Re: bfd.AuthType

To: Shahram Davari <davari at broadcom.com>
Subject: Re: bfd.AuthType
From: Vishwas Manral <vishwas.ietf at gmail.com>
Date: Thu, 20 Aug 2009 11:35:50 -0700
Cc: "rtg-bfd at ietf.org" <rtg-bfd at ietf.org>
Delivered-to: rtg-bfd at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=uicRjIVn/5197JzmHftoYxmSHtO7oHoObYeHWHeW5j4=; b=UGoW5312V+fO7YB7xBEcC9N1Gmcgu+m2GepHz/V2cu6GsoIoM8cHcvyE2EB4VX4MmN oc3hhygjaCjv/7JBjcOsLoSdMfcqBc0K4/mgOa8zFReZYYwFUmgEv70nqI7ulm/OrgRi oOa6kbcXJckwn4hbPrpbEXkuJcn1VGY+L8SuA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=tiWvwyKk42PkYSL0sjeiB3Oahqvuh01Gzmm8ImrfKtltP67ory2rjXWjcaoBWCNkqh 1wHjh2zO/ANlEf+v+TYQUXJOAlpfqmaPP81UPEjI+J98yKOrCs/mJCSfRvYR1pyxQIvE wxrtRJS7a5nUnzc6AJe+rt9GRlodIG7dHA7uU=
In-reply-to: <2C2F1EBA8050E74EA81502D5740B4BD68157370BAD at SJEXCHCCR02.corp.ad.broadcom.com>
List-archive: <http://www.ietf.org/mail-archive/web/rtg-bfd>
List-help: <mailto:rtg-bfd-request@ietf.org?subject=help>
List-id: "RTG Area: Bidirectional Forwarding Detection DT" <rtg-bfd.ietf.org>
List-post: <mailto:rtg-bfd@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/rtg-bfd>, <mailto:rtg-bfd-request@ietf.org?subject=unsubscribe>
References: <2C2F1EBA8050E74EA81502D5740B4BD68157370BAD at SJEXCHCCR02.corp.ad.broadcom.com>

Hi Shahram,

Its an interesting way you have put the question.

The way I see it is, if Authentication is enabled on an interface we
expect the packet to have the A-bit set, however if we do not get a
packet with the A bit clear we discard the packet.

There have been issues raised regarding the security in BFD, because
of which we have written another draft. We intend to make meticulously
keyed HMAC-SHA-1 to be a MUST in the future.

Thanks,
Vishwas

On Thu, Aug 20, 2009 at 11:22 AM, Shahram Davari<davari at broadcom.com> wrote:
> Hi,
>
> I have a question regarding Authentication. The BFD reception rules say:
>
>
> "If the A bit is set and no authentication is in use (bfd.AuthType is zero),
> the packet MUST be discarded."
>
> "If the A bit is clear and authentication is in use (bfd.AuthType is
> nonzero), the packet MUST be discarded."
>
> How do we know the value of bfd.AuthType? Is it a configured value or is it
> derived from the "Auth Type" field of the received BFD packets? if it is
> derived from received BFD packets the value zero is reserved for "Auth Type"
> and is not defined.
>
> Any explanations?
>
> Also I noticed that the text says SHA1 is mandatory and others are optional.
> Which SHA1 does it mean? the Keyed or Meticulous Keyed SHA1? Can we change
> then Mandatory to Simple Password?
>
> Thanks,
>
> Shahram

References:
- bfd.AuthType
  - From: Shahram Davari

Prev by Date: bfd.AuthType
Next by Date: Re: bfd.AuthType
Previous by thread: bfd.AuthType
Next by thread: Re: bfd.AuthType
Index(es):
- Date
- Thread

Re: bfd.AuthType

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.