Re: Comments on Optimizing BFD Authentication

Ashesh Mishra <mishra.ashesh@gmail.com> Sun, 01 April 2018 15:40 UTC

Return-Path: <mishra.ashesh@gmail.com>
X-Original-To: rtg-bfd@ietfa.amsl.com
Delivered-To: rtg-bfd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C6C1126BF6; Sun, 1 Apr 2018 08:40:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Mb8V-joU-Ld; Sun, 1 Apr 2018 08:40:22 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 997181200B9; Sun, 1 Apr 2018 08:40:22 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id l3so15627542iog.0; Sun, 01 Apr 2018 08:40:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=34HRNaTQJa2ql6IbLee/rwt7xck/gc88GyDbd4clXOY=; b=OZvKCg+bmbooxu8CbBwzmfDD+EMTuO7o8D8RxbdqWqyTT3+NSSi4OYHE++hiGscuic 7AMEwMEvA+MLWQ3wxQn/47GQxJnLTsZqY5muMN3zq+o52Q5KunPL/FqVx3jxMsxoNkDa TGnDWWp4NcJgKAuPujbnpLWb6bvwTqDmQAlBDNyOU6+2JjEPW8E8yisW+vw+V0gny//R L8yj/NLyxz7oM/UkklXxXdd2aOoh9dh0EMweG6EUujjns89SRyqZZem5lHE8Q82lHaiX AJri4MGiBapZIS6+I49HvMIFEVrOxzUHd50UMggrdsQ0aPrYMR4Eco6eba0H3NmQpYj1 AwzQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=34HRNaTQJa2ql6IbLee/rwt7xck/gc88GyDbd4clXOY=; b=hwocMwKRMZBbLEs9UtE0plCn6gzTpefxNb+CU3X83W1tBOvFv9ZcvKGYJojbbQz902 acMeM+Y1VeLXGLEaxupm6oopvcoi0ViDZ8vUypCgoRsrblkV6u+b2tBube8Dmn1dL4S6 Ohug52UE0EnLTdKYar4v80rbdPFD26QpW/6d74mdpdc5bJiFQDCGwwnXdNx1feDy8qFe Hrf8smd+PE5eRFbzbRqXujf+6Dzip/1caOR6l0ATVlGsny3sPtFTR37wB5Jw1A4dU8qo QY+qqvdPQQ2XkSf36eBVrINkwd3Yug6wfsEyYRYsRdMEGiT+2wsalqedThpizTEUwTxl 2Qow==
X-Gm-Message-State: AElRT7GzT2GflaoanvmPlpp2Ld21r7TdKcvn9zUylhKMTh73kBwcZ1Gb CH1jsYyGvgWGMd5URNaiSfwkg5tAO4OSb2Hl2wk=
X-Google-Smtp-Source: AIpwx4/H2iR//eND/hTdh9yPcxH7XAY0v8QV/feyC081w+ioVdw+w/oHJTgFW1/EPgp+lhFC+4IbXvpmGghMxdAx9+8=
X-Received: by 10.107.181.72 with SMTP id e69mr5876822iof.267.1522597221859; Sun, 01 Apr 2018 08:40:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.222.3 with HTTP; Sun, 1 Apr 2018 08:40:01 -0700 (PDT)
In-Reply-To: <20180328165736.GD3126@pfrc.org>
References: <20180328165736.GD3126@pfrc.org>
From: Ashesh Mishra <mishra.ashesh@gmail.com>
Date: Sun, 01 Apr 2018 11:40:01 -0400
Message-ID: <CAHDNOD+F0YjUaFfqR20g1DZyqUBnf1ZOhF2BuA3Nb-vue8_oKA@mail.gmail.com>
Subject: Re: Comments on Optimizing BFD Authentication
To: Jeffrey Haas <jhaas@pfrc.org>
Cc: draft-ietf-bfd-optimizing-authentication@ietf.org, rtg-bfd@ietf.org
Content-Type: multipart/alternative; boundary="001a114441ee8b887c0568cb4ad6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-bfd/xNADcQEwSiWt_zw0Z76ShIxhVyI>
X-BeenThere: rtg-bfd@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-bfd/>
List-Post: <mailto:rtg-bfd@ietf.org>
List-Help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Apr 2018 15:40:24 -0000

Inline

On Wed, Mar 28, 2018 at 12:57 PM, Jeffrey Haas <jhaas@pfrc.org> wrote:

> Authors,
>
> Several comments on the draft in no particular order:
>
> ---
>
> The document header says "BFD Authentication".  You should include the word
> "optimizing" somewhere in that. :-)


[AM] Addressed :)


>
>
---
>
> The NULL Auth TLV has a recommended Authentication Type of 0.  While this
> seems like a good idea, it's problematic in a few regards.
>
> RFC 5880 defines the bfd.AuthType variable.  This is basically set using
> the
> received AuthType in the packet when authentication is received.  E.g.:
>
> :    Authentication Present (A)
> :
> :       Set to 1 if authentication is in use on this session (bfd.AuthType
> :       is nonzero), or 0 if not.
>
> Further, section 6.8.6 contains the following:
>
> :       If the A bit is set and no authentication is in use (bfd.AuthType
> :       is zero), the packet MUST be discarded.
>
> My recommendation is to remove the AuthType of 0 and replace it with a TBD
> to be assigned by IANA.  This impacts the IANA Considerations section.


[AM] Good catch! I'll make the change.


>
>
---
>
> Section 3 notes a "Reserved" field.  It notes "multiple keys". This seems
> to
> be missing text describing how it's intended to be used.
>
> [AM] This is a copy-paste error. It should read "This byte MUST be set to
zero on transmit and ignored on receipt."

---
>
>
> There are also a few other issues that require attention, which are largely
> operational considerations:
>
> How do you go about enabling the optimized procedures?  Is it expected to
> be
> via configuration?


[AM] The intention is to be configuration-based (as is with other
authentication methods).


>
>
What are the yang model considerations?  (See prior point.)
>

[AM] I'll let Mahesh comment on this.


>
> -- Jeff
>