Re: I-D Action: draft-ietf-bfd-optimizing-authentication-10.txt

"Reshad Rahman (rrahman)" <rrahman@cisco.com> Thu, 23 July 2020 15:53 UTC

Return-Path: <rrahman@cisco.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D62723A0AAD for <rtg-bfd@ietfa.amsl.com>; Thu, 23 Jul 2020 08:53:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.62
X-Spam-Level:
X-Spam-Status: No, score=-9.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=e7tS9VsW; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=UYV3QXIS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyIRNfNT0VZT for <rtg-bfd@ietfa.amsl.com>; Thu, 23 Jul 2020 08:53:10 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B97A3A0AAA for <rtg-bfd@ietf.org>; Thu, 23 Jul 2020 08:53:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=428; q=dns/txt; s=iport; t=1595519590; x=1596729190; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=RrFmxD4OvRsfg2D4E++SHlS6YfNjte4nsFtNG5/y4Pg=; b=e7tS9VsWk6sYRsOrXEBqVbmag/6OehBxXaBhjpD3rHWhxuVEecj96J/R wDtt0WklgylSKPWYj25fkN2yMA1wYRvUIygyZLnUqFgDBaunBEohdw9+P 9VJvbMq+eDXKwt55fcT+Z2qeS4bks/cN3Czw+mA3uTCVRxiQ+D6TMM6mQ Q=;
IronPort-PHdr: =?us-ascii?q?9a23=3AqJ+t2hxhVv9EL9fXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5ZRWFt+1jllSPWp/UuLpIiOvT5qbnX2FIoZOMq2sLf5EEUR?= =?us-ascii?q?gZwd4XkAotDI/gawX7IffmYjZ8EJFEU1lorGm1K0MTH9zxNBXep3So5msUHR?= =?us-ascii?q?PyfQN+OuXyHNvUiMK6n+C/8pHeeUNGnj24NLhzNx6x6w7Ws5ob?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0C7BQBCsRlf/5xdJa1gHAEBAQEBAQc?= =?us-ascii?q?BARIBAQQEAQFAgUqBUlEHgUcvLAqEKYNGA40smQSCUwNVCwEBAQwBAS0CBAE?= =?us-ascii?q?BhEwCF4IDAiQ4EwIDAQELAQEFAQEBAgEGBG2FXAyFcgIBAxIREQwBATcBDwI?= =?us-ascii?q?BCA4MAiYCAgIwFRACBAENJ4MEgkwDLgGjCwKBOYhhdoEygwEBAQWFKhiCDgm?= =?us-ascii?q?BDiqCbINVgi+EBBqBQT+BOAwQgk0+hD2DFjOCLZIgPaJ/CoJdmWkDHoJpAZx?= =?us-ascii?q?xkg6fDAIEAgQFAg4BAQWBaiOBV3AVZQGCPlAXAg2OHoNxilZ0NwIGCAEBAwl?= =?us-ascii?q?8jgIBgRABAQ?=
X-IronPort-AV: E=Sophos;i="5.75,387,1589241600"; d="scan'208";a="786091208"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Jul 2020 15:53:08 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 06NFr3ZW023644 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 23 Jul 2020 15:53:07 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 23 Jul 2020 10:53:05 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 23 Jul 2020 10:53:04 -0500
