Re: New Version Notification for draft-ietf-bfd-optimizing-authentication-02.txt
Greg Mirsky <gregimirsky@gmail.com> Sat, 25 March 2017 22:21 UTC
Return-Path: <gregimirsky@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57A6812944D for <rtg-bfd@ietfa.amsl.com>; Sat, 25 Mar 2017 15:21:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bl1eCBbxpkgF for <rtg-bfd@ietfa.amsl.com>; Sat, 25 Mar 2017 15:21:45 -0700 (PDT)
Received: from mail-ot0-x234.google.com (mail-ot0-x234.google.com [IPv6:2607:f8b0:4003:c0f::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E61B1293F3 for <rtg-bfd@ietf.org>; Sat, 25 Mar 2017 15:21:45 -0700 (PDT)
Received: by mail-ot0-x234.google.com with SMTP id 102so1718611otv.0 for <rtg-bfd@ietf.org>; Sat, 25 Mar 2017 15:21:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3Sh7xbxMZc6k7hNri7ylyTBIx3ksyFALbnsGzkCCFtY=; b=b4JKIOdAlkTUCarcQ/iFRYMY5Xpqb7CEZJCeABz6HqGG/XVjLbrdlWVKjTIF1+S59u 9LDHw6BMlFQ4Ih/aMhSkl/aI5XxYaJ+M2kAYxzaRzPJIzLty336Z3yDv6wEHq+mt+GVh 9ntQGfqAYPVG3kTVKS3oPracsISI2FZoOPxbDOR0jSW3D8ShrTAf2NboUovrGPe59aaw 4T0wCDHbYVjLTPEWC7ls107JhkwtNnZyrDV6mb6mCbSdoY4dgK8fzobSfJIitczIhNiu E++POnOmKk7osQmuRuS6ttfG+n1FlhMaR7Ip13qNcOEWxqbO8JxClXofq0nc+TXK1fhb uFQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3Sh7xbxMZc6k7hNri7ylyTBIx3ksyFALbnsGzkCCFtY=; b=ufSH7fTDIj9N9+K2MUGr0vyPJBDjPhnJPXogwRade/MQ4vtf4lz5XEwZ1HAqiHNw46 9qeRanHTTndCCOPc5iqS83Kwkb31kBgCt+ZnjeX1RzJcaleFa+BlcadbKQeJQ6WpaKmi M3pf5ZeFLSbvvuo86h7boSHLI0CHeUYK7Gy95EVZg2e4TfMykmCwwjl69SWN5kWw0u2Z ozyS5cXRWO7wG/DObfTcIBHpSZpwlopzHSgNPbrL2/JrG/J+bYmIT4QATN7jvY8vFwUZ TdN3Ta2TVgbAo7DYLD82XSejr8CB6XRnsraT7po9ivbB91l9llin6J1p8zbAhCJdfuBX Nrsg==
X-Gm-Message-State: AFeK/H1MTD3w6gGl9n02wSr9ZEfY5X7K3c3yw5hQbVVFrrC0viHHh5bvNIYhp45WlYrlkYw4VrX+9y/I31bg+Q==
X-Received: by 10.157.88.29 with SMTP id r29mr1617696oth.68.1490480504645; Sat, 25 Mar 2017 15:21:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.21.21 with HTTP; Sat, 25 Mar 2017 15:21:44 -0700 (PDT)
In-Reply-To: <D4FAA4A3.26E146%rrahman@cisco.com>
References: <148349024330.27920.12965506868600849117.idtracker@ietfa.amsl.com> <FEA9EB6F-D251-4F14-B854-C904A763EA63@gmail.com> <20170322193508.GT7253@pfrc.org> <B1E275DE-F3DB-43B6-8DDA-ABA86D6C5605@gmail.com> <D4FAA4A3.26E146%rrahman@cisco.com>
From: Greg Mirsky <gregimirsky@gmail.com>
Date: Sat, 25 Mar 2017 17:21:44 -0500
Message-ID: <CA+RyBmXdYvXd=PjfcyssYViTG-wa+t4-m4+XFu1x9e4ukoBjqw@mail.gmail.com>
Subject: Re: New Version Notification for draft-ietf-bfd-optimizing-authentication-02.txt
To: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
Cc: Mahesh Jethanandani <mjethanandani@gmail.com>, Jeffrey Haas <jhaas@pfrc.org>, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
Content-Type: multipart/alternative; boundary="f4030435b04c062f68054b958978"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/35yIZidUTK4GM9XMOcg-CRiYQDg>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Mar 2017 22:21:47 -0000
Dear Authors, thank you for the update but I still cannot find description of how the proposed authentication mechanism, should we refer to it as "triggered authentication", as it applies to use of authentication upon state change as well as timer expiration, affects BFD State Machine. I do believe that, especially when state is Up and authentication triggered by a timer, BFD state machine must be updated to clarify when the received authenticated packet is validated. I'm looking forward to discussion at the meeting. Regards, Greg On Fri, Mar 24, 2017 at 3:33 PM, Reshad Rahman (rrahman) <rrahman@cisco.com> wrote: > Hi Mahesh, > > Couple of questions/comments: > > 1) I thought the secure sequence number was needed for the NULL Auth TLV > in the optimizing-authentication draft (to make NULL Auth TLV more secure > as per comments from security folks). I guess it could be used with full > authentication also. So I don¹t understand how secure sequence number can > be used ³standalone² as seems to be implied by your cost/benefit table > below. > 2) Section 2 mentions ³If the two ends have not previously negotiated > which frames they will transmit or receive with authentication enabled, > then the BFD session will fail to come up, because at least one end will > expect every frame to be authenticated.