Early Review of draft-ietf-bfd-secure-sequence-numbers-18
review-ietf-bfd-secure-sequence-numbers-18-secdir-early-salz-2025-01-21-00
| Request | Review of | draft-ietf-bfd-secure-sequence-numbers-18 |
|---|---|---|
| Requested revision | 18 (document currently at 27) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2025-02-04 | |
| Requested | 2025-01-07 | |
| Requested by | Reshad Rahman | |
| Authors | Alan DeKok , Mahesh Jethanandani , Sonal Agarwal , Ashesh Mishra , Jeffrey Haas | |
| I-D last updated | 2025-12-01 (Latest revision 2025-10-16) | |
| Completed reviews |
Secdir Early review of -18
by Rich Salz
(diff)
Rtgdir IETF Last Call review of -18 by Ben Niven-Jenkins (diff) Opsdir Early review of -18 by Yingzhen Qu (diff) Genart IETF Last Call review of -22 by Mallory Knodel (diff) Yangdoctors IETF Last Call review of -24 by Acee Lindem (diff) |
|
| Comments |
This document is now experimental and I would like a SECDIR review before it is passed on to the responsible AD. It goes hand-in-hand with draft-ietf-bfd-optimizing-authentication so it may be a good idea to have the same reviewer as for https://datatracker.ietf.org/doc/review-ietf-bfd-optimizing-authentication-16-secdir-early-farrell-2024-06-17/ |
|
| Assignment | Reviewer | Rich Salz |
| State | Completed | |
| Request | Early review on draft-ietf-bfd-secure-sequence-numbers by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/n2gQiGAdC3nmnUvcUbHg4unoQ_4 | |
| Reviewed revision | 18 (document currently at 27) | |
| Result | Has nits | |
| Completed | 2025-01-21 |
review-ietf-bfd-secure-sequence-numbers-18-secdir-early-salz-2025-01-21-00
I was assigned a SECDIR early review of this document. This experimental draft defines a new lightweight authentication scheme intended to prevent only one type of spoofing attack, that a network connection is "Up." I think it makes a considered trade-off of the issues around target deployment and attack prevention and it's nice to see something that realistically picks a middle road between all-or-nothing and practical considerations. Sec 1: I have never heard of the term "meticulous keying" before. Sec 3: The MUST in bfd.AuthType is then contradicted by the following sentence, so should that be SHOULD? Minor inconsistency: Sec 4 uses "person-in-the-middle" while Sec 14.1 says "man-in-the-middle" Major confusion: are you using ISAAC or ISAAC+ ?