Jeff Pls find in lined
> >No particular offense to you or others on this point, but I must state >something: I've always found the idea of the attack of keeping BFD *up* to >be silly. :-) > >In general, BFD is used for fast-failover, but not on a stand-alone basis. Rajeev> If authentication is compromised, fast-fail over won¹t happen, right?. Any delay in fast-faill over will question BFD. BFD fail-overs are as secure as the auth scheme used. > >Please recall that one of the valid scenarios for authenticated BFD is >non-meticulous authentication. In those scenarios, the same attacks are >possible. Meticulous authentication is intended to address this, but as >you >note in the absence of the cryptographic operation on each packet it is >possible to keep the session up. Rajeev> I recommend, we call out this in draft. That this scheme doesn¹t protect against attacks & fail-over times may be affected in case of an attack. >