² How is this negotiation done? Or > is this done via configuration aka outside the scope of this document? > > > Regards, > Reshad. > > On 2017-03-22, 9:57 PM, "Rtg-bfd on behalf of Mahesh Jethanandani" > <rtg-bfd-bounces@ietf.org on behalf of mjethanandani@gmail.com> wrote: > > > > >> On Mar 22, 2017, at 12:35 PM, Jeffrey Haas <jhaas@pfrc.org> wrote: > >> > >> This update is scheduled to be discussed at the upcoming session at > >>IETF-98 > >> in Chicago. > >> > >> The likely discussion is whether the new draft from Sonal should be > >> specifically tied to the advancement of the optimization draft. Our > >>prior > >> discussion with Alan had suggested some concern about the sequence > >>number > >> issues when we're using NULL authentication. > >> > >> I suspect some good discussion will happen on this topic at the upcoming > >> session and encourage the members of the Working Group to read both > >>drafts > >> in preparation. > > > >Yes, it would be helpful to read both the drafts in preparation for the > >discussion. > > > >Optimized authentication is not a substitute for sequence number > >obfuscation draft, and vice-versa. They offer different levels of > >cost/benefit, where > > > >Draft Cost Benefit > >==== ==== ====== > >sequence number obfuscation Low Medium (does not authenticate > >the complete packet) > >optimized authentication Medium High (authenticates > >entire ³state change² packets) > >full authentication High High > >(authenticates all packets) > > > >> > >> -- Jeff > >> > >>> On Jan 3, 2017, at 4:37 PM, internet-drafts@ietf.org wrote: > >>> > >>> > >>> A new version of I-D, draft-ietf-bfd-optimizing-authentication-02.txt > >>> has been successfully submitted by Mahesh Jethanandani and posted to > >>>the > >>> IETF repository. > >>> > >>> Name: draft-ietf-bfd-optimizing-authentication > >>> Revision: 02 > >>> Title: Optimizing BFD Authentication > >>> Document date: 2017-01-05 > >>> Group: bfd > >>> Pages: 8 > >>> URL: > >>>https://www.ietf.org/internet-drafts/draft-ietf- > bfd-optimizing-authentic > >>>ation-02.txt > >>> Status: > >>>https://datatracker.ietf.org/doc/draft-ietf-bfd- > optimizing-authenticatio > >>>n/ > >>> Htmlized: > >>>https://tools.ietf.org/html/draft-ietf-bfd-optimizing-authentication-02 > >>> Diff: > >>>https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd- > optimizing-authenticati > >>>on-02 > >>> > >>> Abstract: > >>> This document describes an optimization to BFD Authentication as > >>> described in Section 6.7 of BFD [RFC5880]. > >>> > >>> > >>> > >>> > >>> > >>> Please note that it may take a couple of minutes from the time of > >>>submission > >>> until the htmlized version and diff are available at tools.ietf.org. > >>> > >>> The IETF Secretariat > >> > > > >
- Re: New Version Notification for draft-ietf-bfd-o… Jeffrey Haas
- Re: New Version Notification for draft-ietf-bfd-o… Mahesh Jethanandani
- Re: New Version Notification for draft-ietf-bfd-o… Reshad Rahman (rrahman)
- Re: New Version Notification for draft-ietf-bfd-o… Greg Mirsky
- Re: New Version Notification for draft-ietf-bfd-o… Mahesh Jethanandani
- Re: New Version Notification for draft-ietf-bfd-o… Reshad Rahman (rrahman)