Right. That is yet another word for it. And yes, zero padding is required, but not checked. Implementers should be warned of the issues, only my opinion... just a simple sentence in Security Considerations.
But hey, I didn't file a blocking comment, so the authors can choose to ignore it, if they wish. Deb On Wed, Jan 8, 2025 at 6:34 PM John Scudder <[email protected]> wrote: > I suppose it might also be considered an attractive option to use as a > covert channel, if the zero padding requirement wasn’t there. But it is so > that should be ok. > > $0.02, > > —John > > > On Jan 8, 2025, at 9:18 AM, Jeffrey Haas <[email protected]> wrote: > > > > [External Email. Be cautious of content] > > > > > > Deb, > > > > > >> On Jan 7, 2025, at 11:49 AM, Deb Cooley <[email protected]> wrote: > >> > >> How about: > >> > >> The addition of dynamic size packets adds the potential for leaks in > the padding. The padding requirements in this document are the mitigation > for these issues. > > > > Whereas I don't understand what "leaks in the padding" is intended to > mean. > > > > Is the point you want that the zero is to avoid cases where random > memory buffers might be accidentally exposing data in the BFD payloads? > That was one of the intents for the padding contents being zero, but if > that's the point everyone has been hung up on, I can add a sentence making > that explicit. > > > > Note that "dynamic" sizes doesn't really impact this consideration. > > > > -- Jeff > > >
