RE: Request for WG adoption of draft-mahesh-bfd-authentication
Gregory Mirsky <gregory.mirsky@ericsson.com> Wed, 25 November 2015 01:33 UTC
Return-Path: <gregory.mirsky@ericsson.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51A7A1ACD11; Tue, 24 Nov 2015 17:33:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.201
X-Spam-Level:
X-Spam-Status: No, score=-104.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id afIWCHg1EuCi; Tue, 24 Nov 2015 17:33:11 -0800 (PST)
Received: from usevmg20.ericsson.net (usevmg20.ericsson.net [198.24.6.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E8B61ACD0D; Tue, 24 Nov 2015 17:33:11 -0800 (PST)
X-AuditID: c618062d-f799d6d000000ec2-26-5654bdf91aa8
Received: from EUSAAHC003.ericsson.se (Unknown_Domain [147.117.188.81]) by usevmg20.ericsson.net (Symantec Mail Security) with SMTP id 12.A9.03778.9FDB4565; Tue, 24 Nov 2015 20:43:53 +0100 (CET)
Received: from EUSAAMB103.ericsson.se ([147.117.188.120]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.03.0248.002; Tue, 24 Nov 2015 20:33:10 -0500
From: Gregory Mirsky <gregory.mirsky@ericsson.com>
To: Dacheng Zhang <dacheng.zdc@alibaba-inc.com>, Marc Binderberger <marc@sniff.de>, "Reshad Rahman (rrahman)" <rrahman@cisco.com>, "draft-mahesh-bfd-authentication@ietf.org" <draft-mahesh-bfd-authentication@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: RE: Request for WG adoption of draft-mahesh-bfd-authentication
Thread-Topic: Request for WG adoption of draft-mahesh-bfd-authentication
Thread-Index: AQHRI4t1BhxwWi4DrkqzzQbDKMhgLp6mm9wAgARy5ID//66DQIAAXl8AgADfazA=
Date: Wed, 25 Nov 2015 01:33:09 +0000
Message-ID: <7347100B5761DC41A166AC17F22DF1122194890E@eusaamb103.ericsson.se>
References: <D2747638.109021%rrahman@cisco.com> <20151121022956672568.a3e4948f@sniff.de> <D27A1EEE.300E7%dacheng.zdc@alibaba-inc.com> <7347100B5761DC41A166AC17F22DF11221947B4A@eusaamb103.ericsson.se> <D27A2E00.30120%dacheng.zdc@alibaba-inc.com>
In-Reply-To: <D27A2E00.30120%dacheng.zdc@alibaba-inc.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.9]
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPIsWRmVeSWpSXmKPExsUyuXRPoO7PvSFhBvuWqFpMfn6W0eJG3wx2 i9lX/jNbXFvRym7x+c82Rovpe6+xO7B5THz7kcVjyu+NrB5ru6+yeSxZ8pPJo3V1N0sAaxSX TUpqTmZZapG+XQJXxupDX9kKNghVvPv9h7GBsYW/i5GTQ0LAROLy1elsELaYxIV764FsLg4h gSOMEju+TGeBcJYzSnT9nMkCUsUmYCTxYmMPO4gtItDPJDH9lTuIzSygKdF04jNYXFjAXeLZ j61QNR4SxzYvYYOw/SQ2te1h7GLk4GARUJW4dl8EJMwr4CsxYeknVohdfxgl1u+dzAqS4BSw lDi36zfYXkag676fWsMEsUtc4taT+UwQVwtILNlznhnCFpV4+fgfK4StKLGvfzo7RL2+xJ6J p1ggbG2JZQtfM0MsFpQ4OfMJywRGsVlIxs5C0jILScssJC0LGFlWMXKUFqeW5aYbGWxiBEbb MQk23R2Me15aHmIU4GBU4uHdsDkkTIg1say4MvcQowQHs5IIr+Q7oBBvSmJlVWpRfnxRaU5q 8SFGaQ4WJXHe/UvuhwoJpCeWpGanphakFsFkmTg4pRoYhW/3twu3uvLlHmAvbHm5ad+abfs/ 8aS+5qyv3yUm9MSl5Vj1pMZVfLG/4lJlk1qff/DoPZH6YIWnaSSriYmpVYfVZfnr07rkRa9w HDy8vHLJ7bYsoxm94jLrfVddvLv8B+/lv22ZHCp7kt97Fv7RkD+Rc2nHxf7/vYwbfCZ7nK6K tz+tu+S1EktxRqKhFnNRcSIA2e2LLbICAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/0iArRT2HDGwQq0_VuA1w6Bh1FX8>
Cc: "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 01:33:13 -0000
