Hi,I think this is an interesting draft. It is quite common that we have make a trade off between performance and security. Support for the adoption. ^_^
Some comments and questions: 1) discuss which types of frames MUST be authenticated and which ones SHOULD be authentication. 2) There is a discussion about how the sequence number should be increased in RFC5880, maybe you could follow that one and so avoid any unnecessary confusion. 3) Q: since in this solution, only a small number of frames need to be authenticated, maybe we could consider again to use SHA-2 since the influence in the performance brought by the strong algorithms will no longer be that serious. 4) Q: do you plan to propose a negotiation mechanism for the peers to decide the frames which should be authenticated? If not, please clarify this part of work is out of scope. Cheers Dacheng 在 15-11-21 下午6:29, "Rtg-bfd on behalf of Marc Binderberger" <[email protected] on behalf of [email protected]> 写入: >Hello Reshad and authors (and BFD experts on the list), > >it's a smart idea so I support the WG support ;-) > >But reading the document: it's at this point mainly outlining an idea and >I >would expect more details to allow for interoperable implementations. > > >Regards, Marc > > > > > >On Fri, 20 Nov 2015 12:03:25 +0000, Reshad Rahman (rrahman) wrote: >> BFD WG members, >> >> Please indicate to the WG mailing list whether you would support or not >> support BFD WG adoption of the following document. >> >> https://datatracker.ietf.org/doc/draft-mahesh-bfd-authentication/ >> >> Authors, as was mentioned at IETF94, you should get your proposal >>reviewed >> by the security group. >> >> Regards, >> Jeff & Reshad.
