Hi Stephen, Thanks for the review!
> > - Section 11: I've had discussions with people from time > to time about BFD and security. I think I've heard the > claim made that authentication was too expensive. (Note: > I am not saying that I accept that as a valid claim, but > that's a different issue:-) Anyway, wouldn't the same > issues apply here if they do to classical BFD? If not, > There is a subtle difference -- with SBFD you may NOT send periodic BFD packets every milli-second, the way its done in traditional BFD. > great, and I'll quote you next time someone says crypto > is too expensive. But if such claims are also to be made > here, then why would you be specifying something that > will not be used? > > - Do the implementations that are in-progress implement > the BFD authentication schemes for S-BFD? > I have no idea about implementations that are in-progress. I'll let my co-authors chime in if they are aware of something. > > - Why not recommend that the weaker options from rfc5880 > not be used? At least saying to not send passwords in > clear over networks would be a good thing. > Most people use clear text passwords to avoid sessions coming up because of configuration issues and not necessarily to "protect" their sessions. There is thus a value in retaining clear text passwords. Cheers, Manav
