Secdir early review of draft-ietf-bfd-optimizing-authentication-16

Stephen Farrell via Datatracker <> Mon, 17 June 2024 13:54 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id C7AEAC1DA2DB; Mon, 17 Jun 2024 06:54:23 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell via Datatracker <>
Subject: Secdir early review of draft-ietf-bfd-optimizing-authentication-16
X-Test-IDTracker: no
X-IETF-IDTracker: 12.15.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <>
Date: Mon, 17 Jun 2024 06:54:23 -0700
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation;; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Reply-To: Stephen Farrell <>
List-Id: "RTG Area: Bidirectional Forwarding Detection" <>
Archived-At: <>
List-Archive: <>
List-Help: <>
List-Owner: <>
List-Post: <>
List-Subscribe: <>
List-Unsubscribe: <>

Reviewer: Stephen Farrell
Review result: Has Nits

This is an "early" secdir review. The document seems to be in WGLC though, so I'm not sure
how early this really is, or how malleable the draft may be. If it's not really that early
that's ok. I'd say you can consider these comments as nits. Please also consider me as a
BFD ignoramous, so I may be off-base in some of the comments below.

Generally the idea seems to be to avoid spending CPU on hashing except for cases where the
state changes, and with periodic checks that BFD auth is still working. That seems like an
ok idea to me, given the kinds of authentication that are defined for BFD.

- For security reviewers, it'd be great if there were a reference to something that sets out
the performance requirements for BFD, and justifies the claims that hashing is such a
burden. That's counterintuitive for people (like me) who consider hashing as fast. (And
md5 as broken, but that's a different matter:-) That text probably shouldn't be here but
it'd be good if there were a reference to it in most BFD security consdiderations sections.

- I wondered if the "optimized" terminology is best - say if someone figures out some new
way to optimise things using a different mechanism (e.g. some new way of amortising the cost
of hashing over more packets, or multiple links or something), wouldn't this terminology
then be a bit of a pain? Maybe it'd be better to name this as as a periodic or selective
authentication mechanism or something?

- The description in the yang text of the retry-interval seemed odd to me. It says "interval
of time after which a strong authentication should be enabled..." but should that be more
like "re-tried" rather than "enabled"?

- The security considerations says "If this interval is set very low, or very high, then it
will make optimization worthless." It might be worth stating that a very high interval value
would allow an attacker that much time to muck about (with whatever attack they're trying),
but I don't have a concrete attack in mind, so feel free to ignore this.

- looks like a typo in section 4: " there is problems" maybe "there are problems"?