IETF Logo Mail Archive

Re: draft-ietf-bfd-optimizing-authentication-13 nits

Mahesh Jethanandani <mjethanandani@gmail.com> Thu, 25 January 2024 23:39 UTC

Return-Path: <mjethanandani@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E94AC14F5E3; Thu, 25 Jan 2024 15:39:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qk8r_UG89yFA; Thu, 25 Jan 2024 15:39:22 -0800 (PST)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E0F8C14F5E4; Thu, 25 Jan 2024 15:39:22 -0800 (PST)
Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1d71e1d7c78so46224335ad.3; Thu, 25 Jan 2024 15:39:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706225962; x=1706830762; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=MQkRKE4YvnJRWz6Y8ENlKIW2KLW1H8TDbxYXpX5Kgv0=; b=g/kHSbjUCRBw0REnqJFte/Exq0TSeFJgW2B/ae6N+oxi82evatG1vHaVahRMC7IDQl u51KJpfoCpexTTVKd9pvKqKCwG42psfmOo8z6vUifNOn2kNK/+A1oSw78ntHMcUKVcZu wWNq0Motr994EBR2r/PCRgj9M7IFejhprJ7RyUvmr71tYqL2DRrsfSDsZwI8JAZ2t90D 3klVdOggWHTV2hMnfxfVtqHaWpJRDGaIKBq+69Zc/q4rxEJGaXYw8FJ5IYAlGCJug0G7 UhLXXnwlfWlGG+gSpjesLinxX8DfHlUSTR4WG6m/r/3ppvnRnFmC3u2VUIpYsO5APKlu zVjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706225962; x=1706830762; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MQkRKE4YvnJRWz6Y8ENlKIW2KLW1H8TDbxYXpX5Kgv0=; b=FDXViOuLcgXtQTfzrjPbJL1+vHwNw47zhsSkhyqQZbfaTRe7XLcwCjYj7shKcm+Orn 1PYQPX/LiWOiTfEhFe2oudUugJ3jt7JevNAaX3/09l7U8pSi7ffYEawTzdhV8kKq4GkM 4t5V/U21Hct73axPVhr14jvlNREVW9yK7tVY4oLcA76P4SGaLfQxxITmupAbP9J/tNJR ndqaUV4as4PB1XFMkyRczVL2TxFMouTz3r7diei7Q4juYV5Os8rhqP6BGlMszw8m71oF pBLVX1MWg8EjZIVHPYJ63zWUQ+9pYhA2J3js2XiaMvcqxA7n8codup40femKPVYixjdZ oahQ==
X-Gm-Message-State: AOJu0YxzBOXrSaQ1bzs5b6+5bCWl4zDEOimmfbWGSrVnpwPVirb6z9DV /P3qHwbOUD/TnYa7UfnIKq2Ve413fIRNQFdgT17W7UKWNcxzOlcX
X-Google-Smtp-Source: AGHT+IEeBexIKjxD4u8wO+HkcZvdvUxlwJorTsdxx5uaszTwR43y2Oc3fFSwWxmfJ4tBW6LcJK2dvw==
X-Received: by 2002:a17:902:7b8e:b0:1d0:a9fa:5939 with SMTP id w14-20020a1709027b8e00b001d0a9fa5939mr453017pll.111.1706225961605; Thu, 25 Jan 2024 15:39:21 -0800 (PST)
Received: from smtpclient.apple ([70.234.233.187]) by smtp.gmail.com with ESMTPSA id bi9-20020a170902bf0900b001d7907eb711sm36033plb.182.2024.01.25.15.39.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2024 15:39:21 -0800 (PST)
From: Mahesh Jethanandani <mjethanandani@gmail.com>
Message-Id: <F1A9C610-C1C6-48D7-B88B-A245D8E6F58C@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FEA9794E-660C-4A4E-88D9-35B15FFEFA0E"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.15\))
Subject: Re: draft-ietf-bfd-optimizing-authentication-13 nits
Date: Thu, 25 Jan 2024 15:39:15 -0800
In-Reply-To: <3511ED37-3827-45DC-B819-814C3D18C7DD@pfrc.org>
Cc: draft-ietf-bfd-optimizing-authentication@ietf.org, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>, Manav Bhatia <manavbhatia@gmail.com>, Ashesh Mishra <mishra.ashesh@gmail.com>
To: Jeffrey Haas <jhaas@pfrc.org>
References: <4F3695C8-3736-4E55-B5BB-84671FDC367E@pfrc.org> <A8D0BCD4-15FA-4061-A7F0-6D888158F5A3@gmail.com> <D3DB82BE-730A-4D7C-88B8-3B309C5AC3B9@pfrc.org> <9CDB2C7B-BAB6-476C-9F12-BFA7EAD6DD60@gmail.com> <478E63ED-1784-4522-96A8-6813A2028F40@gmail.com> <3B169E77-D0E6-4282-9F74-5ED9E0CB45CF@pfrc.org> <27C39AF2-D01F-48C5-A564-B600D1439CAC@gmail.com> <923B21A6-0263-4C10-B5AB-AE470F4B5014@pfrc.org> <D68A88A8-815F-4BC3-90B7-51D96F2A8ECF@gmail.com> <3511ED37-3827-45DC-B819-814C3D18C7DD@pfrc.org>
X-Mailer: Apple Mail (2.3654.120.0.1.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/O_1wQf2_DyUsvTL8D4v3udDylEU>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jan 2024 23:39:28 -0000

Hi Jeff,

> On Jan 24, 2024, at 12:19 PM, Jeffrey Haas <jhaas@pfrc.org> wrote:
> 
> Mahesh,
> 
> I don't think we're too far off from each other's perspective.
> 
> 
>> On Jan 23, 2024, at 9:15 PM, Mahesh Jethanandani <mjethanandani@gmail.com <mailto:mjethanandani@gmail.com>> wrote:
>> 
>>> On Jan 23, 2024, at 10:30 AM, Jeffrey Haas <jhaas@pfrc.org <mailto:jhaas@pfrc.org>> wrote:
>> 
>> I see that there is some confusion that still needs to be cleared. I brought it up, but apparently I did not do a good job of it.
>> 
>> You mention two authentications proposed for Optimized auth. I think there is only one, i.e. the one that uses NULL Auth. Meaning, in Optimized auth mode, you start with strong auth for state transitions, and once the session is in UP state, transition to NULL auth, with occasional strong auth to prevent MITM attack.
>> 
>> The Meticulous Keyed ISAAC in my mind is independent of Optimized auth. It can be enabled by itself, or along with Optimized auth to secure the sequence number.
>> 
>> Did you have something else in mind?
> 
> A boolean of "doing optimization" isn't sufficient on its own.
> 
> Optimization means you have the original strong auth mechanism to start. E.g. sha-1.
> Optimization means you switch to the other auth once you're in the Up state.  We have two use cases we're considering: NULL auth (a new auth method), Meticulous Keyed ISAAC (a new auth method).

Ok. I have added a couple of leafs. One is called ‘up-auth-type’ which is of type iana-bfd-types:auth-type that can be used to indicate what auth-type should be used once the session reaches UP state. It should be one of NULL Auth type or Meticulous ISAAC. The second is a strong-auth leaf which is also of type iana-bfd-types:auth-type which specifies one of the strong authentication mechanisms (not including simple password).

> 
> If you use NULL auth for the optimization procedures, you require no additional authentication parameters.  

Not quite. We still have the 'strong-auth-interval’ that specifies how often we need to perform a strong authentication when NULL Auth is used, something we discussed below.

> 
> If you use Meticulous Keyed ISAAC, you require a key-id and a shared secret, same as you do for SHA-1, MD5, etc.

True, but in the base BFD YANG model we point to the key-chain for it, which is what ISAAC will have to use.

> 
> Thus what is needed for the optimization case is "do optimization, here's my second mechanism and its configuration".

Ok. The tree diagram currently looks like this:

    augment /rt:routing/rt:control-plane-protocols
            /rt:control-plane-protocol/bfd:bfd/bfd-ip-sh:ip-sh
            /bfd-ip-sh:sessions/bfd-ip-sh:session
            /bfd-ip-sh:authentication:
    +--rw optimized-auth?         boolean {optimized-auth}?
    +--rw up-auth-type?           iana-bfd-types:auth-type
    +--rw strong-auth?            iana-bfd-types:auth-type
    +--rw strong-auth-interval?   uint32

