On Jan 21, 2025, at 1:17 PM, Rich Salz via Datatracker <[email protected]> wrote: > This experimental draft defines a new lightweight authentication scheme > intended to prevent only one type of spoofing attack, that a network > connection > is "Up." I think it makes a considered trade-off of the issues around target > deployment and attack prevention and it's nice to see something that > realistically picks a middle road between all-or-nothing and practical > considerations.
Thanks. > Sec 1: I have never heard of the term "meticulous keying" before. The term comes from RFC 5880, which also doesn't define it. I'm not sure that we want to define it in this document. > Sec 3: The MUST in bfd.AuthType is then contradicted by the following > sentence, > so should that be SHOULD? Yes. The text in -20 has been updated to address this comment. > Minor inconsistency: Sec 4 uses "person-in-the-middle" while Sec 14.1 says > "man-in-the-middle" The text in -20 has been updated to address this comment. > Major confusion: are you using ISAAC or ISAAC+ ? ISAAC. The only mentions of ISAAC+ are references to the ISAAC+ paper. All other references are explicitly to ISAAC. Alan DeKok.
