Hi Spencer,
Please see my comments inline below marked with [Sriram].
I have made changes in the document in response to your comments.
You’ll see them in version-22 (to be uploaded in the next few days).
>Perhaps I'm just having a good day, but this is
>one of the clearest BGP-related specifications
>I can remember reviewing. Thanks for that,
>and especially for the background on design decisions.
[Sriram] Very kind of you. Thank you.
>
> I did have questions on two points
>(which are spread across multiple sections).
>
> I started out wondering why
>
>Note that BGPsec update messages can be quite large, therefore any
>BGPsec speaker announcing the capability to receive BGPsec messages
>SHOULD also announce support for the capability to receive BGP
>extended messages [I-D.ietf-idr-bgp-extended-messages].
>
> isn't a MUST, but Section 7 explains this
>
>In Section 2.2, is was stated that a BGPsec speaker SHOULD announce
>support for the capability to receive BGP extended messages. Lack of
>negotiation of this capability is not expected to pose a problem in
>the early years of BGPsec deployment. However, as BGPsec is deployed
>more and more, the BGPsec update messages would grow in size and some
>messages may be dropped due to their size exceeding the current 4K
>bytes limit. Therefore, it is strongly RECOMMENDED that all BGPsec
>speakers negotiate the extended message capability within a
>reasonable period of time after initial deployment of BGPsec.
>
> Perhaps that's worth a forward pointer?
>(or maybe even dragging this paragraph forward from Section 7)
[Sriram] I have put in a forward pointer in Section 2.2.
It reads, “Please see related operational guidance in Section 7.”
>
> I'm looking at
>
>BGPsec speakers SHOULD drop
>incoming update messages with pCount set to zero in cases where the
>BGPsec speaker does not expect its peer to set pCount to zero.
> (That
>is, pCount is only to be set to zero in cases such as route servers
>or AS Number Migration where the BGPsec speaker's peer expects pCount
>to be set to zero.)
>
> and wondering why that's not a MUST. If I'm understanding this
>correctly (which is theoretically possible), the BGPsec speaker
>is telling its peer that it's not participating as a transit AS,
>but the peer thinks it should be. Is there anything intelligent
>that the peer can do with the update?
[Sriram] You are absolutely right: MUST makes sense. Because later in
Section 5.2 check list, we say:
7. If the update message was received from a peer that is not
expected to set pCount equal to zero (see Section 4.2 and
Section 4.3) then check to ensure that the pCount field in the
most-recently added Secure_Path Segment is not equal to zero.
(See router configuration guidance related to this in Section 7.)
[Sriram] In Section 5.2, we also say:
If any of these checks fail, it is an error in the BGPsec_Path
attribute.
[Sriram] Since the receiver action is clearly stated in Section 5.2,
I have dropped the two sentences you cited beginning with
“BGPsec speakers SHOULD drop incoming update
messages with pCount set to zero…”
from Section 4.2 which is all about sender actions.
That particular paragraph now reads:
A route server that participates in the BGP control plane, but does
not act as a transit AS in the data plane, may choose to set pCount
to 0. This option enables the route server to participate in BGPsec
and obtain the associated security guarantees without increasing the
length of the AS path. (Note that BGPsec speakers compute the length
of the AS path by summing the pCount values in the BGPsec_Path
attribute, see Section 5.) However, when a route server sets the
pCount value to 0, it still inserts its AS number into the
Secure_Path Segment, as this information is needed to validate the
signature added by the route server. See
[I-D.ietf-sidr-as-migration] for a discussion of setting pCount to 0
to facilitate AS Number Migration. Also see Section 4.3 for the use
of pCount=0 in the context of an AS confederation. See Section 7 for
operational guidance for configuring a BGPsec router for setting
pCount=0 and/or accepting pCount=0 from a peer.
>
> Section 7 refers to this SHOULD, while adding a few more SHOULDs.
>
>A peer that is an Internet Exchange Point (IXP) (i.e. Route Server)
>with a transparent AS is expected to set pCount = 0 in its
>Secure_Path Segment while forwarding an update to a peer (see
>Section 4.2). Clearly, such an IXP SHOULD configure itself to set
>its own pCount = 0. As stated in Section 4.2, "BGPsec speakers
>SHOULD drop incoming update messages with pCount set to zero in cases
>where the BGPsec speaker does not expect its peer to set pCount to
>zero." This means that a BGPsec speaker SHOULD be configured so that
>