From 6d734dcd3b03e168e99bf8a5774d38e3ee66d1c6 Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Wed, 1 Jun 2022 10:57:35 -0700
Subject: [PATCH] -08 after another mohamed review

---
 draft-ietf-sidrops-8210bis.xml | 103 ++++++++++++++++++++-------------
 1 file changed, 63 insertions(+), 40 deletions(-)

diff --git a/draft-ietf-sidrops-8210bis.xml b/draft-ietf-sidrops-8210bis.xml
index faa7cb8..43cad7c 100644
--- a/draft-ietf-sidrops-8210bis.xml
+++ b/draft-ietf-sidrops-8210bis.xml
@@ -10,7 +10,7 @@
 <?rfc compact="yes"?>
 <?rfc subcompact="no"?>
 
-<rfc category="std" docName="draft-ietf-sidrops-8210bis-07" submissionType="IETF" updates="8210" ipr="trust200902" consensus="yes">
+<rfc category="std" docName="draft-ietf-sidrops-8210bis-08" submissionType="IETF" updates="8210" ipr="trust200902" consensus="yes">
 
   <front>
 
@@ -415,8 +415,8 @@
 	      whether this PDU announces a new Router Key or deletes one
 	      previously announced Router Key PDU with the exact same AS
 	      Number, subjectKeyIdentifier, and
-	      subjectPublicKeyInfo.</t>
-	      
+	      subjectPublicKeyInfo.
+	    </t>
             <t>
               The remaining bits in the Flags field are reserved for
               future use.
@@ -448,19 +448,39 @@
               including the ASN.1 tag and length values of the
               subjectPublicKeyInfo SEQUENCE.
             </t>
-          <t hangText="Refresh Interval:">
-            Interval between normal cache polls.
-            See <xref target="timing"/>.
-          </t>
-          <t hangText="Retry Interval:">
-            Interval between cache poll retries after a failed cache poll.
-            See <xref target="timing"/>.
-          </t>
-          <t hangText="Expire Interval:">
-            Interval during which data fetched from a cache remains
-            valid in the absence of a successful subsequent cache poll.
-            See <xref target="timing"/>.
-          </t>
+	    <t hangText="Refresh Interval:">
+	      Interval between normal cache polls.  See <xref
+	      target="timing"/>.
+	    </t>
+	    <t hangText="Retry Interval:">
+	      Interval between cache poll retries after a failed cache poll.
+	      See <xref target="timing"/>.
+	    </t>
+	    <t hangText="Expire Interval:">
+	      Interval during which data fetched from a cache remains
+	      valid in the absence of a successful subsequent cache poll.
+	      See <xref target="timing"/>.
+	    </t>
+            <t hangText="AFI Flags:">
+	      A field of the ASPA PDU where the low order bit denotes
+	      whether the AS relationships are for IPv4 (0) or IPv6 (1)
+	      AFI.
+	    </t>
+            <t hangText="Provider AS Count:">
+	      The number of Provider Autonomous System Numbers in the
+	      PDU.
+	    </t>
+            <t hangText="Customer Autonomous System Number:">
+	      The AS number of the Autonomous System that authorizes the
+	      upstream providers listed in the Provider Autonomous
+	      System list to propagate prefixes of the specified address
+	      family other ASes.
+	    </t>
+            <t hangText="Provider Autonomous System Numbers:">
+	      The set of AS numbers authorized to propagate prefixes of
+	      the spacified AFI which were received from the customer
+	      AS.
+	    </t>
           </list>
         </t>
       </section>
@@ -978,22 +998,22 @@
 	  particular Address Family.  Receipt of an ASPA PDU
 	  announcement (announce/withdraw flag == 1) when the router
 	  already has an ASPA PDU with the same Customer Autonomous
-	  System Number and the same Address Family (see Flags field),
-	  replaces the previous one.  This is to avoid a race condition
-	  when a BGP announcement is received between a withdrawn ASPA
-	  PDU and a newly announced ASPA PDU.  Therefore, the cache MUST
-	  deliver the complete data of an ASPA record in a single ASPA
-	  PDU.
+	  System Number and the same Address Family (see AFI Flags
+	  field), replaces the previous one.  This is to avoid a race
+	  condition when a BGP announcement is received between a
+	  withdrawn ASPA PDU and a newly announced ASPA PDU.  Therefore,
+	  the cache MUST deliver the complete data of an ASPA record in
+	  a single ASPA PDU.
 	</t>
 	
