Re: [Technical Errata Reported] RFC5880 (7082)
John Scudder <jgs@juniper.net> Thu, 01 September 2022 21:22 UTC
Return-Path: <jgs@juniper.net>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C45FFC1524CB for <rtg-bfd@ietfa.amsl.com>; Thu, 1 Sep 2022 14:22:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=m+qygkkC; dkim=pass (1024-bit key) header.d=juniper.net header.b=I8qEGB9Y
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZzIEzBCQFL55 for <rtg-bfd@ietfa.amsl.com>; Thu, 1 Sep 2022 14:22:22 -0700 (PDT)
Received: from mx0b-00273201.pphosted.com (mx0b-00273201.pphosted.com [67.231.152.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD8E0C1522B6 for <rtg-bfd@ietf.org>; Thu, 1 Sep 2022 14:22:20 -0700 (PDT)
Received: from pps.filterd (m0108161.ppops.net [127.0.0.1]) by mx0b-00273201.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 281Fpmdv015470; Thu, 1 Sep 2022 14:22:19 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=PPS1017; bh=BO2NSnwK7geA4rWmUH5SU3AS/qUyBAYGc4unoUNIawM=; b=m+qygkkCv6ne33+bqNIg4tS7ZCOhuu1/JoJWCqHX4NPolstA9X16tDNt1FidRnIIHVbn wqxRYnbyA4rQTnQPbLVqqOnhZEVcWjGCmWqm7iv9+5D6ZwbWAAsS2Ose/aT41DNtseAN oE3iIVQrqJUp7Z5ZuaJgTJXdDDI9cUHDRfrIwiv2KLpAaohx51MPu5fT5khemyiysx7M mekleEtG/bZ73OKT5OPUevdUWypOA2FzxaUTUyQL2CJZdjxriBEijIALuhdlhXIvdQHR UuKJNr9x2nbxYvkOSdmFx72YSto+h9gvTuecq7Jzp9USdFMhg7WW+PneMLUe+968j36W bA==
Received: from na01-obe.outbound.protection.outlook.com (mail-westcentralusazlp17010001.outbound.protection.outlook.com [40.93.6.1]) by mx0b-00273201.pphosted.com (PPS) with ESMTPS id 3jayrd0k4e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 01 Sep 2022 14:22:19 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oAYHjCMWMlBB5lBM9gjBEh2XDAjfAlEtz0xFNn4OPBLWVdifwUtrWJHUN4GNtIH+VcvAf28RcB6a0HS2Zx6TiL5qnlsT1SpVbOgmVRV1RQRoU/Dw/e+REyaG3TBojAGzKa/m5dsd3O7GSJzoIol8w2Q9ZOvrDqAtJDNKjCWfQEpHJGNJb9ncboU56Cxg7aXkPmfQEYqNnTorp7KxNRwMbvbLo5nooqMExVr2pHUGlZSwqc7OnXkOUPckoCuPc302TRFsJwc8oqZf4/yNTX6gIlMO+eINUQu/gzYEHeYf2vx9KM03h95YbaTG//owRtV32Uc7hRELGbkmZMknsp1ySg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BO2NSnwK7geA4rWmUH5SU3AS/qUyBAYGc4unoUNIawM=; b=WGVzeVhkVnmkjUWozaHIyqST39/PKsvSnWrhejoobwllR5PcGceC2STchbWvOo/fqHyEdEmtFu1Cb2upyQVClfixAhGUenBONTiAmKvEHfpV3hazneV+niNOqhTiuGMiCZoh49e1cEAxdgPrdvbDaDTsYiN8VXlwScMV08v1QBT49hJNso1igLO178o0XqyrKSd1QI3URRkNNCVJL3wHu0/DDwY8ZIdFXArS/xsDiTKPlwMqmqmPW3Z/lRRWtMAVxZRoR/0AGnWTP+XCgrNnK3hVZyHCbwFwTnaoERxF0yVbgqkM0Ennla4h4us3RNVUKikQFa5DhCHDeBLEgILOhA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BO2NSnwK7geA4rWmUH5SU3AS/qUyBAYGc4unoUNIawM=; b=I8qEGB9YErQE4shQ8hQphhYVE8CRDNDZ+aKGwriqKi0YUlBxmSbQ7Lh4ytVQaDXPLfiolnky1B9H7J6WujfaW2VgdcFqN63P1TuAiJEhnsg3ECrPPKQcL7kpgLEhuTgvBYOgecWlqVUvPggE0OHApf2FMDgXQ+kRCxsFYbb1DEM=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by DM6PR05MB6780.namprd05.prod.outlook.com (2603:10b6:5:1fe::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5588.3; Thu, 1 Sep 2022 21:22:15 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::915f:ef9b:a308:d50d]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::915f:ef9b:a308:d50d%3]) with mapi id 15.20.5588.010; Thu, 1 Sep 2022 21:22:15 +0000
