Hi Jeff, > On Oct 29, 2018, at 9:10 AM, Jeffrey Haas <jh...@pfrc.org> wrote: > > Mahesh, > > On Mon, Oct 15, 2018 at 09:24:59PM -0700, Greg Mirsky wrote: >> thank you for your quick response. The comment regarding the state change, >> as I understand from the minutes, came from Jeff. >> Yes, the question was about the periodic authentication in Up state. I >> believe that at the meeting WG arrived at a very good solution and we've >> agreed to make the appropriate changes in the document. I don't think that >> the current version reflects the WG decision that in Up state authenticated >> BFD control packets are transmitted periodically in sets of not less than >> Detect Multiplier. > > I think the text is very close to what we'd likely want. Here's the text in > the current draft: > > : Most frames transmitted on a BFD session are BFD CC UP frames. > : Authenticating a small subset of these frames, for example, a detect > : multiplier number of packets per configured period, significantly > : reduces the computational demand for the system while maintaining > : security of the session across the configured authentication periods. > > Given BFD procedures, I believe we'd normally want to transmit at *least* > Detect Multiplier number of packets to ensure that the remote site has seen > it. > > How about the following text? > > Most frames transmitted on a BFD session are BFD CC UP frames. > Authenticating a small subset of these frames, significantly > reduces the computational demand for the system while maintaining > security of the session across the configured authentication periods. > A minimum of Detect Multiplier packets MUST be transmitted per configured > periodic authentication interval. This ensures that the BFD session should > see at least one authenticated packet during that interval.
Ok. Will update and post once the submission window opens up. > > -- Jeff Mahesh Jethanandani mjethanand...@gmail.com
