Re: BFD Authentication

To: Shahram Davari <davari at broadcom.com>
Subject: Re: BFD Authentication
From: Vishwas Manral <vishwas.ietf at gmail.com>
Date: Tue, 18 Aug 2009 16:01:41 -0700
Cc: "rtg-bfd at ietf.org" <rtg-bfd at ietf.org>
Delivered-to: rtg-bfd at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=/Fj11/BPD7GNoDRi3LpzkAt3/EWc0ZaZ1s+9jcESwk0=; b=SnuTSYqNvjtrnJsjFKpLG2s0ZEDdX8HGDd47pmmXp5dKzxpNcCjFpaJVoquLXRfUhk kQMFgmyTOLQW4hsivXbwWBEq/eU5UhCrowpaCl4E6Er8sM92Qw6D9RefEEEgCEi5c0Zv 9QnGp2nhKS22L2QyEkINEahcQG6EimsjR2RJI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ptRKybXr0TZS18sUKqzz4edrC7hi381rfzFSRqO0/XVQoOktDRLSXMyyCEvJFlmNeG f9U2GqC2GRPhVq6yWyOZD+Vn2GL55A3gDx3e6am0vl7ReB6pFPwSrfockvEUgkXtkL65 3JoCUtF8pNv30ak4s/6WgIxIx1WfDt0cGK+64=
In-reply-to: <2C2F1EBA8050E74EA81502D5740B4BD681573709A9 at SJEXCHCCR02.corp.ad.broadcom.com>
List-archive: <http://www.ietf.org/mail-archive/web/rtg-bfd>
List-help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-post: <mailto:rtg-bfd@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
References: <2C2F1EBA8050E74EA81502D5740B4BD681573709A9 at SJEXCHCCR02.corp.ad.broadcom.com>

Hi Shahram,

I raised issues on the security of BFD a lot of them got resolved in
the base draft itself.
www.ietf.org/mail-archive/web/rtg-bfd/current/msg00480.html
www.ietf.org/mail-archive/web/rtg-bfd/current/msg00488.html

Here is the document we wrote to address the other concern. It also
talks about a way of doing Key Rollovers like you mentioned.

http://tools.ietf.org/html/draft-bhatia-bfd-crypto-auth-00

Thanks,
Vishwas

On Tue, Aug 18, 2009 at 2:48 PM, Shahram Davari<davari at broadcom.com> wrote:
> Hi,
>
> Reading through base draft, it seems that the suggested Authentication
> methods (password, MD5 and SHA1) are all very weak authentications and not
> really used any more. Is it too late to propose another simple but yet
> powerful Authentication such as GMAC?
>
> Also since the Authentication Type is communicated in each packet does it
> mean that it is allowed to change Authentication type in the middle of a BFD
> session?
>
> Thanks,
> Shahram

Follow-Ups:
- Re: BFD Authentication
  - From: Tom Sanders

References:
- BFD Authentication
  - From: Shahram Davari

Prev by Date: Re: BFD Authentication
Next by Date: Re: BFD For MPLS LSPs
Previous by thread: Re: BFD Authentication
Next by thread: Re: BFD Authentication
Index(es):
- Date
- Thread

Re: BFD Authentication

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.