Greg,
> On Apr 14, 2023, at 6:23 PM, Greg Mirsky <[email protected]> wrote: > > Hi Jeff, > thank you for your kind consideration of the proposal. Indeed, leaving a > chunk of memory unchanged is a privacy issue. As I understand the proposal, > none of the fields defined in RFC 5880 for the BFD Control message is used > for demultiplexing BFD sessions and/or packet validation. Is that correct? The Discriminator field is used for demux. Authentication is utilized, if present. > If that is the case, what is the need to use the BFD Control message > altogether? And one more step, What is the benefit of using a well-known BFD > Echo UDP port number? I believe that using a well-known port increases the > security risk rather than bringing any benefits. From what I understand in > the application of the mechanism, the sender can use a UDP port number > assigned from the dynamic/private range of port numbers. And the payload can > be anything, i.e., filled with bit pattern randomly chosen by the Sender. Am > I missing something? Please note you're trying to fight up the slope of the mountain. This feature exists and has long been shipping in various forms already. Our goal here is to try to take the less precise descriptions of the feature and apply some IETF rigor to it. Thanks for helping with that effort. Recall that the point is that using the BFD echo port in packet loopback mode and sending BFD Async packets within it is largely "talking to yourself". The device running this proposal is still running BFD, using as much of the BFD Async machinery as makes sense in the mode. The time fields are, as you note, useless. However, the authentication, discriminator fields let an implementation still do demux and authentication without having to write new code. BFD Echo mode was intentionally underspecified to allow implementations to decide what they're going to put in the packets. Implementation considerations of BFD Echo have always had the concerns for: - Is this packet actually sourced by the implementation - Is spoofing happening - How do you handle demux when there might be multiple sessions? The fact that this information is part of the BFD control messages has clearly been a convenience to multiple implementations of Echo. This document simply formalizes one flavor of it. -- Jeff
