--- 1/draft-ietf-sidrops-aspa-profile-03.txt 2020-11-02 10:14:24.563401911 -0800 +++ 2/draft-ietf-sidrops-aspa-profile-04.txt 2020-11-02 10:14:24.583402416 -0800 @@ -1,27 +1,27 @@ Network Working Group A. Azimov Internet-Draft Yandex Intended status: Standards Track E. Uskov -Expires: March 14, 2021 JetLend +Expires: May 6, 2021 JetLend R. Bush Internet Initiative Japan K. Patel Arrcus J. Snijders NTT R. Housley Vigil Security - September 10, 2020 + November 2, 2020 A Profile for Autonomous System Provider Authorization - draft-ietf-sidrops-aspa-profile-03 + draft-ietf-sidrops-aspa-profile-04 Abstract This document defines a standard profile for Autonomous System Provider Authorization in the Resource Public Key Infrastructure. An Autonomous System Provider Authorization is a digitally signed object that provides a means of verifying that a Customer Autonomous System holder has authorized members of Provider set to be its upstream providers and for the Providers to send prefixes received from the Customer Autonomous System in all directions including providers and @@ -43,21 +43,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on March 14, 2021. + This Internet-Draft will expire on May 6, 2021. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -259,20 +259,29 @@ Please add the ASPA to the RPKI Signed Object registry (https://www.iana.org/assignments/rpki/rpki.xhtml#signed-objects) as follows: Name | OID | Specification ----------------------------------------------------------- ASPA | 1.2.840.113549.1.9.16.1.TBD | [ThisRFC] 7. Security Considerations + While it's not restricted, but it's highly recommended maintaining + for selected Customer AS a single ASPA object that covers all its + providers. Such policy should prevent race conditions during ASPA + updates that might affect prefix propagation. The software that + provides hosting for ASPA records SHOULD support enforcement of this + rule. In the case of the transition process between different CA + registries, the ASPA records SHOULD be kept identical in all + registries. + 8. Acknowledgments 9. References 9.1. Normative References [IANA-AF] IANA, "Address Family Numbers", . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate