in the long run, the number of routers which might have individual keys may be on the order of the number of prefixes. we are still learning about fragmentation as v4 use matures. i am not worried about storing the full key set on a validating router. i am worried about crypto load on validating and signing routers near the core. we're still trying to think about the bgpsec downgrade attack issue. some suggestions might need topologic declarations analogous to those of aspa. bgpsec needs a bit more work/study; and we're trying. aspa is closer to testable deployment if folk would stop rat-holing over useless corner cases. but, as i said in a previous, in the short term ncc resources might be better spent on reliable publication services. but unlike others, i do not pretend to understand the ncc's resources and/or planning. randy