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 23 Jul 2020 10:53:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NKA5Rmpw79uMv48++R7zXwd3XpmFCEb6cWq+tReYkjk8pi6xQbLV/S8FIg8TRh6SVNKgTlz466XHbcHYSxSlQIkVkxRGAfeSBXxAFoTWbWk3v6Q5d46nwJoyy3Di5zTSXggvO74M3Sjjm2eJ9iRHt319FNi9BLXkDQwLFt7arA+N0VKszdvBxj/+MHmaDlvPdRGjX8Gm6aS01HjVpd8yk6C8vmL9pbvErrLzC9HwTbMzmv/FCmjUukX65WfHG7BUlHPLRMzjVmlanmQHRbS8pxQSFbHZux1ffYZYtJhd2FlbcHaEJ7KVRnJO8YSJGfxP6FZtLYN3MiLrIrdUO5ALJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RrFmxD4OvRsfg2D4E++SHlS6YfNjte4nsFtNG5/y4Pg=; b=eTc8qFjA0yVCxlm5k0ps4K7u7kA1q+B8GuVKPYqqwcIhlf/FJhi/1nXjLy64b6jwejcn8KT5/KHBMsjvVlkHzG8E8Y77/NlEusqAL1dXFgGgMV9ohWllTuNXXAVmwClRz8cbokjAGw/w/bPWdDLllvgSr+hh2tDsfj9CIsWv4Y1+NZdrRxtLlDTGaqKdWG5ioAS0KRFWMEEkYj9FDzpMuK0ishGQLnHwf0A/oCIagljxzL3gztvJsmEbpd7+HhPjX7wRyJKLVS+QsXTaOCn87A48ANekeLNQ5kAnBDx5xaaIi5Xsd7dUrW9t9o6fsjBcsLAMtWKdpZ8RoEU8rd9dwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RrFmxD4OvRsfg2D4E++SHlS6YfNjte4nsFtNG5/y4Pg=; b=UYV3QXISi1WJV0okOmegGkMswRdlQWV+1eb454vTRL5aTGSEYb+Aah4y8qt7fMEcDEhy7KhZoheVtEFEwH1mrXUwvePipV6lzqilukLf5YGbndLGt+WwGvzlk/t7hzTK/EcZ0VGs9c92Zi1peDJMrTjoGFdozimeEeZvHSWNAlc=
Received: from BN6PR11MB3875.namprd11.prod.outlook.com (2603:10b6:405:80::37) by BN6PR11MB1986.namprd11.prod.outlook.com (2603:10b6:404:3c::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.23; Thu, 23 Jul 2020 15:53:03 +0000
Received: from BN6PR11MB3875.namprd11.prod.outlook.com ([fe80::3076:a505:335e:a8ff]) by BN6PR11MB3875.namprd11.prod.outlook.com ([fe80::3076:a505:335e:a8ff%6]) with mapi id 15.20.3216.024; Thu, 23 Jul 2020 15:53:03 +0000
From: "Reshad Rahman (rrahman)" <rrahman@cisco.com>
To: Jeffrey Haas <jhaas@pfrc.org>, Manav Bhatia <manavbhatia@gmail.com>
CC: Mahesh Jethanandani <mjethanandani@gmail.com>, "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>
Subject: Re: I-D Action: draft-ietf-bfd-optimizing-authentication-10.txt
Thread-Topic: I-D Action: draft-ietf-bfd-optimizing-authentication-10.txt
Thread-Index: AQHWWUj8estRbnwSu0OXwm1uDoRSlKkF/YUAgAtBV4CAAAsgAIAC2f0AgABcEYCAAMNnAIAACugAgAASwAD//7v1AA==
Date: Thu, 23 Jul 2020 15:53:03 +0000
Message-ID: <4C927D8D-3851-4CBE-8A14-FB1ED0059DF0@cisco.com>
References: <159466724499.14803.15233027731222579839@ietfa.amsl.com> <FC5206AF-9CDB-4CC2-9967-B4BF5A17141B@gmail.com> <20200721004857.GB31779@pfrc.org> <2C632683-57D0-4E40-809E-6A907B38CDB5@gmail.com> <AF1DDAD1-D362-4BCA-A2D6-EB1477BDBDEF@cisco.com> <CAG1kdoifsdnawsB8jhcDMbprQt4e8p0g3rxxD2Wuw+5pH79e1g@mail.gmail.com> <20200723141024.GC6821@pfrc.org> <CAG1kdojpsKVnC1tr6fj7cuxu4wC7TGtx-hyVcDaxf1bJYrfBMA@mail.gmail.com> <20200723155632.GA8728@pfrc.org>
In-Reply-To: <20200723155632.GA8728@pfrc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
authentication-results: pfrc.org; dkim=none (message not signed) header.d=none;pfrc.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [142.113.229.50]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1e14e534-45b8-4ab1-7993-08d82f207bd4
