clean up to be neither obsoletes nor updates :)

draft-ietf-sidrops-8210bis.xml

@@ -10,7 +10,7 @@
 <?rfc compact="yes"?>
 <?rfc subcompact="no"?>
 
-<rfc category="std" docName="draft-ietf-sidrops-8210bis-09" submissionType="IETF" updates="8210" ipr="trust200902" consensus="yes">
+<rfc category="std" docName="draft-ietf-sidrops-8210bis-10" submissionType="IETF" ipr="trust200902" consensus="yes">
 
   <front>
 
@@ -54,7 +54,7 @@
       <t>
         This document describes version 2 of the RPKI-Router protocol.
         RFC 6810 describes version 0, and RFC 8210 describes version 1.
-        This document updates and replaces RFC 8210.
+        This document is compatible with both.
       </t>
     </abstract>
 
@@ -65,17 +65,24 @@
     <section anchor="Intro" title="Introduction">
       <t>
         In order to verifiably validate the origin Autonomous Systems
-        (ASs) and AS paths of BGP announcements, routers need a
+        (ASes) and AS paths of BGP announcements, routers need a simple
-        simple but reliable mechanism to receive cryptographically
+        but reliable mechanism to receive cryptographically validated
-        validated Resource Public Key Infrastructure (RPKI)
+        Resource Public Key Infrastructure (RPKI) <xref
-        <xref target="RFC6480"/> prefix origin data and router keys
+        target="RFC6480"/> prefix origin data and router keys from a
-        from a trusted cache.  This document describes a protocol to
+        trusted cache.  This document describes a protocol to deliver
-        deliver them.  The design is intentionally constrained to be
+        them.  The design is intentionally constrained to be usable on
-        usable on much of the current generation of ISP router
+        much of the current generation of ISP router platforms.
-        platforms.
       </t>
 
-      <t>This document updates <xref target="RFC8210"/>.</t>
+      <t>
+        This specification documents version 2 of the RPKI-RTR protocol.
+        Earlier versions are documented in <xref target="RFC6810"/> and
+        <xref target="RFC8210"/>.  Though this version is, of course,
+        preferred, the earlier versions are expected to continue to be
+        productively deployed indefinitely, and <xref target="version"/>
+        details how to downgrade from this version to earlier versions
+        as needed in order to interoperate.
+      </t>
 
       <t>
         <xref target="Struct"/> describes the deployment structure, and
@@ -122,13 +129,14 @@
             </t>
 	    <t>
 	      A small <xref target="races"/> has been added to handle
-	      two ROA (Route Origination Authorization) PDU race
+	      two possible ROA (Route Origination Authorization) PDU
-	      conditions, Break Before Make and Shorter Prefix First.
+	      race conditions, Break Before Make and Shorter Prefix
+	      First.
 	    </t>
             <t>
               The protocol version number incremented from 1 (one) to 2
-              (two) and <xref target="version"/> has been
+              (two) and <xref target="version"/> has been updated
-              updated accordingly.
+              accordingly.
             </t>
           </list>
         </t>
@@ -236,12 +244,12 @@
         on their caches and the Global RPKI.
       </t>
       <t>
-        Periodically, the router sends to the cache the most recent
+        Periodically, the router sends a Serial Query to the cache the
-        Serial Number for which it has received data from that
+        most recent Serial Number for which it has received data from
-        cache, i.e., the router's current Serial Number, in the form of a
+        that cache, i.e., the router's current Serial Number, in the
-        Serial Query.  When a router establishes a new session with a
+        form of a Serial Query.  When a router establishes a new session
-        cache or wishes to reset a current relationship, it sends a
+        with a cache or wishes to reset a current relationship, it sends
-        Reset Query.
+        a Reset Query.
       </t>
       <t>
         The cache responds to the Serial Query with all data changes
@@ -293,7 +301,7 @@
       <t>
 	Should a transport connection be lost for unknown reasons, the
 	router SHOULD try to reestablish one; being careful to not abuse
-	the cache with twoo many failed requests.
+	the cache with two many failed requests.
       </t>
     </section>
 
