IETF Logo Mail Archive

Re: Request for WG adoption of draft-mahesh-bfd-authentication

"Rajeev G Nair (rajeenai)" <rajeenai@cisco.com> Wed, 25 November 2015 04:42 UTC

Return-Path: <rajeenai@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E18881AD277; Tue, 24 Nov 2015 20:42:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.085
X-Spam-Level:
X-Spam-Status: No, score=-15.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 98Ovb54O7B_y; Tue, 24 Nov 2015 20:42:15 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B142B1AD2DF; Tue, 24 Nov 2015 20:42:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5801; q=dns/txt; s=iport; t=1448426535; x=1449636135; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=ZYfDfJ6QoNOEdd+Q2p7a+SqrgEhYrhMiTykQt3ibbjQ=; b=msXG+65POqsvbjSD0N5XAZ8aJZ+zCSN+IS59XzD9jCmehXPdGx2OZdZU GrhX0tpVzYHVApI6z23RMJU3aXnhzaCuiMG5t6uUaMsedBl2PmebwWuHb pRT7N0OPhc3NglTSyBEsSqJh04W9beMKjLo4/NqBUcJEtrnCj4mm8+u0n I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0D3AQAEO1VW/4cNJK1egm5NU28GvkABDYFnIYVuAoFJOBQBAQEBAQEBgQqENAEBAQRuGwIBCBEDAQIoBzIUCQgCBAESiC4NvVoBAQEBAQEBAQEBAQEBAQEBAQEXBIZUhH6Eew2EMQWNWoh7AYUkiA2BW4RBgyaGEYkTg3EBHwEBQoQEcoQlgQcBAQE
X-IronPort-AV: E=Sophos;i="5.20,341,1444694400"; d="scan'208,217";a="211346011"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Nov 2015 04:42:13 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id tAP4gDrZ001454 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 25 Nov 2015 04:42:13 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 24 Nov 2015 22:42:12 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.000; Tue, 24 Nov 2015 22:42:12 -0600
From: "Rajeev G Nair (rajeenai)" <rajeenai@cisco.com>
To: "Reshad Rahman (rrahman)" <rrahman@cisco.com>, "rtg-bfd@ietf.org" <rtg-bfd@ietf.org>, "draft-mahesh-bfd-authentication@ietf.org" <draft-mahesh-bfd-authentication@ietf.org>
Subject: Re: Request for WG adoption of draft-mahesh-bfd-authentication
Thread-Topic: Request for WG adoption of draft-mahesh-bfd-authentication
Thread-Index: AQHRI4t1BhxwWi4DrkqzzQbDKMhgLp6sDquA
Date: Wed, 25 Nov 2015 04:42:12 +0000
Message-ID: <D27A74CD.10520C%rajeenai@cisco.com>
References: <D2747638.109021%rrahman@cisco.com>
In-Reply-To: <D2747638.109021%rrahman@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.2.150604
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.19.236]
Content-Type: multipart/alternative; boundary="_000_D27A74CD10520Crajeenaiciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtg-bfd/SS7eQ0l9HWFFFwdTVer6qmfEgjk>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2015 04:42:18 -0000

Jeff & Reshad,

 Read through the document. Interesting concept.

Here is my understanding:-
 1) Current scheme. Both switches are configured to use same auth. Currently, no packets will be accepted unless all received pkts match with configured auth.
 2) Proposal is to come up with a scheme to authenticate only a subset of packets (those signaling a state change as mentioned).

Questions:-
Q1) Doesn't acceptance of non-auth packets dictates state of the session (e.g. Keep it still up UP) ?

Q2) These non-auth packets are not protected from MiM attacks, right?

Q3) Doesn't mixing authenticated & non-authenticated packed make proposed scheme equivalent to non-authenticated mode ? I mean, unless every packet is authenticated, isn't benefit of bfd-auth nullified ?


thanks
~Rajeev

From: Rtg-bfd <rtg-bfd-bounces@ietf.org<mailto:rtg-bfd-bounces@ietf.org>> on behalf of "Reshad Rahman (rrahman)" <rrahman@cisco.com<mailto:rrahman@cisco.com>>
Date: Friday, November 20, 2015 at 4:03 AM
To: "rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>" <rtg-bfd@ietf.org<mailto:rtg-bfd@ietf.org>>, "draft-mahesh-bfd-authentication@ietf.org<mailto:draft-mahesh-bfd-authentication@ietf.org>" <draft-mahesh-bfd-authentication@ietf.org<mailto:draft-mahesh-bfd-authentication@ietf.org>>
Subject: Request for WG adoption of draft-mahesh-bfd-authentication

BFD WG members,

Please indicate to the WG mailing list whether you would support or not support BFD WG adoption of the following document.

https://datatracker.ietf.org/doc/draft-mahesh-bfd-authentication/

Authors, as was mentioned at IETF94, you should get your proposal reviewed by the security group.

Regards,
Jeff & Reshad.

v2.23.0 | Report a Bug | By Email