x-ms-traffictypediagnostic: BN6PR11MB1986:
x-microsoft-antispam-prvs: <BN6PR11MB1986F3577E3C46E2CAC5A258AB760@BN6PR11MB1986.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4OWzzIUUKrXPkyQanuCuSCnl47IMgzoBkqRlwhP/BwPolKWF7pEu4P626rFhZTsELGwvKyLpSw9bRP0v1ZhEPL5XyROWB4uSrWMcM+gvT5vNTRzJfuwQf2Y2mM27JGlx8fpgaGLSnW+GPdAfHwHk4XcEecezrdzwjavWXjoIC9/GoNPDWcu+iCTPd06QSAQen2Zej1eHTfK1rmqYJt/bcgryNYM6QfvBo1gVLBZ7MiFF5Ldp7xAOyqVf4SnAWl47MINpsJPy9ZMcvdqHeiQ/DRNSfeOrvB+yHpCQgQq2HvJ7s/qmPZ0uziY5ko59CfR1yjGRiziTCUHlCIKXaV5rMQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB3875.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(376002)(346002)(396003)(136003)(39860400002)(478600001)(36756003)(8676002)(8936002)(4326008)(6506007)(33656002)(71200400001)(2906002)(86362001)(83380400001)(558084003)(6486002)(66446008)(316002)(91956017)(76116006)(54906003)(64756008)(66556008)(66476007)(66946007)(5660300002)(26005)(6512007)(110136005)(186003)(2616005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: N80lcM+A78KLHZNEDNDfS2kMsDPPMdYU17VruZ5zkEdLOCtyTBiHmJrMu0qrJA7uVwcjjtViUZHFW8O33iQcP4kk+OtqzJMPqvC/6bWqsBbdI95PG7Rlb4hKyw84RktXdE8osmVUYKPHZaFO0StRu3n8Oxl7KaRpj8hXqOUHMFlrHYNEkOaoQZOiF1s+mTWA2hNXeGreNjAGoBAiIp+Gd/Xkd4EZJZdiV6EBC9Qry3i6FB1kWiypaHb7Ar7qGYEcZRJ5qGlz2m4zkfcB9NYeUliceitx2s3hCBiJCjawbrdDtxfnYr3/wXSCAi0OkDiLlMkC1ZvGJNozNAytxSeagpqfEu0X2XL1jTQa2S831BUMkRcIdFSoBHils+RZoyK3GWjM4dQgZbSPfn95+w6ILhh4Wf6ieKWF/e/NMZeNQjsXqyI7bPRAMHQ+ItTg0O+u6Ckplfge9A5sOGBzs7VIYpLmHwkos8EJ3LD/3W3VpB1FP/hIQrMGiJhVCvhMDlg3
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3093F25D441C07439E003F19C16CFC5D@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB3875.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e14e534-45b8-4ab1-7993-08d82f207bd4
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2020 15:53:03.5106 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zzljbsc7McRb9bV9aT3NYFgRaeUz6TVHMimN6UoAx/Zs1DrjC9CtFS4VnJpKte/6rUQeQn4ohFSbpbXlWV2dzA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1986
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.12, xch-aln-002.cisco.com
X-Outbound-Node: rcdn-core-5.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/rlCSxTLP3BNsb02LI2Q1DSj6alQ>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 15:53:15 -0000

They most likely will (

    I agree that it adds no additional security per our analysis.  However, I
    expect this dialog to happen with the security ADs.  Their typical answer is
    "if you could secure it, you should".

    If they don't start this conversation, we're done. :-)

    -- Jeff