> 
> 
>> 
>>> 
>>> Further, for the bfd-stability feature, we need to have the ability to pick the meticulous authentication that will be used potentially in addition to non-meticulous authentication that might be stronger. 
>>> 
>>> I think this is pushing us toward having a secondary bit of authentication configured for the session and a selector for the mode of why it's needed: optimized vs. stability.
>>> 
>>> Working through both use cases will likely drive the outcome.
>> 
>> I agree with you on the question of using a meticulous auth mechanism when stability is enabled, and something that you highlight on the other thread. But could it be as simple as some text that says that when stability is enabled, only meticulous auth should be used. I am not sure what you mean when you say “ability to pick the meticulous authentication that will be used …”. The base BFD YANG model does not allow us to specify what bfd.AuthType will be used. Just the key-chain and whether we want meticulous auth or not.
>> 
>> Here are some of the possible scenarios that I can think of, what config would apply, and what would be the behavior.
>> 
>> - No auth, no secure sequence number, no stability. No new config. Things will work as defined in RFC 5880.
>> - Strong auth, no secure sequence number, no stability. No new config. Things will work as defined in RFC 5880.
> 
> These two are good.
> 
>> - Optimized auth, no secure sequence number, no stability. 'optimized-auth' flag is set to true, along with an interval for strong auth. The system decides what strong auth it uses for state change and occasional auth.
> 
> The mechanism for the optimized Up state needs configuration.  See above.
> 
>> - No auth, secure sequence number, no stability. A config variable 'secure-sequence-number' is set to true, and the system uses ISAAC.
> 
> Invalid configuration.  Meticulous Keyed ISAAC is only applicable to packets in the Up state due to the lack of a digest computed over the whole PDU.
> 
> 
>> - No auth, no secure sequence number, stability. A config variable of ‘stability' is set to true. System uses the increasing sequence number to detect drops.
> 
> What this would translate to is "NULL auth is the only authentication mechanism configured". 

But stability can be detected even when A bit is not set. Do we need to configure NULL auth to detect loss of packets?

> 
>> - Optimized auth, secure sequence number, no stability. 'optimized-auth' and 'secure-sequence-number' are set to true. System picks a strong auth for state transitions and occasional auth, and NULL auth otherwise. In parallel, it uses ISAAC to secure the sequence number.
> 
> There's no "system picks", the user has to specify what we start with because the strong auth requires configuration.  E.g. sha-1.

Ok. The ’strong-auth’ in the above tree diagram can be used to specify the auth.

> 
> In this example, if "secure sequence number" is set, it means the optimization configuration uses Meticulous Keyed ISAAC as its second bit of authentication for that mode, and it will need its configuration parameters.

If Meticulous Keyed ISAAC is used as the second bit of authentication when optimization is configured, then we do not need the ’secure-sequence-number’ flag. 

> 
> In the scenario above, if the primary authentication mechanism is Meticulous, the system can provide stability data.  However, if it uses non-Meticulous MD-5, we can't run the stability procedures until we're in the Up state.

Agree. The model suggests that the ’strong-auth’ should be one of the meticulous auth types.

Thanks.

> 
> Prior thread discussion is suggesting that simple password and optimizing is invalid configuration.  I believe that would also be the case for NULL as main authentication and optimizing.
> 
>> - Optimized auth, no secure sequence number, stability. 'optimized-auth' and ‘stability' is set to true. System picks a strong meticulous auth for state transitions and occasional auth, and NULL auth otherwise. It uses the increasing sequence number to detect drops.
> 
> Again, there's no "system picks" due to need for configuration of the authentication parameters.
> 
>> - Optimized auth, secure sequence number, stability. 'optimized-auth', 'secure-sequence-number', and ‘stability' is set to true. System picks a strong meticulous auth for state transitions and occasional auth, and NULL auth otherwise. In parallel it uses meticulous ISAAC to secure the sequence number. It uses the increasing sequence number to detect drops.
> 
> Agreed.
> 
>>> The danger of saying "pick a reasonable value" is the back and forth of what should be reasonable.  3s is certainly better than doing expensive authentication every 30ms.  Would every 30s?  Every 5m? 
>>> 
>>> I would recommend something probably in the minute time frame. 
>> 
>> Ok. I will set the default to 1 minute.
> 
> We'll start from there.  I expect everyone to have an opinion. :-)
> 
> -- Jeff
> 


Mahesh Jethanandani
mjethanandani@gmail.com

v2.23.0 | Report a Bug | By Email