This document has substantial changes from the previous versions, and is the result of a lot of offline work by the authors, in discussion with the chair.
The FNV-based method has been removed. As it turns out, we don't need it. There's no need to authenticate / hash the packets if the sequence number is correct. The text has been updated to fix minor issues, and to clarify a number of issues related to implementation. I think that the text should be fairly close to being final. It would be good to get reviews from the rest of the BFD WG. Test output has been added for for the sequence number calculation. This lets implementors know if they've gotten it correct. One question is whether the document should contain sample code. ISAAC isn't trivial, and it's easy to get it wrong. The GitHub repo includes source code, but is that enough? It would also be useful for people to review the implementation to see if it makes sense. https://github.com/mjethanandani/bfd-secure-sequence-numbers/tree/v10/isaac > On Mar 9, 2023, at 2:53 PM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This Internet-Draft is a work item of the Bidirectional Forwarding Detection > WG of the IETF. > > Title : Secure BFD Sequence Numbers > Authors : Alan DeKok > Mahesh Jethanandani > Sonal Agarwal > Ashesh Mishra > Ankur Saxena > Filename : draft-ietf-bfd-secure-sequence-numbers-10.txt > Pages : 13 > Date : 2023-03-09 > > Abstract: > This document describes a new BFD Authentication mechanism, > Meticulous Keyed ISAAC. This mechanism can be used to authenticate > BFD packets with less CPU time cost than using MD5 or SHA1, with the > tradeoff of decreased security. This mechanism cannot be used to > signal state changes, but it can be used as an authenticated signal > to maintain a session in the the "Up" state. This document updates > RFC 5880. > > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-bfd-secure-sequence-numbers/ > > There is also an htmlized version available at: > https://datatracker.ietf.org/doc/html/draft-ietf-bfd-secure-sequence-numbers-10 > > A diff from the previous version is available at: > https://author-tools.ietf.org/iddiff?url2=draft-ietf-bfd-secure-sequence-numbers-10 > > > Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts > >
