Alan, > On Jan 17, 2024, at 10:18 AM, Alan DeKok <[email protected]> wrote: > > OK, I've pushed my latest set of changes which address all open concerns.
In that push: + <t>It is RECOMMENDED that implementations periodically use a + strong Auth Type for packets which maintain the session in an Up + state. We offer no advice here as to how often that signalling + should be done. From a practical point of view, if both parties + are using Meticulous Keyed ISAAC and the stream of pseudo-random + numbers continues to be correct, then the link must be up, and + the other party must be authentic. The rest of the BFD packet + contents then serve to maintain the BFD state machine, which is + external to the ISAAC authentication.</t> + + <t>When a system switches from using Meticulous Keyed ISAAC to a + different Auth Type method during a session, it MUST do so only + for a small number of packets. It is RECOMMENDED that only one + such packet is sent, and the system can then switch back to + using Meticulous Keyed ISAAC on the next packet which signals + that the session remains in the Up state.</t> + + <t>The nature of the Meticulous Keyed ISAAC method means that + there is no issue with this switch. From the point of view of + the Meticulous Keyed ISAAC state machine, this switch can be + handled similarly to a lost packet. The state machine simply + notices that instead of Sequence Number value being one more + than the last value used for ISAAC, it is larger by two. The + ISAAC state machine then calculates the index into the current + "page", and uses the found number to validate (or send) the Auth + Key.</t> I'd recommend this specific text be dropped from the secure sequence number document. The expected procedure for doing the periodic stronger authentication is part of the optimizing BFD text. The test present currently in draft-ietf-bfd-optimizing-authentication-13 is: "Most packets transmitted on a BFD session are BFD UP packets. Authenticating a small subset of these packets, for example, a detect multiplier number of packets per configured interval, significantly reduces the computational demand for the system while maintaining security of the session across the configured interval. A minimum of Detect Multiplier packets MUST be transmitted per configured interval. This ensures that the BFD session should see at least one authenticated packet during that interval." If you must have anything in the secure-sequence draft, I suggest no more than: "It is RECOMMENDED that implementations periodically use a strong Auth Type for packets which maintain the session in an Up state. See [optimizing-bfd] for appropriate procedures." Any tweaks to the procedure can be discussed in the context of that document, which will handle not only secure-sequence, but NULL and future options. -- Jeff
