On Apr 28, 2022, at 5:37 AM, Gļebs Ivanovskis wrote:
> Thank you for the pointer. It seems that the "secure sequence numbers" draft
> makes the same mistake as RFC 5880 of putting bfd.AuthSeqKnown and
> bfd.RcvAuthSeq manipulations before FNV-1a digest calculation in Section 7.
> "Meticulous Ke
On Apr 27, 2022, at 7:58 PM, Greg Mirsky wrote:
> you've suggested
> It would be good to say that packets which fail authentication MUST NOT
> affect the BFD state.
> I think that a BFD Control message that failed validation, and I consider
> authentication is a part of the validation process, M
Hi, Alan!
Furthermore, I would like to suggest going back to original ordering with digest/hash
verification being done before examining Sequence Number, because it simplifies the
algorithm. I don't think that checking Sequence Number first provides much protection
against CPU exhaustion attac
Hi Alan,
you've suggested
It would be good to say that packets which fail authentication MUST NOT
affect the BFD state.
I think that a BFD Control message that failed validation, and I consider
authentication is a part of the validation process, MUST be discarded. If
the number of consecutively d
On Apr 25, 2022, at 6:23 AM, Gļebs Ivanovskis wrote:
> I have a question regarding the order of operations during receipt of BFD
> control packet using keyed MD5/SHA1 authentication. Both Section 6.7.3.
> "Keyed MD5 and Meticulous Keyed MD5 Authentication" and Section 6.7.4. "Keyed
> SHA1 and M
