DTN Research Group S. Symington Internet-Draft R. Durst Expires: October 6, 2006 K. Scott The MITRE Corporation April 4, 2006 Delay-Tolerant Networking Bundle-in-Bundle Encapsulation draft-irtf-dtnrg-bundle-encapsulation-00 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on October 6, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document defines an additional administrative record type to be used with the Bundle Protocol [2] within the context of a Delay- Tolerant Network architecture [5]. This new administrative record type, called a Bundle-in-Bundle Encapsulation Administrative Record, is designed to be used to encapsulate one or more bundles inside of another bundle. When an administrative record of the bundle-in- bundle encapsulation type is carried as the payload of a bundle, it Symington, et al. Expires October 6, 2006 [Page 1] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 provides a mechanism for transmitting one or more bundles as part of the payload of another bundle. This administrative record type is expected to be of general use in DTN. It may be used, for example, to encapsulate a multicast bundle inside of a unicast bundle, or to encapsulate a bundle with one type of security protection inside of a bundle with a different type of security protection. This document defines the format and processing of this new bundle-in-bundle encapsulation administrative record type. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Bundle-in-Bundle Encapsulation Administrative Record Format . . 4 3. Bundle-in-Bundle Encapsulation Administrative Record Processing . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 6 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5.1. Normative References . . . . . . . . . . . . . . . . . . . 7 5.2. Informative References . . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . . . 9 Symington, et al. Expires October 6, 2006 [Page 2] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 1. Introduction The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [1]. The DTN bundle protocol [2] defines the bundle as its protocol data unit and also defines two types of administrative records that may be carried as the payload of bundles. This document defines an additional administrative record type. This new administrative record type, called a Bundle-in-Bundle Encapsulation Administrative Record, is designed to be used to encapsulate one bundle inside of another bundle. When an administrative record of the bundle-in- bundle encapsulation type is carried as the payload of a bundle, it provides a mechanism for transmitting one bundle as part of another bundle. This administrative record type is expected to be of general use in DTN. It may be used, for example, to encapsulate a multicast bundle inside of a unicast bundle, or to encapsulate a bundle with one type of security protection inside of a bundle with a different type of security protection. This document defines the format and processing of this new bundle-in-bundle encapsulation administrative record type. The capabilities described in this document are OPTIONAL for deployment with the Bundle Protocol. Bundle Protocol implementations claiming to support bundle-in-bundle encapsulation MUST be capable of both: -generating and sending bundles containing Bundle-in-Bundle Encapsulation administrative records, and -receiving and processing bundles containing Bundle-in-Bundle Encapsulation administrative records as defined in this document. Symington, et al. Expires October 6, 2006 [Page 3] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 2. Bundle-in-Bundle Encapsulation Administrative Record Format The basic format of every administrative record is defined in the Bundle Protocol. The bundle-in-bundle encapsulation administrative record also has this basic format. That is, it is comprised of the following elements: -Record type code (four bits) - as in all administrative records. The administrative record type code value for the bundle-in-bundle encapsulation administrative record is 0x03. -Administrative record flags - (four bits) - as in all administrative records. -Administrative record type-specific record content as follows: -Length of the next field - contains the length of the next field, which contains a sequence of one or more encapsulated bundles, and is encoded as an SDNV. SDNV encoding is described in the Bundle Protocol [2]. -Encapsulated Bundles field - contains a sequence of one or more bundles that are to be extracted from this administrative record for further processing (e.g., delivery and/or forwarding). The format of the a bundle-in-bundle encapsulation administrative record is as follows: Bundle-in-Bundle Encapsulation Administrative Record Type Format +---------------+---------------+---------------+--------------+ | Admin. Record | Admin. Record | Length of the | Encapsulated | | Type Code | flags | next field | Bundles | +---------------+---------------+---------------+--------------+ Figure 1 