@@ -321,7 +329,7 @@
               e.g., IPv4 Prefix.
             </t>
             <t hangText="Serial Number:">
-              A 32-bit unsigned integer serializing the RPKI cache epoc
+              A 32-bit unsigned integer serializing the RPKI cache epoch
               when this set of PDUs was received from an upstream cache
               server or gathered from the Global RPKI.  A cache
               increments its Serial Number when completing a validated
@@ -438,7 +446,7 @@
               announce a prefix or associated with a router key.
             </t>
             <t hangText="Subject Key Identifier:">
-	      The 20-bit Subject Key Identifier (SKI) value of a router
+	      The 20-octet Subject Key Identifier (SKI) value of a router
 	      key, as described in <xref target="RFC6487"/>.
             </t>
             <t hangText="Subject Public Key Info:">
@@ -474,7 +482,7 @@
 	      The 32-bit AS number of the Autonomous System that
 	      authorizes the upstream providers listed in the Provider
 	      Autonomous System list to propagate prefixes of the
-	      specified address family other ASes.
+	      specified address family to other ASes.
 	    </t>
             <t hangText="Provider Autonomous System Numbers:">
 	      The set of 32-bit AS numbers authorized to propagate
@@ -686,7 +694,7 @@
           </artwork>
         </figure>
 	<t>
-	  This PDU carries an <xref target="RFC6811"/> Vidated ROA
+	  This PDU carries an <xref target="RFC6811"/> Validated ROA
 	  Payload (VRP) for an IPv4 ROA.
 	</t>
         <t>
@@ -751,7 +759,7 @@
           </artwork>
         </figure>
 	<t>
-	  This PDU carries an <xref target="RFC6811"/> Vidated ROA
+	  This PDU carries an <xref target="RFC6811"/> Validated ROA
 	  Payload (VRP) for an IPv6 ROA.
 	</t>
         <t>
@@ -945,9 +953,10 @@
           MAY be truncated.
         </t>
         <t>
-          The Arbitrary Bytes field is optional; if not present, the
+          The Arbitrary Text field is optional; if not present, the
-          Length of Arbitrary Bytes field MUST be zero.  If Arbitrary
+          Length of Arbitrary text field MUST be zero.  If Arbitrary
-          Bytes are present, they are, as named, arbitrary values.
+          Text is present, it MUST be a string in UTF-8 encoding (see
+          <xref target="RFC3629"/>) in the Queen's English.
         </t>
         <figure>
           <artwork>
@@ -970,13 +979,13 @@
 |                                           |
 +-------------------------------------------+
 |                                           |
-|         Length of Arbitrary Bytes         |
+|         Length of Arbitrary Text          |
 |                                           |
 +-------------------------------------------+
 |                                           |
-|              Arbitrary Bytes              |
+|              Arbitrary Text               |
-|                    of                     |
+~                    of                     ~
-~             Error Diagnostic         	    ~
+|          Error Diagnostic Message         |
 |                                           |
 `-------------------------------------------'
           </artwork>
@@ -1015,20 +1024,17 @@
 	<t>
 	  The ASPA PDU supports <xref
 	  target="I-D.ietf-sidrops-aspa-profile"/>.  An ASPA PDU
-	  represents one single customer AS and its provider ASs for a
+	  represents one single customer AS and its provider ASes for a
 	  particular Address Family.  Receipt of an ASPA PDU
 	  announcement (announce/withdraw flag == 1) when the router
 	  already has an ASPA PDU with the same Customer Autonomous
 	  System Number and the same Address Family (see AFI Flags
-	  field), replaces the previous one.  This is to avoid a race
+	  field), replaces the previous one.  The cache MUST deliver the
-	  condition when a BGP announcement is received between a
+	  complete data of an ASPA record in a single ASPA PDU.
-	  withdrawn ASPA PDU and a newly announced ASPA PDU.  Therefore,
-	  the cache MUST deliver the complete data of an ASPA record in
-	  a single ASPA PDU.
 	</t>
 	
 	<t>
-	  The router should see at most one ASPA for a given AFI from a
+	  The router MUST see at most one ASPA for a given AFI from a
 	  cache for a particular Customer Autonomous System Number
 	  active at any time.  As a number of conditions in the global
 	  RPKI may present multiple valid ASPA RPKI records for a single
@@ -1057,18 +1063,9 @@
 	</t>
 	
 	<t>
-	  The AFI Flags field is defined as follows:
+	  The AFI Flags field is defined in <xref target="IANA"/>.
 	</t>
 	
-    <figure>
-      <artwork>
-    Bit     Bit Name
-    ----    -------------------
-     0      AFI (IPv4 == 0, IPv6 == 1)
-     1-7    Reserved, MUST be zero
-       </artwork>
-    </figure>
-    
         <t>
           The Provider AS Count is the number of 32-bit Provider
           Autonomous System Numbers in the PDU.
@@ -1076,10 +1073,10 @@
 	
         <t>
           The Customer Autonomous System Number is the 32-bit Autonomous
-          System Number of the customer which authenticated the PDU.
+          System Number of the customer which authenticated the ASPA
-          For a given AFI, there MUST be one and only one ASPA for a
+          RPKI data.  For a given AFI, there MUST be one and only one
-          Customer Autonomous System Number active in the router at any
+          ASPA for a Customer Autonomous System Number active in the
-          time.
+          router at any time.
         </t>
 	
