Re: Comments on draft-ietf-bfd-secure-sequence-numbers-12.txt

Jeffrey Haas <> Tue, 16 January 2024 17:00 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AD439C14F738; Tue, 16 Jan 2024 09:00:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 58zvxjfzq426; Tue, 16 Jan 2024 09:00:02 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 0BBBFC14F736; Tue, 16 Jan 2024 09:00:01 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTPSA id F40221E039; Tue, 16 Jan 2024 12:00:00 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_985FAC79-3648-48AD-A7F7-8305C6473DDC"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.\))
Subject: Re: Comments on draft-ietf-bfd-secure-sequence-numbers-12.txt
From: Jeffrey Haas <>
In-Reply-To: <>
Date: Tue, 16 Jan 2024 12:00:00 -0500
Cc: rtg-bfd WG <>,
Message-Id: <>
References: <> <> <> <> <>
To: Alan DeKok <>
X-Mailer: Apple Mail (2.3696.
Archived-At: <>
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Jan 2024 17:00:03 -0000


> On Jan 16, 2024, at 11:47 AM, Alan DeKok <> wrote:
> On Jan 16, 2024, at 11:28 AM, Jeffrey Haas <> wrote:
>> Option 2:
>> Each side changing to ISAAC authentication knows that lost packets could be a problem.  The draft says the window we need to keep around is 3*Detect Mult as part of our receive procedures.  Ergo, as long as the side transitioning into ISAAC does so only at a sequence number such that it is within the 3*Detect Mult window, it's reasonable to expect that at least ONE of the packets is expected to get through to the remote side.
>  Yes.  The nice thing is we know how many packets we lost.  So if we have:
> bfd.AuthSeqKnown = 1, which means:
> bfd.RcvAuthSeq is also known
>  And then when we receive a packet which suddenly contains ISAAC, we have a "packet.AuthSeq" which is the sequence number in the received packet.
>  The difference between packet.AuthSeq and bfd.RcvAuthSeq is the number of "lost" packets.  We can then generate the first ISAAC page, and then simply run through the generated keys 0..255, finding one which matches.
>  Once we've found a matching key, we know it's index.  And we know the sequence number of the packet which was lost.  That sequence number becomes bfd.MetKeyIsaacPageBase, and everything proceeds as if there were no packets lost.

Hm.  I realize what you're saying here.  

It might be okay.

This means the two scenarios we have during the first transition to ISAAC in the face of packet loss are:
1. It's on "this" page.
2. It's on the prior page.

Based on the total packets lost and the modulus boundary, you can determine whether you even need to try the prior page as well.

So, the negative point here is that you may need to do the expensive computation at most twice to get in sync.

That said, it's worth providing text suggesting to implementors "this is an issue (here's the fix), try to avoid making the other side do that work by holding off switching until you're able to guarantee the other side should get it."

>> Side observation1: I no longer remember why RFC 5880 chose the 3* multiplier.
>> Side observation 2: The Detect Mult itself can go up to 255.  This pathologically means the session may stay up under hefty packet loss and the best we can do is do the switch starting at index 0 of a new page and hope that we sync up.
>  I think it's best to point this out, and demand that for ISAAC, the number of lost packets must always be less than 256.

A cautionary note is the best we can do here.

That said, deployed Detect Mult values tend to be low, and often simply default to 3.

>> Another point likely in need of text in the draft is what ISAAC needs to have done when switching from ISAAC back to strong authentication.  Since the sequence numbers are kept going regardless of the authentication mechanism, ISAAC will need to produce new pages when it flips to strong authentication.  This is to avoid needing to "fast forward" if strong authentication is left going for a while.
>  Hmm... yes.  I would suggest also that the use of strong authentication should only be for:
> 1) state transitions, in which case we toss all existing ISAAC information.  We can generate a new ISAAC seed when the state transitions from down->up again
> 2) we want to send an "up" packet with stronger authentication.  In that case, there are few reasons to send many packets.  Just send one, and swap back to ISAAC.
>  I'm working on updated text, and hope to have a PR out later today.

I believe all of this is simply covered under: <>

Once we have our ISAAC text, our roadmap is:
1. secure seq#  WGLC  Depends on: optimizing bfd 
2. bfd stability WGLC. Needs republish. Depends on optimizing bfd
3. optimizing BFD WGLC.  Needs republish. These two proceed as a bundle to IESG.

So, please review the next round of text vs. optimizing bfd.

-- Jeff