IETF Logo Mail Archive

Re: draft-ietf-bfd-optimizing-authentication-13 nits

Alan DeKok <aland@deployingradius.com> Wed, 24 January 2024 12:45 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A57B2C14F6A6; Wed, 24 Jan 2024 04:45:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s3M376n2u3NA; Wed, 24 Jan 2024 04:45:07 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A45D4C14F691; Wed, 24 Jan 2024 04:45:05 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id AAEA31D1; Wed, 24 Jan 2024 12:45:02 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: draft-ietf-bfd-optimizing-authentication-13 nits
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <D68A88A8-815F-4BC3-90B7-51D96F2A8ECF@gmail.com>
Date: Wed, 24 Jan 2024 07:45:00 -0500
Cc: Jeffrey Haas <jhaas@pfrc.org>, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>, draft-ietf-bfd-optimizing-authentication@ietf.org, Ashesh Mishra <mishra.ashesh@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <01242882-62B6-453F-A0BE-451A85852521@deployingradius.com>
References: <4F3695C8-3736-4E55-B5BB-84671FDC367E@pfrc.org> <A8D0BCD4-15FA-4061-A7F0-6D888158F5A3@gmail.com> <D3DB82BE-730A-4D7C-88B8-3B309C5AC3B9@pfrc.org> <9CDB2C7B-BAB6-476C-9F12-BFA7EAD6DD60@gmail.com> <478E63ED-1784-4522-96A8-6813A2028F40@gmail.com> <3B169E77-D0E6-4282-9F74-5ED9E0CB45CF@pfrc.org> <27C39AF2-D01F-48C5-A564-B600D1439CAC@gmail.com> <923B21A6-0263-4C10-B5AB-AE470F4B5014@pfrc.org> <D68A88A8-815F-4BC3-90B7-51D96F2A8ECF@gmail.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/QZuSAgbKJwkERH3V1V1Qe9om4rY>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2024 12:45:08 -0000

On Jan 23, 2024, at 9:15 PM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
> Here are some of the possible scenarios that I can think of, what config would apply, and what would be the behavior.
> 
> - No auth, no secure sequence number, no stability. No new config. Things will work as defined in RFC 5880.
> - Strong auth, no secure sequence number, no stability. No new config. Things will work as defined in RFC 5880.

  I would reiterate that the "secure sequence number" draft has evolved away from "securing" the sequence number.  It turned out that it was too difficult to mangle the sequence number and have the BFD state machine still work.

  Instead, the document now proposes a normal Auth Type method which uses the normal BFD state machine.  i.e. It doesn't modify the sequence numbers at all.

  The ISAAC method is an Auth Type which doesn't verify the entire packet.  As such it is faster, but less secure.

  The authentication done by ISAAC is just to exchange a series of numbers based on a keyed pseudo-random number generator.  If both parties have the key, they can calculate the same sequence.

  I would see the choices as:

* session state changes, including poll mode: entire packet MUST be verified with a strong Auth Type

* session remains "Up", use one of:

  * NULL auth, but attackers can send spoofed packets to keep the session up

  * ISAAC auth - each packet contains a changing Auth Key which proves that the other end is still alive

  I dropped the other bullet points, because they assumed that the sequence numbers were being mangled, and they're not.

  I think for the "Up" state, it's useful to require a meticulous Auth Type method.  That way you know that each new packet is a new signal that the session is still up.  I don't see much use for a non-meticulous Auth Type method, as packets can just be replayed.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email