IETF Logo Mail Archive

draft-ietf-bfd-optimizing-authentication-13 nits

Jeffrey Haas <jhaas@pfrc.org> Thu, 18 January 2024 01:05 UTC

Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E1CBC14CE39; Wed, 17 Jan 2024 17:05:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2dAKm6ymX3l; Wed, 17 Jan 2024 17:05:08 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id BF7E2C151079; Wed, 17 Jan 2024 17:05:04 -0800 (PST)
Received: from smtpclient.apple (172-125-100-52.lightspeed.livnmi.sbcglobal.net [172.125.100.52]) by slice.pfrc.org (Postfix) with ESMTPSA id 497891E039; Wed, 17 Jan 2024 20:05:03 -0500 (EST)
From: Jeffrey Haas <jhaas@pfrc.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
Date: Wed, 17 Jan 2024 20:05:02 -0500
Subject: draft-ietf-bfd-optimizing-authentication-13 nits
Cc: rtg-bfd WG <rtg-bfd@ietf.org>
To: draft-ietf-bfd-optimizing-authentication@ietf.org
Message-Id: <4F3695C8-3736-4E55-B5BB-84671FDC367E@pfrc.org>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/9NuVeMWr2MgqbVIJar6L6AIn7vc>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 01:05:12 -0000

Authors,

Since secure sequence numbers is heading toward WGLC, it's time to refresh this document and review it vs. secure sequence numbers, and bfd stability.

-----

From Introduction and some confusion about configuration and operational state:

"This document also proposes that all BFD control packets which signal a significant change MUST be authenticated if the session's bfd.AuthType is non-zero. Other BFD control packets MAY be transmitted and received without the A bit set."

There's a bit of semantic confusion here.  bfd.AuthType is what we use as our state and what we put in our packet.  And similarly, we're trying to say here that "authentication may not be required for some packets".

Part of where this is potentially confusing is that these mechanisms are documenting changes from one auth type to the other.

This means we have, leveraging management framework terminology, configuration state that represents "start with authentication X, which will use method 1 that goes into bfd.AuthType and user method 2 which also goes into bfd.AuthType".  This also has implications when we have this bit of composite configuration with regards to authentication that isn't expected (i.e. NULL when secure seq is configured) needs to be addressed.

For operational state, reflecting the active type may be fine, but reflecting the hybrid configuration state is also necessary.



One way to work through how to adjust the text is consider what the updates to the YANG module might look like.

1.2:
s/a demand model/a demand mode/

"configured interval" probably needs to be more specific to this mechanism.  In particular, this is the interval for how long before we retry strong authentication.

2. Authentication Mode:

The text in this section indicates that there are circumstances where no authentication (a-bit is off) is permissible.  However, the text then moves to discuss NULL authentication, which is authentication that still carries an a-bit, and has contents. This is likely from earlier work prior to realizing we want some form of anti-replay attack.

I suspect the correct thing to do here is move all text toward discussing the "non-authenticated" mode as the less encumbered authentication, of which this document defines the NULL method. 

The text for secure sequence numbers also is now incorrect since the mechanism has evolved.

3. NULL Auth Type.

The main text here in need of updating is the sequence numbers.  As we've worked through in the discussions for secure sequence numbers, we want the sequence numbers to be preserved across authentication mechanisms.

Is the answer to take the text we have in secure sequence numbers covering this detail and move them to this document?

-- Jeff

v2.23.0 | Report a Bug | By Email