Mahesh, Thanks for the update to the document. Here are a few comments on it.
On Tue, Sep 29, 2015 at 11:09:46PM -0700, Mahesh Jethanandani wrote: > This version of the draft addresses concerns that were raised in IETF 92. > The change is to carry a sequence number in every packet of BFD. Carrying > a sequence number for authentication reasons is not new, but with > selective authentication it helps detect MITM attack and has the benefit > of detecting lost BFD frames. The NULL auth carries overlap with draft-ashesh-bfd-stability. The contents and semantics are a bit different. The two documents will have to be reconciled with each other. FWIW, I think the idea of supporting the session with null-auth is a good one. A place where I think the document needs to be more proscriptive is about *when* you use the more aggressive crypto. As I was working through the possible modes, it almost seems as if anything that is intended to alter the BFD Control packet prior to the Authentication section is a good idea. I suspect Poll sequences are the most impacted by such logic. At some point if the generic crypto draft resurrects we'll also have to accommodate this proposal in it. What's your intention for the document? Time to ask for adoption? -- Jeff
