Re: New Version Notification for draft-ietf-bfd-optimizing-authentication-02.txt
"Reshad Rahman (rrahman)" <rrahman@cisco.com> Fri, 24 March 2017 20:33 UTC
Return-Path: <rrahman@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B45CC12950C for <rtg-bfd@ietfa.amsl.com>; Fri, 24 Mar 2017 13:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VVJ897G7oR25 for <rtg-bfd@ietfa.amsl.com>; Fri, 24 Mar 2017 13:33:50 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C3AD128854 for <rtg-bfd@ietf.org>; Fri, 24 Mar 2017 13:33:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3653; q=dns/txt; s=iport; t=1490387630; x=1491597230; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=YtCMNCUhWxNOXKAwOhtLCrQt9nLq/gvbTOEddknmqyo=; b=hCaMlVwpk6w0/MeyJmnErs82DOFvX3Zq9bgUqrZdlPARCp9XSNnvSTV9 LqhLUUidw47LJB765LgqojmD4pTyWEq6U57RT7iUcJKVQp4zL3SIvRRvR y4JvXpNtl+pKNccLMAavphrCE6B/qqePJipLpxZm+Pxf27JBEY0Sg5Pki I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AVAQAPgtVY/4ENJK1dGQEBAQEBAQEBAQEBBwEBAQEBg1RhgQsHjWqRT4gWjTOCDiyFdgKDKT8YAQIBAQEBAQEBayiFFQEBAQECAXAHAhACAQgOCi4hESUCBAENBYlvAw0IDqxNhzENgwcBAQEBAQEBAQEBAQEBAQEBAQEBAQEdhk6Eb4JRRoE9hWUBBI9gQYt+OgGGeocahDaBfFSEVoNXhjOIV4IWiHcBHziBBFkVGIU3gUp1iHqBDQEBAQ
X-IronPort-AV: E=Sophos;i="5.36,216,1486425600"; d="scan'208";a="401674903"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Mar 2017 20:33:49 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-9.cisco.com (8.14.5/8.14.5) with ESMTP id v2OKXnSR023459 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 24 Mar 2017 20:33:49 GMT
Received: from xch-rcd-005.cisco.com (173.37.102.15) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 24 Mar 2017 15:33:48 -0500
Received: from xch-rcd-005.cisco.com ([173.37.102.15]) by XCH-RCD-005.cisco.com ([173.37.102.15]) with mapi id 15.00.1210.000; Fri, 24 Mar 2017 15:33:48 -0500
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>, Jeffrey Haas <jhaas@pfrc.org>
CC: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
Subject: Re: New Version Notification for draft-ietf-bfd-optimizing-authentication-02.txt
Thread-Topic: New Version Notification for draft-ietf-bfd-optimizing-authentication-02.txt
Thread-Index: AQHSZiLAlo/tJTTLxUS5nmkdrVBMBaEn33GAgHou7gCAAGrigIAChyAA
Date: Fri, 24 Mar 2017 20:33:48 +0000
Message-ID: <D4FAA4A3.26E146%rrahman@cisco.com>
References: <148349024330.27920.12965506868600849117.idtracker@ietfa.amsl.com> <FEA9EB6F-D251-4F14-B854-C904A763EA63@gmail.com> <20170322193508.GT7253@pfrc.org> <B1E275DE-F3DB-43B6-8DDA-ABA86D6C5605@gmail.com>
In-Reply-To: <B1E275DE-F3DB-43B6-8DDA-ABA86D6C5605@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.8.160830
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.86.242.190]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <920DF8569708BE4282264922C4F08870@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/1M_ZaSFADzxxlKYygm5l3Zk2yx8>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 20:33:53 -0000
Hi Mahesh, Couple of questions/comments: 1) I thought the secure sequence number was needed for the NULL Auth TLV in the optimizing-authentication draft (to make NULL Auth TLV more secure as per comments from security folks). I guess it could be used with full authentication also. So I don¹t understand how secure sequence number can be used ³standalone² as seems to be implied by your cost/benefit table below. 2) Section 2 mentions ³If the two ends have not previously negotiated which frames they will transmit or receive with authentication enabled, then the BFD session will fail to come up, because at least one end will expect every frame to be authenticated.² How is this negotiation done? Or is this done via configuration aka outside the scope of this document? Regards, Reshad. On 2017-03-22, 9:57 PM, "Rtg-bfd on behalf of Mahesh Jethanandani" <rtg-bfd-bounces@ietf.org on behalf of mjethanandani@gmail.com> wrote: > >> On Mar 22, 2017, at 12:35 PM, Jeffrey Haas <jhaas@pfrc.org> wrote: >> >> This update is scheduled to be discussed at the upcoming session at >>IETF-98 >> in Chicago. >> >> The likely discussion is whether the new draft from Sonal should be >> specifically tied to the advancement of the optimization draft. Our >>prior >> discussion with Alan had suggested some concern about the sequence >>number >> issues when we're using NULL authentication. >> >> I suspect some good discussion will happen on this topic at the upcoming >> session and encourage the members of the Working Group to read both >>drafts >> in preparation. > >Yes, it would be helpful to read both the drafts in preparation for the >discussion. > >Optimized authentication is not a substitute for sequence number >obfuscation draft, and vice-versa. They offer different levels of >cost/benefit, where > >Draft Cost Benefit >==== ==== ====== >sequence number obfuscation Low Medium (does not authenticate >the complete packet) >optimized authentication Medium High (authenticates >entire ³state change² packets) >full authentication High High >(authenticates all packets) > >> >> -- Jeff >> >>> On Jan 3, 2017, at 4:37 PM, internet-drafts@ietf.org wrote: >>> >>> >>> A new version of I-D, draft-ietf-bfd-optimizing-authentication-02.txt >>> has been successfully submitted by Mahesh Jethanandani and posted to >>>the >>> IETF repository. >>> >>> Name: draft-ietf-bfd-optimizing-authentication >>> Revision: 02 >>> Title: Optimizing BFD Authentication >>> Document date: 2017-01-05 >>> Group: bfd >>> Pages: 8 >>> URL: >>>https://www.ietf.org/internet-drafts/draft-ietf-bfd-optimizing-authentic >>>ation-02.txt >>> Status: >>>https://datatracker.ietf.org/doc/draft-ietf-bfd-optimizing-authenticatio >>>n/ >>> Htmlized: >>>https://tools.ietf.org/html/draft-ietf-bfd-optimizing-authentication-02 >>> Diff: >>>https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-optimizing-authenticati >>>on-02 >>> >>> Abstract: >>> This document describes an optimization to BFD Authentication as >>> described in Section 6.7 of BFD [RFC5880]. >>> >>> >>> >>> >>> >>> Please note that it may take a couple of minutes from the time of >>>submission >>> until the htmlized version and diff are available at tools.ietf.org. >>> >>> The IETF Secretariat >> >
- Re: New Version Notification for draft-ietf-bfd-o… Jeffrey Haas
- Re: New Version Notification for draft-ietf-bfd-o… Mahesh Jethanandani
- Re: New Version Notification for draft-ietf-bfd-o… Reshad Rahman (rrahman)
- Re: New Version Notification for draft-ietf-bfd-o… Greg Mirsky
- Re: New Version Notification for draft-ietf-bfd-o… Mahesh Jethanandani
- Re: New Version Notification for draft-ietf-bfd-o… Reshad Rahman (rrahman)