From: John Scudder <jgs@juniper.net>
To: RFC Errata System <rfc-editor@rfc-editor.org>
CC: Dave Katz <dkatz@juniper.net>, "dward@packetfabric.com" <dward@packetfabric.com>, Alvaro Retana <aretana.ietf@gmail.com>, Andrew Alston <andrew-ietf@liquid.tech>, Jeffrey Haas <jhaas@pfrc.org>, "reshad@yahoo.com" <reshad@yahoo.com>, "glebs@mikrotik.com" <glebs@mikrotik.com>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>
Subject: Re: [Technical Errata Reported] RFC5880 (7082)
Thread-Topic: [Technical Errata Reported] RFC5880 (7082)
Thread-Index: AQHYrlV8W11/7hQ4hUulx6vGmp3D2q3LNSQA
Date: Thu, 01 Sep 2022 21:22:15 +0000
Message-ID: <C746236E-5C0F-4D15-9723-6B46D92F5575@juniper.net>
References: <20220812141151.29F126AAE9@rfcpa.amsl.com>
In-Reply-To: <20220812141151.29F126AAE9@rfcpa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3696.120.41.1.1)
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 59fb5220-2d10-4e30-e549-08da8c600abd
x-ms-traffictypediagnostic: DM6PR05MB6780:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: vDis1nvxPqB8cggQYJLK8zJYM2YRHaSnmdaee4nyMuOb9v+6Wmv7ltOudKW6gnwNW0HDvP3HQlapfOq/Rfoy2YvfnbbXFZf3GNP5DMwzfGrddDUYtmxKVT3mBvzkUJweZ+sK9/2pr6tIR0nO1NBR+7SvIES9Zk6ZcJQhqfWD0RJDzDWNC/JNPyC2+E9tT1Smgmsqo32f20at83wBa/aC++UPrHU2GGgbNO3N4dr7P57pZS2aeWQwNfx+gwkD556LdQgUD/Ob4q0vHRDVRC0GGkcbTMmv6DStuVYu7AHkgv8ZjeMveeHoHfHMzdrTMzoMZu1QtK4+rtLGeRcb7vHGNW0fjNmFz/hgk05pZw6eakpkLTeIN8ZyCY9nCmL7vGQ1BYcbrzaE9zXDILX1SnnTcU421/hNOJ/wG4y5bmRG+0ZIclMHaV9X4PnOA/WaVKiAdCM3PEWWXAYryDAi4D09u7Fw9IW1Z8Kyj8Rg6JpI/Y5Z4GPqGi1XktKCmQM8VM5INfs6uRbF/JWyr68ieRmfP/904zF18SR9/1prNuhGzxp+VwUwXjNKgBD05i4Ht0hNpk/xo6sHomTj10aFoDS8t5P4tNIdvnEK+zvimuWgopgrIiqhoPMRoQUv3jXUhhVz7UHiB9QjdmJHaKOk2ytoKfuh8NjVxR+D//zR2uycB3PcbaYDyyjgUJyXPgMiaBpx3YQt9HmwxqwYjUX4BW+bTx0gTKeRasQ/6J2FDLehnZ8iLWhliMPzI3IhhCUe9M9ushb9C4qS4KFB0WrNZloqCusLQEEAu+pTTnGUXZ7HKHqeW6kbNStT1+ymOnCVHTCrckxn7zhX80wh5iumQdWpqQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(346002)(376002)(136003)(366004)(396003)(66476007)(91956017)(2616005)(66556008)(122000001)(186003)(83380400001)(38100700002)(8936002)(4326008)(76116006)(66946007)(5660300002)(8676002)(966005)(2906002)(71200400001)(41300700001)(53546011)(6512007)(478600001)(6486002)(26005)(6506007)(33656002)(36756003)(38070700005)(64756008)(316002)(6916009)(54906003)(66446008)(86362001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: f5aIfUE++nL9OCTsO/FWhnj79zeXnuK3MQVCdzGEEp3uPBYWTXNUV5Wp2KS6zL9lF0jG21eY9fq/X9RcV4LHSGY74h4xYVP1+1RylWgbDaryT+7c8S0ZRzP+P9g0RGarDRGiiuXag1RG6riU1XQYgAZTAbLZyaVD7edMdiS7dOpI14BvZsH1jct7hG9UauN49JXamY+wqkuIIvLn42Ltr5Wngje97rXp5ccVTOf5sGXwSbe4wD+cLTbQKwGu+q/KXUKgPfijC9/q15tsWJMaL5kZVWwaSgmonGT19n+khHGY7Y9jPNL8kChk40R54ihpackyTvQLujHg7kcK5dTjnP5ySrPdpCiTkeKA2fAmY1zmR/24S3yjiehCqfI2XkTVjOoSKyw6vKK2lLDHUlKb01AarwWORK4zFdPXE/xOOeKxMupC4vfTeeKplPngR4rlNzxLdKgbBII9kyoT5ZSLg8e8TiCPTV1Wnp3zmdTr5Lb9TmSuAvYq/wlSF63r8SUUQA0wMbywINqRbAJbEUaJi4dv4kAd3GXYVaj4/qiwSfZikxj+FS/F8YFyPAFYkAA8yYBQb+2X8lFaZw4qBLZFyo2/zLVI3x8FRyAtvBkeRJkYDYP8i89rLHvNtXtqMPqPIQwT+UlbRmYcLPGf/IjbU85SM0Jbi+ah4LV4C5HxKbXVaZfJmp4SEtQuFyJ2sU5x41E/hmMg/b633RwRb5uzdl+crSO0iol+IhrH4