scope:

Introduction

This document performs a gap analysis of the current state of Bidirectional Forwarding Detection [RFC5880] according to the requirements of KARP Design Guidelines [RFC6518]. Previously, the OPSEC working group has provided an analysis of cryptographic issues with BFD in "Issues with Existing Cryptographic Protection Methods for Routing Protocols" [RFC6039].

The existing BFD specifications provide a basic security solution. Key ID is provided so that the key used in securing a packet can be changed on demand. Two cryptographic algorithms (MD5 and SHA‐1) are supported for integrity protection of the control packets; the algorithms are both demonstrated to be subject to collision attacks. Routing protocols like "RIPv2 Cryptographic Authentication" [RFC4822], "IS‐IS Generic Cryptographic Authentication" [RFC5310], and "OSPFv2 HMAC‐SHA Cryptographic Authentication" [RFC5709] have started to use BFD for liveliness checks. Moving the routing protocols to a stronger algorithm while using a weaker algorithm for BFD would allow the attacker to bring down BFD in order to bring down the routing protocol. BFD therefore needs to match the routing While BFD uses a non‐decreasing, per‐packet sequence number to protect itself from intra‐connection replay attacks, it still leaves the protocol vulnerable to the inter‐session replay attacks.