Re: Comments on draft-ietf-bfd-secure-sequence-numbers-10
Jeffrey Haas <jhaas@pfrc.org> Wed, 22 March 2023 01:28 UTC
Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A34AC1595FD; Tue, 21 Mar 2023 18:28:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WR0GK73QAipH; Tue, 21 Mar 2023 18:28:52 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id CFC5BC159495; Tue, 21 Mar 2023 18:28:51 -0700 (PDT)
Received: from smtpclient.apple (104-10-90-238.lightspeed.livnmi.sbcglobal.net [104.10.90.238]) by slice.pfrc.org (Postfix) with ESMTPSA id A07FA1E037; Tue, 21 Mar 2023 21:28:50 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: Comments on draft-ietf-bfd-secure-sequence-numbers-10
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: <A51F49B6-E5D9-49C0-9A1B-903E633ECF50@freeradius.org>
Date: Tue, 21 Mar 2023 21:28:50 -0400
Cc: draft-ietf-bfd-secure-sequence-numbers@ietf.org, rtg-bfd@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0A28A248-AA9A-4C1E-80AE-07144D463ACA@pfrc.org>
References: <20230321181834.GB3114@pfrc.org> <C4D01D2C-9C54-400E-925C-180A8EC72859@freeradius.org> <4B9B39A0-8F35-43E9-850B-4E0B42371410@pfrc.org> <A51F49B6-E5D9-49C0-9A1B-903E633ECF50@freeradius.org>
To: Alan DeKok <aland@freeradius.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/PkHkGyAZEoESc9uEKhdY9iHAnJ4>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 01:28:54 -0000
> On Mar 21, 2023, at 5:26 PM, Alan DeKok <aland@freeradius.org> wrote: > >>> What if there's no auth method, or auth-type==simple? >> >> Another argument for a separate numbering space. > > I think that's the best approach. > >>> It just keeps going. The sequence number isn't used to derive the 32-bit Auth-Keys taken from ISAAC. So wrapping doesn't matter to it. >> >> I may be confused here. >> >> The current sequence number is 2^32 -1, we're on page X for ISAAC. >> The sequence number wraps to 0 next round. ISAAC would normally generate another page. >> The index into that page is 0 rather than 2^32 at the API level. > > I think the misconception here is that the ISAAC pages depend on the sequence numbers. They don't. I grok it, although I suspect we're speaking past each other. To save time, what I'd suggest is that if your coauthors agree that discrete sequence numbers in BFD per auth type (and auth type details, like seed), write up some text that describes that. It's a change vs. the incompletely specified procedures for authentication in the main RFC 5880 text. Once that's done and verbiage reviewed, I think we may be ready to proceed with WGLC. -- Jeff
- Comments on draft-ietf-bfd-secure-sequence-number… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Jeffrey Haas
- Re: Comments on draft-ietf-bfd-secure-sequence-nu… Alan DeKok