Hi Dacheng, HW became more capable and we, one hopes, wiser. Perhaps it's time to re-visit our options. Regards, Greg -----Original Message----- From: Dacheng Zhang [mailto:dacheng.zdc@alibaba-inc.com] Sent: Monday, November 23, 2015 11:12 PM To: Gregory Mirsky; Marc Binderberger; Reshad Rahman (rrahman); draft-mahesh-bfd-authentication@ietf.org; Stephen Farrell Cc: rtg-bfd@ietf.org Subject: Re: Request for WG adoption of draft-mahesh-bfd-authentication 在 15-11-24 下午2:46, "Gregory Mirsky" <gregory.mirsky@ericsson.com> 写入: >Dear All, >I'd like to share comment by Security AD Stephen Farrell on a work that >is directly related to BFD, draft-ietf-mpls-lsp-ping-mpls-tp-oam-conf >(hope it is OK to raise security awareness in BFD community): > >> - 2.1.1, is there any chance of moving on from the "Keyed SHA1" >> >> from RFC5880 to e.g. HMAC-SHA256 for this? We're generally trying to >> get that kind of transition done as we can and moving to use of a >> standard integrity check rather than a more home-grown one has some >> benefits. The HMAC-SHA1-like thing you're doing is still probably ok, >> (though could maybe do with crypto eyeballs on it as there may have >> been relevant new results since 2010) but future-proofing would >> suggest moving to HMAC-SHA256 if we can. (I can imagine such a change >> might require a new document, but am asking anyway:-) >> >> GIM>> The fact is that we're bound by what is defined in RFC 5880. > >I wonder for how long though, that's now a five year old RFC. >Assuming it takes a few years for new deployments to pick up new >algorithms, isn't it time that a whole bunch of algorithm choices were >revisited? > >> There was a proposal to strengthen BFD security BFD Generic >>Cryptographic >>Authentication<http://tools.ietf.org/html/draft-bhatia-bfd-crypto-auth >>-03 >>> but the document had expired. > >Pity that. I am one of the co-author of that draft. We didn’t try to update document because we got the feedback from the group that the influence on the performance is a big concern. That is why I raised the question in the last email whether it is a good time for us to re-consider the usage of aha-2 in BFD. >
- Request for WG adoption of draft-mahesh-bfd-authe… Reshad Rahman (rrahman)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Marc Binderberger
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- RE: Request for WG adoption of draft-mahesh-bfd-a… Gregory Mirsky
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- RE: Request for WG adoption of draft-mahesh-bfd-a… Gregory Mirsky
- RE: Request for WG adoption of draft-mahesh-bfd-a… Mach Chen
- Re: Request for WG adoption of draft-mahesh-bfd-a… Manav Bhatia
- Re: Request for WG adoption of draft-mahesh-bfd-a… Rajeev G Nair (rajeenai)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- Re: Request for WG adoption of draft-mahesh-bfd-a… Loa Andersson
- Re: Request for WG adoption of draft-mahesh-bfd-a… Dacheng Zhang
- Re: Request for WG adoption of draft-mahesh-bfd-a… Manav Bhatia
- RE: Request for WG adoption of draft-mahesh-bfd-a… Santosh P K
- Re: Request for WG adoption of draft-mahesh-bfd-a… Mahesh Jethanandani
- Re: Request for WG adoption of draft-mahesh-bfd-a… Mahesh Jethanandani
- Re: Request for WG adoption of draft-mahesh-bfd-a… Rajeev G Nair (rajeenai)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas
- Re: Request for WG adoption of draft-mahesh-bfd-a… Rajeev G Nair (rajeenai)
- Re: Request for WG adoption of draft-mahesh-bfd-a… Manav Bhatia
- Re: Request for WG adoption of draft-mahesh-bfd-a… Jeffrey Haas