Re: [secdir] sec-dir review of draft-ietf-bfd-unsolicited-11.txt
Naiming Shen <naiming@zededa.com> Thu, 08 December 2022 23:07 UTC
Return-Path: <naiming@zededa.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1CEBC14E514 for <secdir@ietfa.amsl.com>; Thu, 8 Dec 2022 15:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zededa.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FwkUEyYpiArb for <secdir@ietfa.amsl.com>; Thu, 8 Dec 2022 15:06:58 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBE33C14F735 for <secdir@ietf.org>; Thu, 8 Dec 2022 15:06:58 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id u5so2981919pjy.5 for <secdir@ietf.org>; Thu, 08 Dec 2022 15:06:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zededa.com; s=google; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=58vKvERaYD1OiS8G2/rWnISPW0e9YLdfYodKD1zEcKE=; b=DJ1qOmDCVAtEGwtBrxRbzLOx7TTKYDrcYgFp3E3ind+BoA7ruKPi2lMnuHQU3Uh6ST cIIOCqJo89TH5spfk3W7GoKzckjMIBLgRePy/OBcYwWYmUNDTVXnx33XrhYQScHNeaYw F7kAhXq76gBFqeSFkDWGIHSfNx4DRR6sZsZLfQnL7m8OPN4NHeevgrCdSIxn4K+Dk5jY RB9bJIz17WsrqLf3FqPm115676fNIddL/qhKp+tm1juW+rWYlUN7D/jGnn2v+QWC/FZN rvjgtby6touGCZkYPkEPlF5kOgIy4j4QqVv+m8c87xvbnK6JBzaIMq4UzlTz+NSWORfA cMrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=58vKvERaYD1OiS8G2/rWnISPW0e9YLdfYodKD1zEcKE=; b=vudGhdw45jyPdu7yvF9/fMy/rGKzrOzjE+evCcW1UTIt6PL46nFW+9wrgjH6B+KiTQ kJ17SxwJWWgANp5318w30Fg/PhVcshTwZK76KiFRw3Duicu2wKLz/KvmAv8bsOo6ajxX yraaYbndxSY0lqI/M4mB0JwhpmDcYTDouH5CMIrK11aiG35iuIUcbp/Zl4qZ/Gq6tgCE Tf6VFEf84VmBBjtfddID5UdWHLAcjVFmroyJsQXwZIc6ll827SwFU1UI39yeA1EGq6C9 jMPcUfY0oQpSfByM1uUoBT3ePqMckRVTKVbdFv0MCSc1LULa/J3ewKlqAlugJBVC80Ss fEiw==
X-Gm-Message-State: ANoB5pmqILDgoKkwahEEaUMza4H8aTG5xe8UwrUg7bmFCVEtosR5JRaW 7tIDYczds7/hwqMPvkwXuZ6iFA==
X-Google-Smtp-Source: AA0mqf6ney1q7Kkf/apXJrdoxOqWtUppOr4ZUuQmFsC4Fi3i9lTVySX2j7TyXLjj8TWypU95RDG1UA==
X-Received: by 2002:a17:902:a588:b0:186:cb66:d7a5 with SMTP id az8-20020a170902a58800b00186cb66d7a5mr3460720plb.32.1670540818173; Thu, 08 Dec 2022 15:06:58 -0800 (PST)
Received: from smtpclient.apple (c-147-92-91-106.rev.sailinternet.net. [147.92.91.106]) by smtp.gmail.com with ESMTPSA id p10-20020a170902e74a00b00186acb14c4asm17174654plf.67.2022.12.08.15.06.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Dec 2022 15:06:57 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Naiming Shen <naiming@zededa.com>
In-Reply-To: <sjmv8mvtdfn.fsf@securerf.ihtfp.org>
Date: Thu, 08 Dec 2022 15:06:55 -0800
Cc: iesg@ietf.org, secdir@ietf.org, bfd-chairs@ietf.org, enchen@paloaltonetworks.com, Robert Raszuk <robert@raszuk.net>, reshad@yahoo.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <C6EFEF75-BB30-4308-A655-6879609D14F1@zededa.com>
References: <sjmv8mvtdfn.fsf@securerf.ihtfp.org>
To: Derek Atkins <derek@ihtfp.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/xiZ3-UxSr4BE0gjrZXL0eNy5fEA>
Subject: Re: [secdir] sec-dir review of draft-ietf-bfd-unsolicited-11.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2022 23:07:03 -0000
Hi Derek, Thanks for the review and comments. This draft in section 7.1 just references to the RFC 5880 for the defined authentication mechanisms in the protocol. Maybe in this draft, we should drop the reference to a specific algorithm, and just say “stronger authentication mechansim SHOULD be used”, in case BFD protocol has more algorithm definitions later. Cheers, - Naiming > On Dec 1, 2022, at 06:18, Derek Atkins <derek@ihtfp.com> wrote: > > Hi, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written with the intent of improving > security requirements and considerations in IETF drafts. Comments > not addressed in last call may be included in AD reviews during the > IESG review. Document editors and WG chairs should treat these > comments just like any other last call comments. > > Summary: > > * Ready to Publish > > Details: > > * Is "Meticulous Keyed SHA1" secure, given the known weaknesses of SHA1? > > -derek > > -- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant
- [secdir] sec-dir review of draft-ietf-bfd-unsolic… Derek Atkins
- Re: [secdir] sec-dir review of draft-ietf-bfd-uns… Naiming Shen
- Re: [secdir] sec-dir review of draft-ietf-bfd-uns… Reshad Rahman
- Re: [secdir] sec-dir review of draft-ietf-bfd-uns… Uri Blumenthal
- Re: [secdir] sec-dir review of draft-ietf-bfd-uns… Jeffrey Haas