IETF Logo Mail Archive

Re: I-D Action: draft-ietf-bfd-optimizing-authentication-06.txt

Mahesh Jethanandani <mjethanandani@gmail.com> Thu, 08 November 2018 08:39 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC6F2130F34 for <rtg-bfd@ietfa.amsl.com>; Thu, 8 Nov 2018 00:39:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eHPmL9fT92yR for <rtg-bfd@ietfa.amsl.com>; Thu, 8 Nov 2018 00:39:39 -0800 (PST)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EE2C130F29 for <rtg-bfd@ietf.org>; Thu, 8 Nov 2018 00:39:39 -0800 (PST)
Received: by mail-pg1-x533.google.com with SMTP id f8-v6so8567973pgq.5 for <rtg-bfd@ietf.org>; Thu, 08 Nov 2018 00:39:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=NGrlzicpu3fqRqYKAqiPuEmrSb1WFCo1sFq9Mwfb+9A=; b=ZWRzcQJ4KUydRU3wDr3eeN/WnKa0N49UwGV1mtISm9T8KAZumYmeA5v/6EeBeljHIn mVsOOLQnhLF2jgSNsvv8PK9Tt+b4tjZm1+VpH41A8fU+Gv1wW1lNY38Hm7cOSioHCZfY N7cEj3HGbG1JTmTX/AUF6DrtDRCOnkNP9djPzgai1+QCw1w4p7I9jRK7sIhyuHtDYrkz DmFkBDHjYOV6V9Z6dfMeHQWVow9Mp3llf58vKOAhTaemhxJgAOM1iEj9SS1lqj3i0oZ3 NypDZrferBvKkWyd3v4BNB2V8ETHIKQkBZq73rgbPntEPy/lrpN5EA0H3X1aUajVKZq8 xYVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=NGrlzicpu3fqRqYKAqiPuEmrSb1WFCo1sFq9Mwfb+9A=; b=N8nw4Ic6+bRabh1bfRByw8FPCLcefZQfOresKgy3e58IFN7VWIViJRAKxaywwBK0rd 2GA+Btsd1TDOj08zxz7KXNZCVmNSEx1TrxZQfXa59OICL7uUIoKQCvDZhATNcJIlZTM2 M5wxQyg+9zQAv7cVcUPY8r50U5gzG1QT/VzWEvH9q5XQi5n3xcy37Zbdv+iT535918yF ctDXgsHbmKq1hdVTVgl+xs4Zrs039ffmnhfGpwiGpNMtjPyxkneFHl7zQBq8l4zJPR4Z IDN9jV9icuZWbv/7W83hafl96z+QH0lzMxOjsv1lNiSmciVwZt5ncve/1jJh+moubRL0 uT1Q==
X-Gm-Message-State: AGRZ1gI80nKs5lknkvOEixSVEiWbq365bxt7Xazf0+kA13W8N4lCwocd DbehMcETQM+2CQ8wXmIbCeY9wkgc8fY=
X-Google-Smtp-Source: AJdET5c0jGkEA8Pbu4sHipcphdIJel5lG5K/BUig580P4H/yoq5JvQ7hK/SqT1srlDzXHLE1Bgf5pw==
X-Received: by 2002:a63:b90a:: with SMTP id z10-v6mr3051508pge.221.1541666378694; Thu, 08 Nov 2018 00:39:38 -0800 (PST)
Received: from ?IPv6:2001:67c:370:128:149a:bcbf:c39d:8127? ([2001:67c:370:128:149a:bcbf:c39d:8127]) by smtp.gmail.com with ESMTPSA id v14sm5489689pgf.3.2018.11.08.00.39.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Nov 2018 00:39:37 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <811C61AA-CE9D-4E2F-8D5D-D2CFED7777E4@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7FA1C00A-862E-41A0-9DFE-644D9DADA2DC"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: I-D Action: draft-ietf-bfd-optimizing-authentication-06.txt
Date: Thu, 08 Nov 2018 15:39:34 +0700
In-Reply-To: <5E580DDD-7504-4E58-B0FC-BA18DF9CE17C@gmail.com>
Cc: Greg Mirsky <gregimirsky@gmail.com>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
To: Jeffrey Haas <jhaas@pfrc.org>
References: <153930035253.7105.12758186259660848661@ietfa.amsl.com> <D4B8FC5E-7FCE-4E53-A00C-BFE1530F56FC@gmail.com> <CA+RyBmXMOJOamDDk4bJu3tvgPCRet4=1GZEZJBobrxDPxkB6jA@mail.gmail.com> <8FC1854D-DA08-48FB-A291-B293AB1464EF@gmail.com> <CA+RyBmWQ1MkAh8eAm2mYEczPGL=y9HYFMvRjj-P50JFiiqOGGA@mail.gmail.com> <20181029161026.GO12336@pfrc.org> <5E580DDD-7504-4E58-B0FC-BA18DF9CE17C@gmail.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/-lc4lCIy5KhdmNOkleF-hN4zWfc>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 08:39:48 -0000

Hi Jeff,

Version -07 of the draft addresses this comment. Thanks.

> On Oct 30, 2018, at 12:33 AM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
> 
> Hi Jeff,
> 
>> On Oct 29, 2018, at 9:10 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>> 
>> Mahesh,
>> 
>> On Mon, Oct 15, 2018 at 09:24:59PM -0700, Greg Mirsky wrote:
>>> thank you for your quick response. The comment regarding the state change,
>>> as I understand from the minutes, came from Jeff.
>>> Yes, the question was about the periodic authentication in Up state. I
>>> believe that at the meeting WG arrived at a very good solution and we've
>>> agreed to make the appropriate changes in the document. I don't think that
>>> the current version reflects the WG decision that in Up state authenticated
>>> BFD control packets are transmitted periodically in sets of not less than
>>> Detect Multiplier.
>> 
>> I think the text is very close to what we'd likely want.  Here's the text in
>> the current draft:
>> 
>> :    Most frames transmitted on a BFD session are BFD CC UP frames.
>> :    Authenticating a small subset of these frames, for example, a detect
>> :    multiplier number of packets per configured period, significantly
>> :    reduces the computational demand for the system while maintaining
>> :    security of the session across the configured authentication periods.
>> 
>> Given BFD procedures, I believe we'd normally want to transmit at *least*
>> Detect Multiplier number of packets to ensure that the remote site has seen it.
>> 
>> How about the following text?
>> 
>> Most frames transmitted on a BFD session are BFD CC UP frames.
>> Authenticating a small subset of these frames, significantly
>> reduces the computational demand for the system while maintaining
>> security of the session across the configured authentication periods.
>> A minimum of Detect Multiplier packets MUST be transmitted per configured
>> periodic authentication interval.  This ensures that the BFD session should
>> see at least one authenticated packet during that interval.
> 
> Ok. Will update and post once the submission window opens up.
> 
>> 
>> -- Jeff
> 
> Mahesh Jethanandani
> mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>
Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email