IETF Logo Mail Archive

Re: I-D Action: draft-ietf-bfd-secure-sequence-numbers-08.txt

Alan DeKok <aland@freeradius.org> Mon, 19 September 2022 18:09 UTC

Return-Path: <aland@freeradius.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADEE4C14F73E; Mon, 19 Sep 2022 11:09:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Me0d5WSWP7UO; Mon, 19 Sep 2022 11:09:01 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40B6FC14F692; Mon, 19 Sep 2022 11:08:59 -0700 (PDT)
Received: from smtpclient.apple (unknown [75.98.136.130]) by mail.networkradius.com (Postfix) with ESMTPSA id E33A74C1; Mon, 19 Sep 2022 18:08:56 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=freeradius.org
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
Subject: Re: I-D Action: draft-ietf-bfd-secure-sequence-numbers-08.txt
From: Alan DeKok <aland@freeradius.org>
In-Reply-To: <166DD252-AFD6-44ED-8B8B-BA5C303B2D18@gmail.com>
Date: Mon, 19 Sep 2022 14:08:55 -0400
Cc: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>, Reshad Rehman <reshad@yahoo.com>, draft-ietf-bfd-secure-sequence-numbers@ietf.org, Jeffrey Haas <jhaas@pfrc.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <25CDEA83-8514-498F-958A-DA2089A337F2@freeradius.org>
References: <20210405184656.GE12257@pfrc.org> <468C7D1D-7BE2-4759-9D81-0E18725FCA90@freeradius.org> <20210405190821.GF12257@pfrc.org> <14A4DD6D-7002-45A9-8FE4-42B512E97318@freeradius.org> <D48909A0-D7E9-40DA-83DA-CB0327D2D586@gmail.com> <096BC9E7-8877-4EF3-A94B-394AFE0E76E7@freeradius.org> <20210726141455.GA32584@pfrc.org> <211EC22C-F4AB-4FE6-98AB-511C5CE4EB8B@freeradius.org> <20210726144826.GB32584@pfrc.org> <173DA06B-21E7-42A4-8EFF-82AA3D84B338@gmail.com> <20210831181255.GB2820@pfrc.org> <166DD252-AFD6-44ED-8B8B-BA5C303B2D18@gmail.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/ah6SHCfeP6R4FcV9PT4YEIkVw5Y>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2022 18:09:02 -0000

On Sep 19, 2022, at 1:39 PM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
> Since you asked what can be done to move this document forward, I went digging to find out what was the last communication about it. Here is one of the last e-mail exchange we had on the subject. While the procedure of how sequence numbers could be secured was clear, there were lingering questions on how it would fit within the framework of existing specification and what was the overlap with optimizing authentication.

  The document still needs updates for the BFD part.  I'm less sure what to do there, and can't offer a lot of advice.

  As for the current questions, my responses are below.

>> On Aug 31, 2021, at 11:12 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
>> 
>> Since this mechanism is intended to work along with
>> optimizing-authentication, which implies that we'll be using existing
>> authentication mechanisms, how would this be carried?
>> 
>> A core detail we're dealing with is establishing the expected sequence
>> number to run through our hash.  Consider the text from RFC 5880, §6.7.3
>> for keyed MD5:

  Some of this has been addressed in my last set of updates.  The output of the CSPRNG is in the authentication portion of the packet, and doesn't affect the normal BFD sequence number.

  The discussion in March of this year ended up being that it was too difficult to use the output of ISAAC as the BFD sequence number.  There was minimal cost to creating an ISAAC authentication section, and major benefit.

  i.e. all BFD packet process can remain unchanged.  And the authentication section operates as a normal authentication section.

  A prototype of this is implemented in the code I added to the document repository.

> This was one of the questions that we have not addressed in the document. More on it below. I do not know if this overlaps with the seeding of ISAAC question, which we marked as outside the scope of the document.

  The code offers some suggestion for seeding ISAAC.  For the simple reason that the two parties have to agree on what numbers are generated / expected.  So seeding should be explicitly in scope for the document.


  The updates I put into the document have two possibilities.  Both use a new authentication section:

1) ISAAC.  The packet is not authenticated.  The authentication section carries an authentication sequence number, and the 32-bit ISAAC output.

2) FNV1A.  Which is a hash over the ISAAC output, and the packet.  The hash is placed into the authentication section.

> I like this suggestion. We could limit the use of secure-sequence-number when NULL is intended to be used, whereas authenticated packets could use clear-text sequence numbers.

  The use of the ISAAC method means that while the BFD packet contents aren't authenticated, that doesn't matter.  The packets containing ISAAC authentication only signal "I'm alive".  They cannot be used to signal state changes.

  The repository has been updated to reflect the discussion from March 2022.  The document addresses these points, and the sample code implements this.

  The only thing that's left to do is to update the BFD-specific portions of the document.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email