Re: Comments on draft-ietf-bfd-secure-sequence-numbers-12.txt
Jeffrey Haas <jhaas@pfrc.org> Wed, 17 January 2024 14:40 UTC
Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86B7FC14F61B; Wed, 17 Jan 2024 06:40:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D3zL5U7ZjjR6; Wed, 17 Jan 2024 06:40:40 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id C9B62C14F6A9; Wed, 17 Jan 2024 06:40:39 -0800 (PST)
Received: from smtpclient.apple (172-125-100-52.lightspeed.livnmi.sbcglobal.net [172.125.100.52]) by slice.pfrc.org (Postfix) with ESMTPSA id D956D1E039; Wed, 17 Jan 2024 09:40:38 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_FCC128C1-5140-44E4-A30E-AC528474B566"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
Subject: Re: Comments on draft-ietf-bfd-secure-sequence-numbers-12.txt
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: <481615F0-F0B4-432A-8A8B-08DAB8BE5B9D@deployingradius.com>
Date: Wed, 17 Jan 2024 09:40:37 -0500
Cc: rtg-bfd WG <rtg-bfd@ietf.org>, draft-ietf-bfd-secure-sequence-numbers@ietf.org
Message-Id: <5B2CABEF-C7AB-4AD1-8B37-11972E4CF8A2@pfrc.org>
References: <170130738712.52125.9313047708000913054@ietfa.amsl.com> <20240115232214.GB20424@pfrc.org> <E718BC59-7496-4E73-A4D9-AA5015DD9449@deployingradius.com> <EF836FF4-708A-4985-8FD1-56CD4EC4943E@pfrc.org> <422E5293-1B87-415E-A49C-F5940DFF01A4@deployingradius.com> <DDE71390-FF3F-4B28-9E06-D5D28973F5AF@pfrc.org> <481615F0-F0B4-432A-8A8B-08DAB8BE5B9D@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/8IGbeiP2JMooPCoHQMli6cWKZK0>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jan 2024 14:40:42 -0000
Alan, > On Jan 16, 2024, at 6:47 PM, Alan DeKok <aland@deployingradius.com> wrote: > > On Jan 16, 2024, at 12:00 PM, Jeffrey Haas <jhaas@pfrc.org> wrote: >> This means the two scenarios we have during the first transition to ISAAC in the face of packet loss are: >> 1. It's on "this" page. >> 2. It's on the prior page. > > The simple solution to page issues is to just require that there be no more than 255 lost packets allowed. That way the current packet is always in the first page of derived ISAAC values. I've reviewed the relevant text for the "search" and think it's correct. A possible tweak: <t>If a calculated key at index "I" does match the Auth Key in the packet, then the bfd.MetKeyIsaacRcvAuthIndex field is initialized to this value. THe bfd.MetKeyIsaacRcvAuthBase field is then initialized to contain the value of bfd.RcvAuthSeq, minus the value of bfd.MetKeyIsaacRcvAuthIndex. This process allows the pseudo-random stream to be re-synchronized in the event of lost packets.</t> Effectively, bfd.MetKeyIsaacRcvAuthBase is the sequence number at which ISAAC was first found valid. This may be a lost packet. Working this into the text may help clarify this scenario for implementors. > > For now, I've largely reworked the text. The new text is at: https://github.com/mjethanandani/bfd-secure-sequence-numbers/tree/v14-alan Thanks. These comments are against the current snapshot at that repository. Note that the repository doesn't currently compile so I'm reviewing this via the .xml. A thought about the receiving mode: <t>Note that in some cases, calculating the expected output of ISAAC will result in the creation of a new "page" of 256 numbers. This process will irreversible, and will destroy the current "page". As a result, if the generation of a new output will create a new "page", the receiving party MUST save a copy of the entire ISAAC state before proceeding with this calculation. If the outputs match, then the saved copy can be discarded, and the new ISAAC state is used. If the outputs do not match, then the saved copy MUST be restored, and the modified copy discarded, or cached for later use.</t> Similar to our prior discussion about determining the first sequence number of synchronizing ISAAC page 0, we can observe that we should only generate the next page of the ISAAC table if the received sequence number is in the expected range for an Up session. This means that on an attack where the attacker is generating a sequence number greater than the actual sequence number, we generate at most the next table, which will eventually be valid for an Up session. Those invalid packets will not validate, but can at most cause us to do the work "early". The related requirement would be that we have the "current" page associated with the most recently valid sequence number, and one possible pending "next" page. <t>bfd.MetKeyIsaacRcvKeyKnown</t> <li>A boolean value which indicates whether or not the system knows the receive key for the Meticulous Keyed ISAAC Auth Type method. The initial value is "false". This value is changed to "true" when a party sees that the other party has started to use the Meticulous Keyed ISAAC Auth Type method.</li> I think this changes to true the first time we see an _acceptable_ ISAAC authenticated PDU. I.e. we're not permitting the local state to be set and spoiled by invalid inputs. > > The reworked text doesn't address all of your review, but it does go into great detail into how to initialize and operate meticulous keyed ISAAC. If defines a large number of variables specific to this Auth Type method. That may seem surprising, but I think that the resulting text was made clearer. > > The document still needs updates to address the other comments in your review, but it's late here, and the bulk of the work seems to be done. I'll do more tomorrow, in order to get this off of my plate. This is very close to done. Thanks for helping drive this to conclusion. -- Jeff
- I-D Action: draft-ietf-bfd-secure-sequence-number… internet-drafts
- Comments on draft-ietf-bfd-secure-sequence-number… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Mahesh Jethanandani
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok