> On Oct 30, 2025, at 8:56 AM, Alan DeKok <[email protected]> wrote:
>
> On Oct 29, 2025, at 5:34 PM, Deb Cooley <[email protected]> wrote:
>>
>> Wait, let me attempt to rephrase this... if you are using MD5, SHA-1 or
>> whatever w/ sequence numbers, then it has to be meticulous. That definitely
>> does not come across in Section 6. Here is my attempt to clarify the
>> paragraph:
>> ...
>> I will freely admit that the above is one hell of a long sentence... Feel
>> free to fix that.
>
> Perhaps inverting the sense would work:
>
> BFD has a number of operational modes which are subject to attacks.
> Sessions using NULL authentication are vulnerable to trivial forgery.
> Sessions using Simple Password authentication expose the password for all to
> see, and are also vulnerable to forgery. Even packets using MD5 or SHA-1
> authentication can be trivially replayed when a non-meticulous mode is used.
> As such, when MD5 or SHA-1 pr any other authentication is used, it MUST be
> used in a Meticulous Keyed mode. Authentication types that provide for
> meticulously increasing sequence numbers can also be used, such as Meticulous
> Keyed ISAAC for BFD Authentication [I-D.ietf-bfd-secure-sequence-numbers]."
I think that's moved from discussing why we need meticulous to support
stability measurement and distracting us with other security properties.
Proposed:
Theory of Operation
This mechanism allows operators to measure the loss of BFD control packets. A
BFD authentication type carrying a meticulously increasing sequence number is
required to support this loss measurement. Authentication types that provide
for meticulously increasing sequence numbers include:
* Meticulously Keyed MD5 and SHA1, defined in RFC 5880.
* Meticulously Keyed ISAAC, defined in ietf-bfd-secure-sequence-numbers
* The NULL authentication mechanism, which does not provide for authentication
but carries a meticulously increasing sequence number, defined in this document.
Other authentication types that provide for meticulously increasing sequence
numbers appropriate for this mechanism may be defined in future specifications.
-- Jeff