uWsCjjNI7l8yDEvKVQanFSFh1hUdsybzYaKVY4wPNtf7cMj1S/55Um7Yi2hmR5FsBTS4Q500NYQ1oMR3yUzW7Bpux3C/OXeoNvYuf2DMThBjeHk1XmCE7mrhVOnIQyShfLml99eXMrCHxzrqaTGx3y3r//ftiHvIF7lBY16NcK9L9/bVNQLGtZ8gZoCaPjvx8SpQpjrDFR26iIaHU0UMcqb9wtrkn9dQjsZGIerbYxO+AMIKfMIe2rvLrKP2czdvgxssJqlh4zk3AvwpGwWuVRiyEMAx+VtTwfIWr4tkdMvLT+/74O4M0/oVbHoh/K/qhXxkaMlK7AcNxrKbjxK8QBsKR+1ASZoCBqf00HqRngtG0d8TdeWM4XCe98o0FuWsQLjNnwFq/obsngFCTEo5+TLmuSCKxzJZL2FgKup+n6hXyTJSegA+Grkg5a/D4Cu9wjcOnevMtcLezaNZGcG+BHqtm3kM0f5yNIanqznMT8+iYWx/+frXd75Uev0Jr8Lkm7kKmUSfCPHcAdi8rIKJqD/FmSruWZcnZSsrmw4JN3MIteOKhy6wkvsqQVGD5XgDVJ+eiKGGwte5oLx+Zm7nqQ002f5/pqaUDS/83V/0udfISgOLZhN/972Vxb9la9D0W6ddTjTVBTcy9SxMUM1Ol2g9E8n0SUNeVgyAzRtw5OJadJH3AUWwfClfyFSLX4sw0VST3L+b2Hpa++baoa/xvr2zJpbHfOfmBiPSDsNSiRkic9jOWJGXqinZNLSFiUn8ptC12EKDFhKXmq0oii5ozNc6jTonv4QwgJm4CiUCyuGVPAefCGoM0AsNIYgLaG7bOrP/RxJGgOmpseksnBHWpwq7Zns
Content-Type: text/plain; charset="utf-8"
Content-ID: <D0A8CFB9BAEA6F47A91CE45AD186774F@namprd05.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR05MB6780
X-Proofpoint-ORIG-GUID: b9bP6hcsNmQAVSZz_5VXc3HFPbXXeG4D
X-Proofpoint-GUID: b9bP6hcsNmQAVSZz_5VXc3HFPbXXeG4D
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-09-01_12,2022-08-31_03,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 adultscore=0 mlxlogscore=999 clxscore=1011 suspectscore=0 impostorscore=0 mlxscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 spamscore=0 lowpriorityscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209010093
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/Q1vE1DLSTPJmYDscTEiF6QHUwgU>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2022 21:22:27 -0000
Hi Folks, I’ like to thank Glebs for the well-written and researched erratum. I’d like to engage the WG and authors before moving this one along. AFAICT (and I am not as expert in the subject as some of you are), the erratum is correcting a legit bug in the spec. My concern is that as the submitter points out in https://mailarchive.ietf.org/arch/msg/rtg-bfd/lDxFfNpqo4kwuNEUY0AbjMBb8JU/, the bug appears to be there on purpose. Ish. If we look at the IESG guidelines for processing of errata (https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/), “4. Technical items that have a clear resolution in line with the original intent should be classified as Verified. If the resolution is not clear or requires further discussion, the report should be classified as Hold for Document Update. In both cases, only items that are clearly wrong should be considered.” Well that seems OK. But, “5. Changes that modify the working of a protocol to something that might be different from the intended consensus when the document was approved should generally be Rejected. Significant clarifications should not be handled as errata reports and need to be discussed by the relevant technical community.” It seems the currently documented design (check the sequence before checking the hash) was done on purpose, as Glebs documents, in order to gain some notional protection against a CPU exhaustion attack. It doesn’t seem likely that the repercussions were understood, though. If they were and the choice