Christian, Reshad,
> On Jun 13, 2024, at 12:41 PM, Christian Huitema wrote:
> On 6/13/2024 8:46 AM, Reshad Rahman wrote:
>> Was there any consideration to change the procedure to increment the
>> loss count so that if we get 1-3-2-4, we increment loss count when we
>> receive 3 (2 is deemed l
On 6/13/2024 8:46 AM, Reshad Rahman wrote:
Chiming in late. Inline.
On Monday, June 10, 2024, 12:22:13 PM EDT, Jeffrey Haas
wrote:
Christian,
Thanks for your review. Some of my comments will overlap those from Alan.
On Fri, Jun 07, 2024 at 09:54:57PM -0700, Christian Huitema
Chiming in late. Inline.
On Monday, June 10, 2024, 12:22:13 PM EDT, Jeffrey Haas
wrote:
Christian,
Thanks for your review. Some of my comments will overlap those from Alan.
On Fri, Jun 07, 2024 at 09:54:57PM -0700, Christian Huitema via Datatracker
wrote:
> The authentication sequen
Christian,
On Tue, Jun 11, 2024 at 11:36:13AM -0700, Christian Huitema wrote:
> On 6/11/2024 7:03 AM, Jeffrey Haas wrote:
> >And again, sequence rollover for replay has the presumption that you're
> >using exactly the same contents for the BFD PDU. The procedures for
> >randomizing the Discrimina
On 6/11/2024 7:03 AM, Jeffrey Haas wrote:
And again, sequence rollover for replay has the presumption that you're
using exactly the same contents for the BFD PDU. The procedures for
randomizing the Discriminators provide an appropriate nonce to prevent
replay since the authentication data is
Christian,
On Mon, Jun 10, 2024 at 05:11:17PM -0700, Christian Huitema wrote:
> On 6/10/2024 9:22 AM, Jeffrey Haas wrote:
> >For our authentication purposes, without the presence of some sort of
> >computed digest across the packet, NULL authentication means that an active
> >attacker can knock th
On 6/10/2024 9:22 AM, Jeffrey Haas wrote:
...
In RFC 5880, the specification of Meticulous Keyed MD5 addresses both number
rollover and out of order delivery. The same text is repeated for meticulous
MD5 and meticulous SHA1:
... if the
sequence number lies outside of the range o
Christian,
Thanks for your review. Some of my comments will overlap those from Alan.
On Fri, Jun 07, 2024 at 09:54:57PM -0700, Christian Huitema via Datatracker
wrote:
> The authentication sequence number is a 32 bit field. Such numbers can roll
> over, either after a long duration session or d
Thanks for the comments, Alan.
I understand that the main use of BFD is between directly connected
nodes, but then RFC 5880 says:
BFD can provide failure detection on any kind of path between
systems, including direct physical links, virtual circuits, tunnels,
MPLS Label Switched Path
(removing secdir)
The security analysis is perhaps simplified a bit by understanding the
limited use-case for BFD. From the introduction to RFC 5880:
The goal of Bidirectional Forwarding Detection (BFD) is to provide
low-overhead, short-duration detection of failures in the path
be
10 matches
Mail list logo
