IETF Logo Mail Archive

Re: draft-ietf-bfd-optimizing-authentication-13 nits

Jeffrey Haas <jhaas@pfrc.org> Tue, 23 January 2024 18:30 UTC

Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A687C14F6FE; Tue, 23 Jan 2024 10:30:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfrXVbbcJlzf; Tue, 23 Jan 2024 10:30:47 -0800 (PST)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 93FA3C14F70E; Tue, 23 Jan 2024 10:30:45 -0800 (PST)
Received: from smtpclient.apple (172-125-100-52.lightspeed.livnmi.sbcglobal.net [172.125.100.52]) by slice.pfrc.org (Postfix) with ESMTPSA id 35A3E1E039; Tue, 23 Jan 2024 13:30:45 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.4\))
Subject: Re: draft-ietf-bfd-optimizing-authentication-13 nits
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: <27C39AF2-D01F-48C5-A564-B600D1439CAC@gmail.com>
Date: Tue, 23 Jan 2024 13:30:44 -0500
Cc: draft-ietf-bfd-optimizing-authentication@ietf.org, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>, Manav Bhatia <manavbhatia@gmail.com>, Ashesh Mishra <mishra.ashesh@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <923B21A6-0263-4C10-B5AB-AE470F4B5014@pfrc.org>
References: <4F3695C8-3736-4E55-B5BB-84671FDC367E@pfrc.org> <A8D0BCD4-15FA-4061-A7F0-6D888158F5A3@gmail.com> <D3DB82BE-730A-4D7C-88B8-3B309C5AC3B9@pfrc.org> <9CDB2C7B-BAB6-476C-9F12-BFA7EAD6DD60@gmail.com> <478E63ED-1784-4522-96A8-6813A2028F40@gmail.com> <3B169E77-D0E6-4282-9F74-5ED9E0CB45CF@pfrc.org> <27C39AF2-D01F-48C5-A564-B600D1439CAC@gmail.com>
To: Mahesh Jethanandani <mjethanandani@gmail.com>
X-Mailer: Apple Mail (2.3696.120.41.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/dAC_pUj9cCRXiAr50v6n50KTfdw>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2024 18:30:51 -0000

Mahesh,


> On Jan 23, 2024, at 1:18 PM, Mahesh Jethanandani <mjethanandani@gmail.com> wrote:
> 
> I am proposing two config variables that I think that are pertinent to optimized configuration, and I can put a small YANG model that augments BFD YANG model to demonstrates it. They are:
> 
> - optimized-auth flag: A boolean flag, when set to true, the implementation would like to make use of optimized auth for the session in question.

We have two authentications proposed for optimization: NULL and Meticulous Keyed ISAAC.  Were you expecting another leaf and the relevant keychain parameters for these to be defined elsewhere and tied in?

Further, for the bfd-stability feature, we need to have the ability to pick the meticulous authentication that will be used potentially in addition to non-meticulous authentication that might be stronger. 

I think this is pushing us toward having a secondary bit of authentication configured for the session and a selector for the mode of why it's needed: optimized vs. stability.

Working through both use cases will likely drive the outcome.



> - strong-auth-interval: A uint32 value that takes a microsecond value for the interval after which the session MUST try a strong authentication mechanism to prevent a MITM attack. The default value is default value of required-min-rx-interval as defined in the BFD YANG model, times the local-multiplier with a default value of 3 for a total of 3000000.

The danger of saying "pick a reasonable value" is the back and forth of what should be reasonable.  3s is certainly better than doing expensive authentication every 30ms.  Would every 30s?  Every 5m? 

I would recommend something probably in the minute time frame. 

I would also suggest we want text that says "this value will have jitter applied to it to avoid self-synchronization of expensive authentication operations".  Basically, if you presume a system that is doing the expensive thing every N seconds, we don't want it trying to do that expensive thing for every single session all at the same time.

> 
> Both these variables can be protected with a feature statement that implementations will enable if they want to support optimized authentication.

Perfect.

> 
> Is that what you were looking for?

This is the right direction!

-- Jeff

v2.23.0 | Report a Bug | By Email