 	<t>
-	  The router should see at most one ASPA from a cache for a
-	  particular Customer Autonomous System Number active at any
-	  time.  As a number of conditions in the global RPKI may
-	  present multiple valid ASPA RPKI records for a single customer
-	  to a particular RP cache, this places a burden on the cache to
-	  form the union of multiple ASPA records it has received from
-	  the global RPKI into one ASPA PDU.
+	  The router should see at most one ASPA for a given AFI from a
+	  cache for a particular Customer Autonomous System Number
+	  active at any time.  As a number of conditions in the global
+	  RPKI may present multiple valid ASPA RPKI records for a single
+	  customer to a particular RP cache, this places a burden on the
+	  cache to form the union of multiple ASPA records it has
+	  received from the global RPKI into one ASPA PDU.
 	</t>
 	
         <t>
@@ -1004,11 +1024,11 @@
       	  For the ASPA PDU, the announce/withdraw Flag is set to 1 to
       	  indicate either the announcement of a new ASPA record or a
       	  replacement for a previously announced record with the same
-      	  Customer Autonomous System Number.  The announce/withdraw flag
-      	  set to 0 indicates removal of the ASPA record in total.  Here,
-      	  only the customer AS of the ASPA record MUST be provided, the
-      	  Provider AS Count as well as the Provider AS Numbers list MUST
-      	  BE zero.
+      	  Customer Autonomous System Number and AFI.  The
+      	  announce/withdraw flag set to 0 indicates removal of the ASPA
+      	  record in total.  Here, only the AFI and the customer AS of
+      	  the ASPA record MUST be provided, the Provider AS Count as
+      	  well as the Provider AS Numbers list MUST be zero.
 	</t>
 	
 	<t>
@@ -1083,7 +1103,7 @@
             <list style="hanging">
               <t hangText="Minimum allowed value:">1 second.</t>
               <t hangText="Maximum allowed value:">86400 seconds (1 day).</t>
-              <t hangText="Recommended default:">3600 seconds (2 hours).</t>
+              <t hangText="Recommended default:">3600 seconds (1 hour).</t>
             </list>
           </t>
           <t hangText="Retry Interval:">
@@ -1112,7 +1132,7 @@
             <list style="hanging">
               <t hangText="Minimum allowed value:">600 seconds (10 minutes).</t>
               <t hangText="Maximum allowed value:">172800 seconds (2 days).</t>
-              <t hangText="Recommended default:">3600 seconds (1 hour).</t>
+              <t hangText="Recommended default:">7200 seconds (2 hours).</t>
             </list>
           </t>
         </list>
@@ -1143,7 +1163,10 @@
         Version") and terminate the connection; in which case the
         Arbitrary Text field of the ERROR Report PDU MUST be a list of
         one octet binary integers indicating the version numbers the
-        cache supports.
+        cache supports.  The router MUST choose the highest mutally
+        supported version.  If there are none, the router MUST abort the
+        session, sending a version 2 Error Report PDU with Error Code 4
+        ("Unsupported Protocol Version").
       </t>
       <t>
         If a router which supports version N sends a query to a cache
@@ -1152,9 +1175,9 @@
         <list style="numbers">
           <t>
             The cache may terminate the connection, perhaps with a
-            version 4 Error Report PDU, Unsupported Protocol Version.
-            In this case, the router MAY retry the connection using
-            protocol version C.
+            version 2 Error Report PDU with Error Code 4 ("Unsupported
+            Protocol Version").  In this case, the router MAY retry the
+            connection using protocol version C.
           </t>
           <t>
             The cache may reply with a version C response.  In this