         <t>
@@ -1171,18 +1168,16 @@
         the highest version of this protocol the router implements.
       </t>
       <t>
-        If a cache which supports version N receives a query from a
+        If a cache which supports version N receives a Reset Query with
-        router which specifies its highest supported version Q &lt; N,
+        Version Q &lt; N, the cache MUST downgrade to protocol version Q
-        the cache MUST downgrade to protocol version Q <xref
+        <xref target="RFC6810"/> or <xref target="RFC8210"/>.  If the
-        target="RFC6810"/> or <xref target="RFC8210"/> or send a version
+        router's Reset Request was Q &gt; N, the cache MUST send a
-        2 Error Report PDU with Error Code 4 ("Unsupported Protocol
+        version 2 Error Report PDU with Error Code 4 ("Unsupported
-        Version") and terminate the connection; in which case the
+        Protocol Version"), and the router MUST send another Reset Query
-        Arbitrary Bytes field of the Error Report PDU MUST be a list of
+        with a lower Version Q.  Yjis MAY repeat.  If the router
-        one octet binary integers indicating the version numbers the
+        requests Q == 0 and it still fails, then the router MUST abort
-        cache supports.  The router MUST choose the highest mutally
+        the session, sending a version 2 Error Report PDU with Error
-        supported version.  If there are none, the router MUST abort the
+        Code 4 ("Unsupported Protocol Version").
-        session, sending a version 2 Error Report PDU with Error Code 4
-        ("Unsupported Protocol Version").
       </t>
       <t>
         If a router which supports version N sends a query to a cache
@@ -1204,7 +1199,7 @@
       </t>
       <t>
         In any of the downgraded combinations above, the new features of
-        the higher version will not be available, and all PDUs will have
+        the higher version will not be available, and all PDUs MUST have
         the negotiated lower version number in their version fields.
       </t>
       <t>
@@ -1277,16 +1272,16 @@ Cache                         Router
         <t>
           When a transport connection is first established, the router
           MUST send either a Reset Query or a Serial Query.  A Serial
-          Query would be appropriate if the router has significant
+          Query would be appropriate if the router has unexpired data
-          unexpired data from a broken session with the same cache and
+          from a broken session with the same cache and remembers the
-          remembers the Session ID of that session, in which case a
+          Session ID of that session, in which case a Serial Query
-          Serial Query containing the Session ID from the previous
+          containing the Session ID from the previous session will allow
-          session will allow the router to bring itself up to date
+          the router to bring itself up to date while ensuring that the
-          while ensuring that the Serial Numbers are commensurate and
+          Serial Numbers are commensurate and that the router and cache
-          that the router and cache are speaking compatible versions
+          are speaking compatible versions of the protocol.  In all
-          of the protocol.  In all other cases, the router lacks the
+          other cases, the router lacks the necessary data for fast
-          necessary data for fast resynchronization and therefore
+          resynchronization and therefore MUST fall back to a Reset
-          MUST fall back to a Reset Query.
+          Query.
         </t>
         <t>
           The Reset Query sequence is also used when the router
@@ -1588,8 +1583,9 @@ Cache                         Router
               <xref target="RFC6125"/>.
             </t>
             <t>
-              The client router MUST set its "reference identifier" to
+              The client router MUST set its "reference identifier" (see
-              the DNS name of the rpki-rtr cache.
+              Section 6.2 of <xref target="RFC6125"/>) to the DNS name
+              of the rpki-rtr cache.
             </t>
           </list>
         </t>
@@ -1636,7 +1632,7 @@ Cache                         Router
         and a cache may be configured to support a selection of routers.
         Each must have the name of, and authentication data for, each
         peer.  In addition, in a router, this list has a non-unique
-        preference value for each server.  This preference is intended
+        preference value for each cache.  This preference is intended
         to be based on proximity, a la RTT, not trust, preferred belief,
         et cetera.  The client router attempts to establish a session
         with each potential serving cache in preference order and then
@@ -1902,7 +1898,7 @@ Cache                         Router
             to a cache.
           </t>
           <t>
-            Reliable transport protocols (i.e. not raw TCP) will
+            Authenticating transport protocols (i.e. not raw TCP) will
             authenticate the identity of the cache server to the router
             client, and vice versa, before any data are exchanged.
           </t>
@@ -1959,6 +1955,24 @@ Cache                         Router
               0-2     255   Reserved
         </artwork>
       </figure>
+
+      <t>
+	This document requests the IANA to create a registry for ASPA
+	AFI Flags 0 to 7.  The name of the registry should be
+	rpki-rtr-afi.  The policy for adding to the registry is Expert
+	Review per <xref target="RFC8126"/>, where the responsible IESG
+	area director should appoint the Expert Reviewer.  The initial
+	entries should be as follows:
+        <figure>
+          <artwork>
+	  Bit     Bit Name
+	  ----    -------------------
+	   0      AFI (IPv4 == 0, IPv6 == 1)
+	   1-7    Reserved, MUST be zero
+	   </artwork>
+	 </figure>
+       </t>
+
     </section>
 
   </middle>
@@ -1982,6 +1996,7 @@ Cache                         Router
       <?rfc include="reference.RFC.1982.xml"?>
       <?rfc include="reference.RFC.2119.xml"?>
       <?rfc include="reference.RFC.2385.xml"?>
+      <?rfc include="reference.RFC.3629.xml"?>
       <?rfc include="reference.RFC.4252.xml"?>
       <?rfc include="reference.RFC.4301.xml"?>
       <?rfc include="reference.RFC.5280.xml"?>