Hi Sonal,
Thanks for the update. But I believe not all comments from ~2 weeks ago (see
attached) have been addressed. E.g. use of “symmetric algorithm” and “shared
secret key” (as opposed to using variations of the same term). Also, section 4
headline is still “Impact of using a hash”, but the text has been changed (hash
-> cyphertext) here.
Regards,
Reshad.
From: Rtg-bfd <rtg-bfd-boun...@ietf.org> on behalf of Sonal Agarwal
<sagarwa...@gmail.com>
Date: Monday, March 8, 2021 at 2:40 PM
To: <rtg-bfd@ietf.org>
Subject: Re: I-D Action: draft-ietf-bfd-secure-sequence-numbers-08.txt
Hi all,
Version 8 of the draft addresses all Shepherd comments.
Regards,
Sonal.
On Mon, Mar 8, 2021 at 11:16 AM <internet-dra...@ietf.org> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Bidirectional Forwarding Detection WG of the
IETF.
Title : Secure BFD Sequence Numbers
Authors : Mahesh Jethanandani
Sonal Agarwal
Ashesh Mishra
Ankur Saxena
Alan DeKok
Filename : draft-ietf-bfd-secure-sequence-numbers-08.txt
Pages : 6
Date : 2021-03-08
Abstract:
This document describes a security enhancement for the sequence
number used in BFD control packets. This document updates RFC 5880.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-bfd-secure-sequence-numbers/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-bfd-secure-sequence-numbers-08
https://datatracker.ietf.org/doc/html/draft-ietf-bfd-secure-sequence-numbers-08
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-bfd-secure-sequence-numbers-08
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
--- Begin Message ---
Hi Mahesh,
Thanks for the response.
Would it be possible to have an updated document when the gates reopen? Please
see inline.
From: Rtg-bfd <rtg-bfd-boun...@ietf.org> on behalf of Mahesh Jethanandani
<mjethanand...@gmail.com>
Date: Tuesday, February 23, 2021 at 3:03 PM
To: Reshad Rahman <res...@yahoo.com>, Jeffrey Haas <jh...@pfrc.org>
Cc: "rtg-bfd@ietf. org" <rtg-bfd@ietf.org>,
"draft-ietf-bfd-secure-sequence-numb...@ietf.org"
<draft-ietf-bfd-secure-sequence-numb...@ietf.org>
Subject: Re: Shephered writeup for draft-ietf-bfd-secure-sequence-numbers
Hi Reshad,
I never really received this e-mail, till Sonal forwarded it to me.
<RR> You have to remove my name from the spam sender list 😊
Anyway, here are our responses to the comments you have provided. Please see
inline with [mj].
Hi Sonal, authors,
Thanks for the document update. Main comments:
Hash has been replaced by symmetric algorithm, to be able to retrieve the
sequence number at the receiving side, this is good.
Section 3 mentions that the symmetric key is provisioned securely on sender and
receiver, but there is no mention of provisioning of the algorithm/function.
Also there is no mention of what algorithms to use, is this on purpose since
what’s good today will not be recommended tomorrow? Should we at least say “do
not use DES” or too obvious?
[mj] I believe this is a question for the WG, and maybe something we can bring
up in the upcoming meeting, if it is not answered on the mailing list. Would
the WG prefer that a (set of) algorithms MUST be defined to ensure
interoperability, or is this something we should leave up to
implementors/operators to agree? We are concerned what we define today might be
obsoleted tomorrow.
<RR> it would be good to have an update on this document at the upcoming
meeting. Having a MUST set of algorithms has the drawback you mentioned.
Letting implementors/operators agree is fine but I think we still need a
suggested list (as of 2021) for interop. And I believe we need some text in the
document wrt provisioning the algorithm.
Was there any discussions/thoughts on using asymmetric encryption instead (I
didn’t follow this document when it started)? It avoids the pain of having a
shared secret. I’m not saying we should go with asymmetric, just wondering.
[mj] We chose symmetric because that is what 5880 talks about.
<RR> Good with me. I’ll defer to security experts.
For the key, the terms “symmetric key”, “shared secret key” and “shared key”
are used, settle on one for clarity (I believe it should be “shared key” or
“shared secret”?)
[mj] Ok. How about “shared secret key”?
<RR> Good.
For the algorithm, the terms “symmetric key algorithm”, “symmetric algorithm” ,
“symmetric encryption algorithm”, “symmetric decryption algorithm” are used.
Again, pick 1 “symmetric algorithm”?).
[mj] Ok. We will pick “symmetric algorithm”.
<RR> Good.
The term “hash” is still used e.g. in section 4 header
[mj] That is deliberate. We use “hash” when we refer to the value that is
calculated over the entire packet and appended as a value at the end of the
packet. That is different from ciphertext, which is the value after applying
the symmetric algorithm on the sequence number and inserted in-lieu of the
sequence number before the hash is calculated.
<RR> Section 4 header still uses the term “hash” but the text in that section
has been changed to “cyphertext”, I believe this is an oversight.
Security is not my expertise. Should we get a security review asap, as opposed
to waiting for IESG review. Jeff/Martin?
[mj] It would not be a bad idea, although we do have a security expert as a
co-author on the draft :-)
<RR> It would seem you’re covered then.
Diagram chains are clearer now.
Sequence number validity as described at the bottom of page 3 and on P4 (at the
end of section 3). RFC5880 sections 6.7.3 and 6.7.4 describe that received
sequence number should be between bfd.RcvAuthSeq(+1) to
bfd.RcvAuthSeq+(3*Detect Mult) inclusive. I don’t see why this has to be
changed for secure sequence numbers.
[mj] We will just refer to 5880.
<RR> Good.
Jeff’s comment regarding “The first sequence number can be obtained…” in
section 3. I believe the text is incorrect. RFC5880 sections 6.7.3 and 6.7.4
explain how the first sequence number is obtained (using bfd.AuthSeqKnown and
bfd.RcvAuthSeq).
[mj] Ditto.
<RR> Good.
Regards,
Reshad.
Nits:
Section 4: s/”while encryption/decryption”/”while doing encryption/decryption”/
[mj] Ok.
What does “non linear” mean in “monotonically increasing (but non linear)
sequence number”?
[mj] A monotonically increasing number is just that, an increasing number, but
it does not have to be linear. See the diagram below. That is why the mention
of non-linear.
Section 7: s/Jeff Hass/Jeff Haas/
[mj] Will fix :-). Thanks
Regards,
Reshad.
Mahesh Jethanandani
mjethanand...@gmail.com
--- End Message ---
