Re(5): [dtn-interest] block-sequencing issue
"Peter Lovell" <peter.lovell@sparta.com> Fri, 23 February 2007 00:11 UTC
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by webbie.berkeley.intel-research.net (8.11.6/8.11.6) with ESMTP id l1N0BcY06433 for <dtn-interest@mailman.dtnrg.org>; Thu, 22 Feb 2007 16:11:38 -0800
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id l1N0BaLF000490 for <dtn-interest@mailman.dtnrg.org>; Thu, 22 Feb 2007 18:11:36 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id l1N0B5wl015099 for <dtn-interest@mailman.dtnrg.org>; Thu, 22 Feb 2007 18:11:33 -0600
Received: from [192.168.4.100] ([157.185.80.253]) by nemo.columbia.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 22 Feb 2007 19:11:24 -0500
From: Peter Lovell <peter.lovell@sparta.com>
To: dtn interest <dtn-interest@mailman.dtnrg.org>
Cc: Peter Lovell <peter.lovell@sparta.com>
Subject: Re(5): [dtn-interest] block-sequencing issue
Date: Thu, 22 Feb 2007 19:11:24 -0500
Message-Id: <20070223001124.1197027855@127.0.0.1>
In-Reply-To: <20070216235909.1471315140@127.0.0.1>
References: <20070213204532.1192808970@127.0.0.1> <45D22840.2060102@cs.tcd.ie> <45D22E6B.2030603@jpl.nasa.gov> <20070216221506.1618855494@127.0.0.1> <45D63210.8050806@jpl.nasa.gov> <20070216235909.1471315140@127.0.0.1>
X-Mailer: CTM PowerMail version 5.5.3 build 4480 English (PPC) <http://www.ctmdev.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==_20070223001124.1197027855-1_=="
X-OriginalArrivalTime: 23 Feb 2007 00:11:24.0120 (UTC) FILETIME=[27592D80:01C756DF]
Sender: dtn-interest-admin@mailman.dtnrg.org
Errors-To: dtn-interest-admin@mailman.dtnrg.org
X-BeenThere: dtn-interest@mailman.dtnrg.org
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-interest>, <mailto:dtn-interest-request@mailman.dtnrg.org?subject=unsubscribe>
List-Id: Delay Tolerant Networking Interest List <dtn-interest.mailman.dtnrg.org>
List-Post: <mailto:dtn-interest@mailman.dtnrg.org>
List-Help: <mailto:dtn-interest-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-interest>, <mailto:dtn-interest-request@mailman.dtnrg.org?subject=subscribe>
List-Archive: <http://mailman.dtnrg.org/pipermail/dtn-interest/>
We've had discussions recently about interactions between bundle protocol specifications and those for bundle security. One thing which has become clear is that we have a difference of opinion with regard to the "ordering" or "sequencing" of the blocks in a bundle as it travels through various dtn nodes. The purpose of the rather lengthy email is set out the issues as best I can and ask for suggestions from the dtn community. Problem ------- The bundle protocol specification [BP] <draft-irtf-dtnrg-bundle- spec-08.txt> specifies that a bundle is a sequence of blocks but, beyond that, doesn't really address the issue. In that way, the specification implicitly allows reordering at various points. The only requirements seem to be that (1)the primary block MUST be first, and (2)the last block in the sequence MUST have the "last block" flag set. On the other hand, the bundle security protocol specification [BSP] <draft-irtf-dtnrg-bundle-security-03.txt> has a very strong sense of block ordering. We need to reconcile these two positions and ensure that BSP relies only upon the services and facilities which BP provides. If it expects more then it is certain to fail. Scenarios --------- BSP's current definition makes use of ordering in two ways. The first is to know what data has been processed (protected) and in what order. For example, bundle authentication generates a digest of the entire bundle (with very minor exceptions) so the receiver can verify that it is correct and complete. The ordering defined for this operation is the sequence in which the blocks are transmitted "on the wire". BSP therefore requires that the block sequence be maintained in the sending node from the time the digest is calculated until actual transmission occurs, and also in the receiving node from reception of the blocks until they are presented to the bundle security process there. The second use is to know the order of the processing steps which have been applied to the bundle so that processing at the various destination points can be performed in the correct, reverse order. In some cases, several steps happen within one node while in other scenarios steps occur at several nodes along the bundle's path. BSP operation handles these like envelopes or onion-layers, so that the reverse ordering is obtained by removing successive layers one at a time. Obviously, any rearrangement of the blocks completely destroys any chance to correctly process the bundle. The diagram attached shows these two usages. Scenario 1 shows a bundle being sent, having "payload security" (digest of bundle content) added at a nearby gateway, a second layer being added to confirm node 2's signature, and then delivery to the destination. Without integrity of the envelopes, it's impossible to verify any of the signatures. Scenario 2 shows a different last-hop in which node 3 not only adds payload security, but bundle authentication as well. Bundle authentication always processes all the message blocks into the digest but in this case there's no way for the destination to determine the order in which that was done. There are additional problem scenarios but these two show the problem in a simple way. Many real-world instances will also involve confidentiality ciphersuites to encrypt the information, but adding that here would not help us in thinking about the problem. Options ------- Bundle authentication is always hop-by-hop so, if it is used on a particular link, then it must be present at both ends. There are no intermediate points at which reordering can occur. So BSP can solve the bundle authentication scenario by imposing a requirement that nodes implementing BSP must preserve block ordering. This is unfortunately not a solution for payload security and confidentiality ciphersuites. These are end-to-end, or perhaps gateway- to-gateway, and in gereral there will be intermediate nodes which do not support BSP and are therefore not bound by its requirements. These nodes might re-order the blocks in a bundle as part of their forwarding process, for example. BSP can partially solve this problem by adding a layering identifier to each of the security blocks. This would solve BSP's own processing issue but could not help with security for other extension blocks. It would also add to the size of all security blocks in the bundle. Another option is for BP to add the requirement to the specification, so that all nodes would have to maintain block ordering. This is somewhat problematic since BP spec is currently on track towards becoming an RFC. Please think about this issue and let me know your thoughts. Regards.....Peter
- Re(2): [dtn-interest] block-sequencing issue Peter Lovell
- Re: [dtn-interest] block-sequencing issue Stephen Farrell
- Re(5): [dtn-interest] block-sequencing issue Peter Lovell
- Re(2): [dtn-interest] block-sequencing issue Peter Lovell
- Re: [dtn-interest] block-sequencing issue Scott Burleigh
- Re(2): [dtn-interest] block-sequencing issue Peter Lovell
- Re: [dtn-interest] block-sequencing issue Nick Goffee
- Re(4): [dtn-interest] block-sequencing issue Peter Lovell
- Re: Re(2): [dtn-interest] block-sequencing issue Wesley Eddy
- Re(2): [dtn-interest] block-sequencing issue Peter Lovell
- Re: [dtn-interest] block-sequencing issue Scott Burleigh
- Re: [dtn-interest] block-sequencing issue Stephen Farrell
- [dtn-interest] block-sequencing issue Peter Lovell