was made anyway, well that was the WG consensus and an erratum isn’t the right vehicle to fix it. If they weren’t… it’s a gray area, and given the nature of the bug, I’m inclined to verify the erratum. On the balance I’m inclined to verify the erratum, since I have no evidence that the WG was indeed aware of the repercussions of the design choice. But, I’d like to invite comment from the WG and authors before I proceed. Thanks, —John > On Aug 12, 2022, at 10:11 AM, RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > > The following errata report has been submitted for RFC5880, > "Bidirectional Forwarding Detection (BFD)". > > -------------------------------------- > You may review the report below and at: > https://urldefense.com/v3/__https://www.rfc-editor.org/errata/eid7082__;!!NEt6yMaO-gk!DTSk4TWBt9uqplNg1ca5Tb-mDREPCXJCXHdKoY5mlGGyc8nGY1xFUNZhgGKypL9eT_3W1HTSSNgYUSH4AsGJcg$ > > -------------------------------------- > Type: Technical > Reported by: Glebs Ivanovskis <glebs@mikrotik.com> > > Section: 6.7.3 > > Original Text > ------------- > Otherwise (bfd.AuthSeqKnown is 0), bfd.AuthSeqKnown MUST be set to > 1, and bfd.RcvAuthSeq MUST be set to the value of the received > Sequence Number field. > > Replace the contents of the Auth Key/Digest field with the > authentication key selected by the received Auth Key ID field. If > the MD5 digest of the entire BFD Control packet is equal to the > received value of the Auth Key/Digest field, the received packet > MUST be accepted. Otherwise (the digest does not match the Auth > Key/Digest field), the received packet MUST be discarded. > > Corrected Text > -------------- > Replace the contents of the Auth Key/Digest field with the > authentication key selected by the received Auth Key ID field. If > the MD5 digest of the entire BFD Control packet is not equal to the > received value of the Auth Key/Digest field, the received packet > MUST be discarded. > > Otherwise, the packet MUST be accepted, bfd.AuthSeqKnown MUST be set to > 1, and bfd.RcvAuthSeq MUST be set to the value of the received > Sequence Number field. > > Notes > ----- > 1. Don't manipulate bfd.AuthSeqKnown and bfd.RcvAuthSeq before Auth Key/Digest check. > 2. Explicitly mention what bfd.AuthSeqKnown and bfd.RcvAuthSeq must be set to in both cases (bfd.AuthSeqKnown is 0 and bfd.AuthSeqKnown is 1). > > Based on email exchange: https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/rtg-bfd/lDxFfNpqo4kwuNEUY0AbjMBb8JU/__;!!NEt6yMaO-gk!DTSk4TWBt9uqplNg1ca5Tb-mDREPCXJCXHdKoY5mlGGyc8nGY1xFUNZhgGKypL9eT_3W1HTSSNgYUSEIW7r6RQ$ > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC5880 (draft-ietf-bfd-base-11) > -------------------------------------- > Title : Bidirectional Forwarding Detection (BFD) > Publication Date : June 2010 > Author(s) : D. Katz, D. Ward > Category : PROPOSED STANDARD > Source : Bidirectional Forwarding Detection > Area : Routing > Stream : IETF > Verifying Party : IESG
- [Technical Errata Reported] RFC5880 (7082) RFC Errata System
- Re: [Technical Errata Reported] RFC5880 (7082) John Scudder
- Re: [Technical Errata Reported] RFC5880 (7082) Dave Katz