Re: I-D Action: draft-ietf-bfd-optimizing-authentication-10.txt

Jeffrey Haas <jhaas@pfrc.org> Thu, 23 July 2020 15:45 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F8953A0A43 for <rtg-bfd@ietfa.amsl.com>; Thu, 23 Jul 2020 08:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M8niIH6Z2Raa for <rtg-bfd@ietfa.amsl.com>; Thu, 23 Jul 2020 08:45:42 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 496F53A0A0A for <rtg-bfd@ietf.org>; Thu, 23 Jul 2020 08:45:41 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id BDCC11E2FB; Thu, 23 Jul 2020 11:56:32 -0400 (EDT)
Date: Thu, 23 Jul 2020 11:56:32 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Manav Bhatia <manavbhatia@gmail.com>
Cc: "Reshad Rahman (rrahman)" <rrahman=40cisco.com@dmarc.ietf.org>, Mahesh Jethanandani <mjethanandani@gmail.com>, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
Subject: Re: I-D Action: draft-ietf-bfd-optimizing-authentication-10.txt
Message-ID: <20200723155632.GA8728@pfrc.org>
References: <159466724499.14803.15233027731222579839@ietfa.amsl.com> <FC5206AF-9CDB-4CC2-9967-B4BF5A17141B@gmail.com> <20200721004857.GB31779@pfrc.org> <2C632683-57D0-4E40-809E-6A907B38CDB5@gmail.com> <AF1DDAD1-D362-4BCA-A2D6-EB1477BDBDEF@cisco.com> <CAG1kdoifsdnawsB8jhcDMbprQt4e8p0g3rxxD2Wuw+5pH79e1g@mail.gmail.com> <20200723141024.GC6821@pfrc.org> <CAG1kdojpsKVnC1tr6fj7cuxu4wC7TGtx-hyVcDaxf1bJYrfBMA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG1kdojpsKVnC1tr6fj7cuxu4wC7TGtx-hyVcDaxf1bJYrfBMA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/DraPZXYQCEE6_SNevjQrKxDGI9c>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 15:45:43 -0000

Manav,

On Thu, Jul 23, 2020 at 08:19:26PM +0530, Manav Bhatia wrote:
> I am sorry I dont understand this point.
> 
> I would like to stick to NULL because it's less prone to
> implementation/inter-op bugs where you dont need to keep changing the kind
> of auth you use depending upon where you are in your finite state machine
> (FSM). And moreover, doing an AUTH adds no security to the protocol.

The premise of the draft is that more expensive ciphers are expensive 
AT RATE  AND SCALE.  

Init and Down sessions are 1pps.

The rate portion of the argument is no longer a point of concern.

I agree that it adds no additional security per our analysis.  However, I
expect this dialog to happen with the security ADs.  Their typical answer is
"if you could secure it, you should".

If they don't start this conversation, we're done. :-)

-- Jeff