Hi, I'm in the process of (re) doing the shepherd writeup for draft-ietf-bfd-secure-sequence-numbers and took a look at -18, comments below.
Regards,Reshad. 3. Experimental updates to RC 5880 “This document describes an experimental updates to BFD” should be “describes experimental updates” or “describes an experimental update”. “ bfd.AuthType: The current authentication type in use for this session, as defined in BFD [RFC5880] (Section 4.1), or zero if no authentication is in use. Note that the session MAY change AuthType during a session. For example, where the session transitions from one with strong authentication to a less strong one, or vice versa.” - Is the last statement still true since bfd-optimized-auth now has an AuthType which is a combination of strong and optimized? 5. Meticulous Keyed ISAAC authentication format This section appears not to be aligned with section 3 of bfd-optimized-auth? e.g it still has Reserved field and mentions Auth Type Meticulous Keyed ISAAC (instead of the 2 TBDs i.e. an Auth Type supporting Meticulous Keyed ISAAC) 10. Seeding ISAAC Nit in 1st line “is used to is used to” 12. Transition away from using ISAAC This section mentions “strong Auth Type”, it should instead say “strong authentication”? 14.1 Spoofing “man-in-the-midde active attack”, “on-path attacker attack” is used elsewhere. Wrt to copying the Auth Key value to a different packet, wouldn’t the different be rejected because the sequence number is incremented for each packet?
