catch.

i have the edits in my xml copy.  shout if you think any are
sufficiently serious to warrant pussing the button.  otherwise i will
hold for other reviews.

again, thanks.