BGPsec Router Certificate Rollover
draft-ietf-sidrops-bgpsec-rollover-04

Received changes through RFC Editor sync (created alias RFC 8634, changed abstract to 'Certification Authorities (CAs) within the Resource Public Key Infrastructure (RPKI) manage BGPsec router certificates as well as RPKI certificates.  The rollover of BGPsec router certificates must be carefully performed in order to synchronize the distribution of router public keys with BGPsec UPDATE messages verified with those router public keys.  This document describes a safe rollover process, and it discusses when and why the rollover of BGPsec router certificates is necessary.  When this rollover process is followed, the rollover will be performed without routing information being lost.', changed standardization level to Best Current Practice, changed state to RFC, added RFC published event at 2019-08-07, changed IESG state to RFC Published, created alias BCP 224)

[Ballot comment]
Thanks for a well-written document with clearly spelled-out rationale and explanations.

I agree with others that this document looks like a BCP rather than a standards track document; in particular, the following language is pretty compelling:

  This document does not contain a protocol update to either the RPKI
  or BGPsec.  It describes a process for managing BGPsec router
  certificates within the RPKI.

I also found a nit in Section 2: "In particular, if the AS suspects that a stale BGPsec updates is being distributed..." Either remove "a" or change "updates" to "update".

[Ballot comment]
Did the working group consider making this a BCP? It describes operational practices, not protocol.

-1: The draft contains a number of instances of "must" and "should" in lower case. If those are correct, please consider using the boilerplate from 8174.

[Ballot comment]
  BGPsec router certificate with a new public key and the time a BGPsec
  router begins to use its new private key).  This can be due to a need
  for a BGPsec router to distribute BGPsec updates signed with a new
Nit "the period between the time when an AS distributes ...."


  Protection against withdrawal suppression and replay attacks:  An AS
        may determine withdrawn BGPsec updates are being propagated
        instead of the most recently propagated BGPsec updates.
Nit: may determine that.


  certificate used for signing updates in transit is expected to live
  longer than the one used for signing origination updates.
Why is it unimportant to worry about replays on transit updates? As I read the references it's just that changing the transit key is expensive, right? But I'm not sure why that means you don't have to do it.

[Ballot comment]
[I'm not making this point as DISCUSS because it should be very easy to address, and the authors have already agreed to the change in response to Mirja.]

I think that the reference to I-D.ietf-sidr-rtr-keying should be Normative.

[Ballot comment]
This document really reads like it should be an informational document, or maybe a BCP. Further, the shepherd write-up says "Internet Standard final status" but I see Proposed Standard in the datatracker...? I would recommend to go for BCP if the wg can agree to that.

Also, should ietf-sidr-rtr-keying maybe be a normative reference, or is this just one example? The use of this reference in section 3.1 isn’t clear to me with this respect:
„The key rollover process is dependent on the key provisioning mechanisms adopted by an AS [I-D.ietf-sidr-rtr-keying].“

[Ballot comment]
This document really reads like it should be an informational document, or maybe a BCP. Further, the shepherd write-up says "Internet Standard final status" but I see Proposed Standard in the datatracker...? I would recommend to go for BCP if the wg can agree to that.

Also, should ietf-sidr-rtr-keying maybe be a normative reference, or is this just one example? The use of this reference in section 3.1 isn’t clear to me with this respect:
„The key rollover process is dependent on the key provisioning
  mechanisms adopted by an AS [I-D.ietf-sidr-rtr-keying].“

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has reviewed draft-ietf-sidrops-bgpsec-rollover-02, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
IANA Services Specialist

The following Last Call announcement was sent out (ends 2017-10-17):

From: The IESG
To: IETF-Announce
CC: morrowc@ops-netman.net, sidrops@ietf.org, draft-ietf-sidrops-bgpsec-rollover@ietf.org, sidrops-chairs@ietf.org, Chris Morrow , warren@kumari.net
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (BGPsec Router Certificate Rollover) to Proposed Standard


