IETF Logo Mail Archive

Re: I-D Action: draft-ietf-bfd-secure-sequence-numbers-08.txt

Alan DeKok <aland@freeradius.org> Mon, 26 July 2021 14:35 UTC

Return-Path: <aland@freeradius.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 162E13A1651; Mon, 26 Jul 2021 07:35:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYseowwAaCh5; Mon, 26 Jul 2021 07:35:05 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEC1B3A164F; Mon, 26 Jul 2021 07:35:05 -0700 (PDT)
Received: from [192.168.46.129] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id 3037C168; Mon, 26 Jul 2021 14:35:02 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=freeradius.org
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
Subject: Re: I-D Action: draft-ietf-bfd-secure-sequence-numbers-08.txt
From: Alan DeKok <aland@freeradius.org>
In-Reply-To: <20210726141455.GA32584@pfrc.org>
Date: Mon, 26 Jul 2021 10:35:01 -0400
Cc: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>, Reshad Rehman <reshad@yahoo.com>, draft-ietf-bfd-secure-sequence-numbers@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <211EC22C-F4AB-4FE6-98AB-511C5CE4EB8B@freeradius.org>
References: <106C31C7-4118-4CEE-935A-D0F02183C987@gmail.com> <E9401488-FEE0-4DBD-9415-AA3A1A3B6B1E@yahoo.com> <20210405171412.GB12257@pfrc.org> <4831ADD8-6E8D-4CDD-966F-B273A3AF45C5@freeradius.org> <20210405184656.GE12257@pfrc.org> <468C7D1D-7BE2-4759-9D81-0E18725FCA90@freeradius.org> <20210405190821.GF12257@pfrc.org> <14A4DD6D-7002-45A9-8FE4-42B512E97318@freeradius.org> <D48909A0-D7E9-40DA-83DA-CB0327D2D586@gmail.com> <096BC9E7-8877-4EF3-A94B-394AFE0E76E7@freeradius.org> <20210726141455.GA32584@pfrc.org>
To: Jeffrey Haas <jhaas@pfrc.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/ea-jHRsrapK_wPrt-i-KEvCz56w>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2021 14:35:10 -0000

On Jul 26, 2021, at 10:14 AM, Jeffrey Haas <jhaas@pfrc.org> wrote:
> So, what is needed:
> - A mechanism that can be used with the optimizing authentication extension.
> - That is light weight enough to justify it as being better than existing
>  HMAC MD5 for periodic transmissions.
> - The value of which could be encoded in the BFD Authentication section.

  That should be possible.

> Upon receipt, the BFD neighbor needs to verify the packet.  As currently
> written, the secure sequence number draft seems to suggest a reversible
> mechanism from which the hash packet may be reversed and the sequence number
> determined.  This sequence number is required by the validation procedure
> for BFD sessions.  It's my belief that the form of cryptographic hash
> function we're discussing is a one-way function.

  Yes.

> If it is a one-way function, the receiving procedure can't be to "reverse"
> it.  At best, it can take the PDU as input, try the BFD Detection Multiplier
> number (valid packet sequence window), then see if a hash that is computed
> on the input PDU with the possible sequence numbers yields the received
> sequence number, H, in the PDU.

  Yes.

> This means that the benefit for the feature would require a function that
> can be run on a window of packets for predicted inputs and generate the pool
> of next expected sequence numbers.

  Yes.

  I think a cryptographic random number generator here is likely OK.  Those are usually simple, and fast.  The system can be seeded with a strong secret, or maybe hash of a secret and other information.

  My suggestion to calculate a hash over the packet is that it prevents certain kinds of attacks.  i.e. an attacker could take packet X, and sequence number Y, and put the two together, to spoof / forge state.

  Fixing that requires that the sequence number is somehow tied to a particular packet.

  Alan DeKok.

v2.23.0 | Report a Bug | By Email