Symington, et al. Expires October 6, 2006 [Page 4] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 3. Bundle-in-Bundle Encapsulation Administrative Record Processing Upon delivery of a bundle with a payload that is a Bundle-in-Bundle Encapsulation administrative record, the administrative element of the application agent of the node at which the bundle was delivered SHALL extract the encapsulated bundles from the bundle-in-bundle encapsulation administrative record and pass each of these bundles in its entirety to its bundle protocol agent. The bundle protocol agent SHALL process each bundle as if it had just been received from another node. Some of these processing steps include: -If the bundle has one or more extension headers, such as a Bundle Authentication Header (BAH) [4] or a Previous Hop EID header [3], that are intended to be processed on a hop-by-hop basis, the protocol agent SHALL process these headers (possibly validating, deleting, and/or replacing these headers) as if the bundle had just been received from another node, -If the bundle has any end-to-end security headers (CH or PSH) [4] for which the receiving node is the security-destination, the bundle protocol agent shall process these headers, -the bundle protocol agent SHALL deliver the bundle, if appropriate, -the bundle protocol agent SHALL perform custody transfer and/or status reporting on the bundle as directed by the bundle's custody transfer and status report request flags. -the bundle protocol agent SHALL forward the bundle to all appropriate endpoints. Symington, et al. Expires October 6, 2006 [Page 5] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 4. Security Considerations There are two documents that pertain to providing security within DTN [6] [4]. The security headers and other protection mechanisms defined and described in those documents apply completely to the protection of bundle-in-bundle encapsulation administrative records, in the sense that administrative records are simply carried in bundles as the content of the payload field in the Bundle Payload Header. All security protection mechanisms that apply to the Bundle Payload Header, therefore, also apply to protection of bundle-in- bundle encapsulation administrative records. In particular, all three mandatory ciphersuites defined in the Bundle Security Protocol provide protection for the bundle-in-bundle encapsulation administrative record. It should be noted that when a bundle is encapsulated, the encapsulated bundle itself may be protected by one or more security headers. In particular, it may contain a Bundle Authentication Header (BAH), which is designed to be processed by a next-hop neighboring node. If a bundle with a BAH is encapsulated by one node and it is received and de-encapsulated by a non-neighboring node, the de-encapsulating node must be capable of validating the security result in that BAH if its security policy requires such validation. Therefore, encapsulation of bundles protected by BAHs may require that keys that are normally only shared between neighbors be distributed further in the DTN so that they are shared by the encapsulating and de-encapsulating nodes. Symington, et al. Expires October 6, 2006 [Page 6] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 5. References 5.1. Normative References [1] Bradner, S. and J. Reynolds, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, October 1997. [2] Scott, K. and S. Burleigh, "Bundle Protocol Specification", draft-irtf-dtnrg-bundle-spec-04.txt , December 2005. [3] Symington, S., Durst, R., and K. Scott, "Previous Hop Endpoint ID Extension Header Definition", draft-irtf-dtnrg-bundle-previous-hop-extension-header-00.txt , April 2006. [4] Symington, S., Farrell, S., and H. Weiss, "Bundle Security Protocol Specification", draft-irtf-dtnrg-bundle-security-01.txt, work-in-progress, March 2006. 5.2. Informative References [5] Cerf, V., Burleigh, S., Hooke, A., Torgerson, L., Durst, R., Scott, K., Fall, K., and H. Weiss, "Delay-Tolerant Network Architecture", draft-irtf-dtnrg-arch-04.txt , December 2005, . [6] Farrell, S., Symington, S., and H. Weiss, "Delay-Tolerant Network Security Overview", draft-irtf-dtnrg-sec-overview-01.txt , March 2005. Symington, et al. Expires October 6, 2006 [Page 7] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 Authors' Addresses Susan Flynn Symington The MITRE Corporation 7515 Colshire Drive McLean, VA 22102 US Phone: +1 (703) 983-7209 Email: susan@mitre.org URI: http://mitre.org/ Robert C. Durst The MITRE Corporation 7515 Colshire Drive McLean, VA 22102 US Phone: +1 (703) 983-7535 Email: durst@mitre.org URI: http://mitre.org/ Keith L. Scott The MITRE Corporation 7515 Colshire Drive McLean, VA 22102 US Phone: +1 (703) 983-6547 Email: kscott@mitre.org URI: http://mitre.org/ Symington, et al. Expires October 6, 2006 [Page 8] Internet-Draft DTN Bundle-in-Bundle Encapsulation April 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Symington, et al. Expires October 6, 2006 [Page 9]