ship it. Deb
On Thu, Oct 30, 2025 at 9:31 AM Jeffrey Haas <[email protected]> wrote: > > > > On Oct 30, 2025, at 8:56 AM, Alan DeKok <[email protected]> wrote: > > > > On Oct 29, 2025, at 5:34 PM, Deb Cooley <[email protected]> wrote: > >> > >> Wait, let me attempt to rephrase this... if you are using MD5, SHA-1 > or whatever w/ sequence numbers, then it has to be meticulous. That > definitely does not come across in Section 6. Here is my attempt to > clarify the paragraph: > >> ... > >> I will freely admit that the above is one hell of a long sentence... > Feel free to fix that. > > > > Perhaps inverting the sense would work: > > > > BFD has a number of operational modes which are subject to attacks. > Sessions using NULL authentication are vulnerable to trivial forgery. > Sessions using Simple Password authentication expose the password for all > to see, and are also vulnerable to forgery. Even packets using MD5 or > SHA-1 authentication can be trivially replayed when a non-meticulous mode > is used. As such, when MD5 or SHA-1 pr any other authentication is used, > it MUST be used in a Meticulous Keyed mode. Authentication types that > provide for meticulously increasing sequence numbers can also be used, such > as Meticulous Keyed ISAAC for BFD Authentication > [I-D.ietf-bfd-secure-sequence-numbers]." > > I think that's moved from discussing why we need meticulous to support > stability measurement and distracting us with other security properties. > > > Proposed: > Theory of Operation > > This mechanism allows operators to measure the loss of BFD control > packets. A BFD authentication type carrying a meticulously increasing > sequence number is required to support this loss measurement. > Authentication types that provide for meticulously increasing sequence > numbers include: > > * Meticulously Keyed MD5 and SHA1, defined in RFC 5880. > * Meticulously Keyed ISAAC, defined in ietf-bfd-secure-sequence-numbers > * The NULL authentication mechanism, which does not provide for > authentication but carries a meticulously increasing sequence number, > defined in this document. > > Other authentication types that provide for meticulously increasing > sequence numbers appropriate for this mechanism may be defined in future > specifications. > > -- Jeff > >
