--- 1/draft-ietf-grow-mrt-14.txt	2011-07-06 20:16:13.000000000 +0200
+++ 2/draft-ietf-grow-mrt-15.txt	2011-07-06 20:16:13.000000000 +0200
@@ -1,20 +1,20 @@
 
 Network Working Group                                           L. Blunk
 Internet-Draft                                                  M. Karir
 Intended status: Informational                             Merit Network
-Expires: October 22, 2011                                    C. Labovitz
-                                                          Arbor Networks
-                                                          April 20, 2011
+Expires: January 7, 2012                                     C. Labovitz
+                                                      Deepfield Networks
+                                                            July 6, 2011
 
                  MRT routing information export format
-                       draft-ietf-grow-mrt-14.txt
+                       draft-ietf-grow-mrt-15.txt
 
 Abstract
 
    This document describes the MRT format for routing information
    export.  This format was developed in concert with the Multi-threaded
    Routing Toolkit (MRT) from whence the format takes it name.  The
    format can be used to export routing protocol messages, state
    changes, and routing information base contents.
 
 Status of this Memo
@@ -25,21 +25,21 @@
    Internet-Drafts are working documents of the Internet Engineering
    Task Force (IETF).  Note that other groups may also distribute
    working documents as Internet-Drafts.  The list of current Internet-
    Drafts is at http://datatracker.ietf.org/drafts/current/.
 
    Internet-Drafts are draft documents valid for a maximum of six months
    and may be updated, replaced, or obsoleted by other documents at any
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on October 22, 2011.
+   This Internet-Draft will expire on January 7, 2012.
 
 Copyright Notice
 
    Copyright (c) 2011 IETF Trust and the persons identified as the
    document authors.  All rights reserved.
 
    This document is subject to BCP 78 and the IETF Trust's Legal
    Provisions Relating to IETF Documents
    (http://trustee.ietf.org/license-info) in effect on the date of
    publication of this document.  Please review these documents
@@ -749,27 +749,36 @@
    information data.  The fields defined in the MRT specification are of
    a descriptive nature and provide information that is useful to
    facilitate the analysis of routing data.  As such, the fields
    currently defined in the MRT specification do not in themselves
    create additional security risks, since the fields are not used to
    induce any particular behavior by the recipient application.
 
    Some information contained in an MRT data structure might be
    considered sensitive or private.  For example, a BGP peer that sends
    a message to an MRT-enabled router might not expect that message to
-   be shared beyond the AS to which it is sent.  The proposed
-   geolocation extension to MRT could reveal the location of an MRT
-   router's peers [I- D.ietf-grow-geomrt].  An organization that intends
-   to use the MRT structure to export routing information beyond the
-   domain where it normally accessible (e.g., publishing MRT dumps for
-   use by researchers) should verify with any peers whose information
-   might be included, and possibly remove sensitive fields.
+   be shared beyond the AS to which it is sent.
+
+   Information that could be considered sensitive include BGP peer IP
+   addresses, BGP Next Hop IP addresses, and BGP Path Attributes.  Such
+   information could be useful to mount attacks against the BGP protocol
+   and routing infrastructure.  RFC 4272 [RFC4272] examines a number of
+   weaknesses in the BGP protocol which could potentially be exploited.
+
+   An organization that intends to use the MRT structure to export
+   routing information beyond the domain where it normally accessible
+   (e.g., publishing MRT dumps for use by researchers) should verify
+   with any peers whose information might be included, and possibly
+   remove sensitive fields.
+
+   The proposed geolocation extension to MRT could reveal the location
+   of an MRT router's peers [I- D.ietf-grow-geomrt].
 
 7.  References
 
 7.1.  Normative References
 
    [IANA-AF]  "Address Family Numbers",
               <http://www.iana.org/numbers.html>.
 
    [RFC0791]  Postel, J., "Internet Protocol", STD 5, RFC 791,
               September 1981.
@@ -810,20 +819,23 @@
    [MRT PROG GUIDE]
               Labovitz, C., "MRT Programmer's Guide", November 1999,
               <http://www.merit.edu/networkresearch/mrtprogrammer.pdf>.
 
    [RFC2080]  Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
               January 1997.
 
    [RFC2453]  Malkin, G., "RIP Version 2", STD 56, RFC 2453,
               November 1998.
 
+   [RFC4272]  Murphy, S., "BGP Security Vulnerabilities Analysis",
+              RFC 4272, January 2006.
+
 Appendix A.  MRT Encoding Examples
 
    This appendix, which is not a normative reference, contains a MRT
    encoding examples.
 
    The following example shows the encoding for a MRT record type of
    BGP4MP and subtype BGP4MP_MESSAGE_AS4.  The Peer AS and Local AS
    numbers are encoded in 4 bytes fields due to the use of the
    BGP4MP_MESSAGE_AS4 subtype.  The encoded BGP Update is shown in
    hexadecimal.  The AS numbers in the ASPATH in the BGP Update are
@@ -1289,13 +1301,13 @@
    Merit Network
 
    Email: ljb@merit.edu
 
    Manish Karir
    Merit Network
 
    Email: mkarir@merit.edu
 
    Craig Labovitz
-   Arbor Networks
+   Deepfield Networks
 
-   Email: labovit@arbor.net
+   Email: labovit@deepfield.net