IETF Logo Mail Archive

Re: Comments on draft-ietf-bfd-secure-sequence-numbers-12.txt

Alan DeKok <aland@deployingradius.com> Tue, 16 January 2024 23:48 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DADA3C1516E9; Tue, 16 Jan 2024 15:48:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OfRhY76OrHri; Tue, 16 Jan 2024 15:48:01 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C85B7C15155F; Tue, 16 Jan 2024 15:47:59 -0800 (PST)
Received: from smtpclient.apple (135-23-95-173.cpe.pppoe.ca [135.23.95.173]) by mail.networkradius.com (Postfix) with ESMTPSA id 503E64DD; Tue, 16 Jan 2024 23:47:56 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: Comments on draft-ietf-bfd-secure-sequence-numbers-12.txt
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <DDE71390-FF3F-4B28-9E06-D5D28973F5AF@pfrc.org>
Date: Tue, 16 Jan 2024 18:47:54 -0500
Cc: rtg-bfd WG <rtg-bfd@ietf.org>, draft-ietf-bfd-secure-sequence-numbers@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <481615F0-F0B4-432A-8A8B-08DAB8BE5B9D@deployingradius.com>
References: <170130738712.52125.9313047708000913054@ietfa.amsl.com> <20240115232214.GB20424@pfrc.org> <E718BC59-7496-4E73-A4D9-AA5015DD9449@deployingradius.com> <EF836FF4-708A-4985-8FD1-56CD4EC4943E@pfrc.org> <422E5293-1B87-415E-A49C-F5940DFF01A4@deployingradius.com> <DDE71390-FF3F-4B28-9E06-D5D28973F5AF@pfrc.org>
To: Jeffrey Haas <jhaas@pfrc.org>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/V6JcKdczvLtwW7tDll1hzhJ-kBY>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jan 2024 23:48:05 -0000

On Jan 16, 2024, at 12:00 PM, Jeffrey Haas <jhaas@pfrc.org> wrote:
> This means the two scenarios we have during the first transition to ISAAC in the face of packet loss are:
> 1. It's on "this" page.
> 2. It's on the prior page.

  The simple solution to page issues is to just require that there be no more than 255 lost packets allowed.  That way the current packet is always in the first page of derived ISAAC values.

> That said, deployed Detect Mult values tend to be low, and often simply default to 3.

  Exactly.  I'll add a note to this effect.

> So, please review the next round of text vs. optimizing bfd.

  I'll do that next.

  For now, I've largely reworked the text.  The new text is at:  https://github.com/mjethanandani/bfd-secure-sequence-numbers/tree/v14-alan

  The reworked text doesn't address all of your review, but it does go into great detail into how to initialize and operate meticulous keyed ISAAC.  If defines a large number of variables specific to this Auth Type method.  That may seem surprising, but I think that the resulting text was made clearer.

  The document still needs updates to address the other comments in your review, but it's late here, and the bulk of the work seems to be done.  I'll do more tomorrow, in order to get this off of my plate.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email