Re: draft-ietf-bfd-secure-sequence-numbers (WGLC for the 3 BFD auth documents and IPR check)

Jeffrey Haas <jhaas@pfrc.org> Wed, 19 June 2024 19:18 UTC

Return-Path: <jhaas@pfrc.org>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A8B3C1D5C4E; Wed, 19 Jun 2024 12:18:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.91
X-Spam-Level:
X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0wbwMn5_QOQ; Wed, 19 Jun 2024 12:18:15 -0700 (PDT)
Received: from slice.pfrc.org (slice.pfrc.org [67.207.130.108]) by ietfa.amsl.com (Postfix) with ESMTP id 7AEA0C1D5C41; Wed, 19 Jun 2024 12:18:15 -0700 (PDT)
Received: from smtpclient.apple (172-125-100-52.lightspeed.livnmi.sbcglobal.net [172.125.100.52]) by slice.pfrc.org (Postfix) with ESMTPSA id CA3FC1E039; Wed, 19 Jun 2024 15:18:14 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.8\))
Subject: Re: draft-ietf-bfd-secure-sequence-numbers (WGLC for the 3 BFD auth documents and IPR check)
From: Jeffrey Haas <jhaas@pfrc.org>
In-Reply-To: <06AACF6F-095A-4DE4-BAEB-140E27FA8E1B@deployingradius.com>
Date: Wed, 19 Jun 2024 15:18:14 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <E9B118B6-7C36-4829-BA1A-B6BA7C608339@pfrc.org>
References: <588053236.815879.1717464587414.ref@mail.yahoo.com> <588053236.815879.1717464587414@mail.yahoo.com> <1639367502.3014024.1718291081026@mail.yahoo.com> <06AACF6F-095A-4DE4-BAEB-140E27FA8E1B@deployingradius.com>
To: Alan DeKok <aland@deployingradius.com>
X-Mailer: Apple Mail (2.3696.120.41.1.8)
Message-ID-Hash: HV7ESUBNYJF7QVYP7U2Y4P5ENBWBMBUT
X-Message-ID-Hash: HV7ESUBNYJF7QVYP7U2Y4P5ENBWBMBUT
X-MailFrom: jhaas@pfrc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rtg-bfd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Reshad Rahman <reshad@yahoo.com>, BFD WG <rtg-bfd@ietf.org>, "draft-ietf-bfd-secure-sequence-numbers@ietf.org" <draft-ietf-bfd-secure-sequence-numbers@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection" <rtg-bfd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/hZzOYhl6Ef1LAi-XLKuqU5nBcc8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Owner: <mailto:rtg-bfd-owner@ietf.org>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Subscribe: <mailto:rtg-bfd-join@ietf.org>
List-Unsubscribe: <mailto:rtg-bfd-leave@ietf.org>


> On Jun 13, 2024, at 2:49 PM, Alan DeKok <aland@deployingradius.com> wrote:
> 
> On Jun 13, 2024, at 11:04 AM, Reshad Rahman <reshad=40yahoo.com@dmarc.ietf.org> wrote:
> 
>> Section 6
>> 
>>  - "The Auth Type field MUST be set to TBD1 (Meticulous Keyed ISAAC)". There is no IANA registration for just ISAAC anymore, so it will be one of the 2 auth types from optimizing-authentication?
> 
>  It may be best to update the IANA section of this document to define Meticulous Keyed ISAAC.  That way everything is in one document.

The dependencies we have are:
1. The optimized auth document primarily adds the reauth-interval leaves needed for the optimization procedure.  To be effective, it needs the identities for the new optimized types.
2. The optimized auth draft is currently where the YANG identities for the keychain live.  We could move those, but this creates an additional module dependency for the identities only.
3. The optimized auth draft defines the Auth Type codes.

... and the hard one...

4. The iana-bfd-types update lives in appendix a of the optimizing-authentication module.

It'd be appropriate to define the Auth Type codes for the optimized isaac modes in the secure sequence numbers draft.

The secure sequence numbers draft doesn't define any YANG module currently.  It could, but it'd just be adding a module that defined those identities. 

The true headache here is 4.  If we were intending to add exactly one set of auth types in one module, this is/was easy.  I've suggested moving the yang identity to the stability draft since that's severable from the auth type work.  However, we need to update the iana module once.  Otherwise, we have an ordering issue of which "commit" hits iana in which order.

One method to deal with this is to split all of these dependencies into a new draft whose purpose is just to do the iana registrations for the identities, auth types and iana module update.  Each of the other drafts gets an additional dependency to this new draft.

Lots of ugly choices here.


-- Jeff




> 
>  Alan DeKok.