Document: draft-ietf-bfd-optimizing-authentication Title: Optimizing BFD Authentication Reviewer: Marcus Ihlar Review result: Ready with Issues This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information. When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@xxxxxxxx if you reply to or forward this review. The document is easy to read and provides an interesting solution to the security vs. performance tradeoff. From a transport perspective I see no significant issues, with the exception of a very minor one described below. Periodic Strong Reauthentication (Section 5): This procedure reuses the BFD Poll Sequence, with packets carrying strong authentication until a response with F=1 is received. If no F=1 arrives within the Detection Time, the session is torn down. Lack of Final packets could result either from authentication failure or from packet loss. In demand mode this behavior is consistent with RFC 5880, but in asynchronous mode it introduces a slightly stricter failure mode: where in base BFD a lost F=1 only prevented parameter changes, here it can lead to session teardown. This is probably a very unlikely case in practice, but the likelihood could be influenced by the choice of Min TX interval and Detect Multiplier. A short discussion on loss and reauthentication in Section 5, or in an Operational Considerations section, might be warranted. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
