IETF Logo Mail Archive

Re: Fwd: New Version Notification for draft-mahesh-bfd-authentication-01.txt

Jeffrey Haas <jhaas@pfrc.org> Fri, 02 October 2015 17:35 UTC

Return-Path: <jhaas@slice.pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 020251B2FA4 for <rtg-bfd@ietfa.amsl.com>; Fri, 2 Oct 2015 10:35:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.578
X-Spam-Level:
X-Spam-Status: No, score=-1.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id emonH2WUGn7A for <rtg-bfd@ietfa.amsl.com>; Fri, 2 Oct 2015 10:35:38 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 47F771A8771 for <rtg-bfd@ietf.org>; Fri, 2 Oct 2015 10:35:38 -0700 (PDT)
Received: by slice.pfrc.org (Postfix, from userid 1001) id 5FA0A1E38C; Fri, 2 Oct 2015 13:39:27 -0400 (EDT)
Date: Fri, 02 Oct 2015 13:39:26 -0400
From: Jeffrey Haas <jhaas@pfrc.org>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
Subject: Re: Fwd: New Version Notification for draft-mahesh-bfd-authentication-01.txt
Message-ID: <20151002173926.GP5754@pfrc.org>
References: <20150930022701.5965.79739.idtracker@ietfa.amsl.com> <D02E27D3-E349-4BD2-8AB4-2CFB2ED168B0@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <D02E27D3-E349-4BD2-8AB4-2CFB2ED168B0@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/F0KiVf96hXtsclkbpUJ6Y4pd8Ik>
Cc: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2015 17:35:39 -0000

Mahesh,

Thanks for the update to the document.  Here are a few comments on it.

On Tue, Sep 29, 2015 at 11:09:46PM -0700, Mahesh Jethanandani wrote:
> This version of the draft addresses concerns that were raised in IETF 92.
> The change is to carry a sequence number in every packet of BFD. Carrying
> a sequence number for authentication reasons is not new, but with
> selective authentication it helps detect MITM attack and has the benefit
> of detecting lost BFD frames.

The NULL auth carries overlap with draft-ashesh-bfd-stability.  The contents
and semantics are a bit different.  The two documents will have to be
reconciled with each other.

FWIW, I think the idea of supporting the session with null-auth is a good
one.

A place where I think the document needs to be more proscriptive is about
*when* you use the more aggressive crypto.  As I was working through the
possible modes, it almost seems as if anything that is intended to alter the
BFD Control packet prior to the Authentication section is a good idea.

I suspect Poll sequences are the most impacted by such logic.

At some point if the generic crypto draft resurrects we'll also have to
accommodate this proposal in it.

What's your intention for the document?  Time to ask for adoption?

-- Jeff

v2.23.0 | Report a Bug | By Email