Re: Optimizing Authentication - periodic re-authentication

Rahman <reshad@yahoo.com> Thu, 01 February 2024 01:38 UTC

Content-Type: multipart/alternative; boundary="Apple-Mail-51F5623F-FA5C-4129-9203-090C5874BBE7"
Content-Transfer-Encoding: 7bit
From: Rahman <reshad@yahoo.com>
Mime-Version: 1.0 (1.0)
Subject: Re: Optimizing Authentication - periodic re-authentication
Date: Wed, 31 Jan 2024 17:38:03 -0800
Message-Id: <8B34FDE7-C8EC-4792-A14A-1D76AA0A215A@yahoo.com>
References: <9491CBCF-AAEA-4CF0-A07C-CB2E270EB125@pfrc.org>
Cc: draft-ietf-bfd-optimizing-authentication@ietf.org, rtg-bfd@ietf.org
In-Reply-To: <9491CBCF-AAEA-4CF0-A07C-CB2E270EB125@pfrc.org>
To: Jeffrey Haas <jhaas@pfrc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/HvE_vPDhMjXWX0f7KbFsima-mxg>
Precedence: list

Hi,

My only comment is we should be explicit about the action taken when we detect that the session has been compromised (no F received).

Regards,

Reshad.

Sent from my iPhone

On Jan 31, 2024, at 11:06 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:

Reshad,

On Jan 30, 2024, at 12:28 AM, Rahman <reshad@yahoo.com> wrote:

Jeff, good catch.

We can document both ways, ie we can let implementations decide which of the 2 methods below they prefer? Or is the concern that this will cause a DISCUSS?

Mahesh has proposed the fix for the next rev in this pull request:

https://github.com/bfd-wg/optimized-auth/pull/19/files" class="" rel="nofollow">https://github.com/bfd-wg/optimized-auth/pull/19/files

-- Jeff

Optimizing Authentication - periodic re-authentic… Jeffrey Haas
Re: Optimizing Authentication - periodic re-authe… Rahman
Re: Optimizing Authentication - periodic re-authe… Alan DeKok
Re: Optimizing Authentication - periodic re-authe… Jeffrey Haas
Re: Optimizing Authentication - periodic re-authe… Rahman
Re: Optimizing Authentication - periodic re-authe… Mahesh Jethanandani