The IESG has received a request from the SIDR Operations WG (sidrops) to
consider the following document: - 'BGPsec Router Certificate Rollover'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2017-10-17. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  Certificate Authorities (CAs) managing CA certificates and End-Entity
  (EE) certificates within the Resource Public Key Infrastructure
  (RPKI) will also manage BGPsec router certificates.  But the rollover
  of CA and EE certificates BGPsec router certificates have additional
  considerations for Normal and emergency rollover processes.  The
  rollover must be carefully managed in order to synchronize
  distribution of router public keys and BGPsec routers creating BGPsec
  Update messages verified with those router public keys.  This
  document provides general recommendations for the rollover process,
  as well as describing reasons why the rollover of BGPsec router
  certificates might be necessary.  When this rollover process is
  followed the rollover should be accomplished without routing
  information being lost.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-rollover/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-sidrops-bgpsec-rollover/ballot/


No IPR declarations have been submitted directly on this I-D.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

ProposedStandard (Internet Standard final status)

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Certificate Authorities (CAs) managing CA certificates and End-Entity
  (EE) certificates within the Resource Public Key Infrastructure
  (RPKI) will also manage BGPsec router certificates.  But the rollover
  of CA and EE certificates BGPsec router certificates have additional
  considerations for Normal and emergency rollover processes.  The
  rollover must be carefully managed in order to synchronize
  distribution of router public keys and BGPsec routers creating BGPsec
  Update messages verified with those router public keys.  This
  document provides general recommendations for the rollover process,
  as well as describing reasons why the rollover of BGPsec router
  certificates might be necessary.  When this rollover process is
  followed the rollover should be accomplished without routing
  information being lost.

Working Group Summary

This document didn't raise the ire of the WG, which was nice for a change.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

There are existing implementations (3 main versions of RPKI supporting software).

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

Shepherd: Christopher Morrow (me)
ResponsibleAD: Warren Kumari

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document spent a good period of time in WG review, and had some final close-review by my co-chair and 2 crypto focused folks in the WG, which ended up making some changes in the text for clarity and such.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

no.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

no concerns.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

yes

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

no

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

pretty good for sidr.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

no

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

No nits to be found

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

no reviews were necessary, though some security folk went over the process described closely.

(13) Have all references within this document been identified as
either normative or informative?

yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

no

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

no

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

no

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

there are no IANA considerations.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

none.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

none required.

As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

ProposedStandard (Internet Standard final status)

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  Certificate Authorities (CAs) managing CA certificates and End-Entity
  (EE) certificates within the Resource Public Key Infrastructure
  (RPKI) will also manage BGPsec router certificates.  But the rollover
  of CA and EE certificates BGPsec router certificates have additional
  considerations for Normal and emergency rollover processes.  The
  rollover must be carefully managed in order to synchronize
  distribution of router public keys and BGPsec routers creating BGPsec
  Update messages verified with those router public keys.  This
  document provides general recommendations for the rollover process,
  as well as describing reasons why the rollover of BGPsec router
  certificates might be necessary.  When this rollover process is
  followed the rollover should be accomplished without routing
  information being lost.

Working Group Summary

This document didn't raise the ire of the WG, which was nice for a change.

Document Quality

  Are there existing implementations of the protocol? Have a
  significant number of vendors indicated their plan to
  implement the specification? Are there any reviewers that
  merit special mention as having done a thorough review,
  e.g., one that resulted in important changes or a
  conclusion that the document had no substantive issues? If
  there was a MIB Doctor, Media Type or other expert review,
  what was its course (briefly)? In the case of a Media Type
  review, on what date was the request posted?

There are existing implementations (3 main versions of RPKI supporting software).

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

Shepherd: Christopher Morrow (me)
ResponsibleAD: Alvaro Retana

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

The document spent a good period of time in WG review, and had some final close-review by my co-chair and 2 crypto focused folks in the WG, which ended up making some changes in the text for clarity and such.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

No concerns.


(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

no.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

no concerns.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

yes

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

no

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

pretty good for sidr.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

no

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

No nits to be found

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

no reviews were necessary, though some security folk went over the process described closely.

(13) Have all references within this document been identified as
either normative or informative?

yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

no

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

no

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

no

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

there are no IANA considerations.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

none.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

none required.