Re: [Tsv-art] Tsvart last call review of draft-ietf-bfd-multipoint-16

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mirja and I do read these reviews, but don't usually comment on them while the authors and reviewers are still chatting. But, on one point ...

On Tue, May 29, 2018 at 5:23 AM Bob Briscoe <ietf@xxxxxxxxxxxxxx> wrote:
Greg,

On 26/05/18 20:49, Greg Mirsky wrote:

[snip] 
NEW TEXT:
   Use of shared keys to authenticate BFD Control packet in multipoint
   scenarios is limited because tail can spoof the head from the
   viewpoint of the other tails.  Thus, if shared keys are used, all
   tails MUST be trusted not to spoof the head.. 
[BB]: Normally a MUST is applied to implementations. It would be rather odd to require users/operators to satisfy a spec requirement, particularly requiring them to trust each other. I think this should be written as an applicability statement not a normative requirement.

Bob is formally correct here, but it may be useful for me to say that I do see "requirements" language used to provide guidance about security and about operational considerations (as here).  

If I understand Bob's suggestion to be something like 

NEW
   Shared keys in multipath scenarios allow any tail to spoof 
   the head from the viewpoint of any other tail. For this reason,
   using shared keys to authenticate BFD Control packets in multipoint
   scenarios is a significant security exposure unless all tails can 
   be trusted not to spoof the head.
that would also work. 

"Do the right thing", of course.

Spencer
 


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux