Re: [dtn-interest] Comments on RFC 5050
Amy Alford <aloomis@sarn.org> Mon, 24 June 2013 18:48 UTC
Return-Path: <aloomis@sarn.org>
X-Original-To: dtn-interest@ietfa.amsl.com
Delivered-To: dtn-interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B88E521E8161 for <dtn-interest@ietfa.amsl.com>; Mon, 24 Jun 2013 11:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3hR65d86tpu for <dtn-interest@ietfa.amsl.com>; Mon, 24 Jun 2013 11:48:49 -0700 (PDT)
Received: from mail-ob0-x235.google.com (mail-ob0-x235.google.com [IPv6:2607:f8b0:4003:c01::235]) by ietfa.amsl.com (Postfix) with ESMTP id CFDD311E8183 for <dtn-interest@irtf.org>; Mon, 24 Jun 2013 11:48:39 -0700 (PDT)
Received: by mail-ob0-f181.google.com with SMTP id 16so11127114obc.26 for <dtn-interest@irtf.org>; Mon, 24 Jun 2013 11:48:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=Bzx3hiBw0TDm7QzQB1ePdYXi6Oa19t8+W17C3GAu8AY=; b=SgcrEbSasvj1Y3OemUDi3bQkCPptQ49FVNtv4i8B3sc8ziwXlNhU7hcjTOgzTVTX3V ZElZj4JVXWdKZwWUcvedD+6lSLp67jitdO8TmEdzYcn6WxmUhwOCA4QDxr1lhNtYV3VU Vi5HwyUtateobHKIi7cNmkpu4+pEn+i9zSfCasbynrrruEQWPy6TrkAnx29L0SWvDARx iCQjhR5iKil2OlBH38Bjv0furcBTkP3P6n42VV4Q/0boOOUzQC3RRtTOrxjeUSQ+CpdR 49mKNWgTOvrB8MiU04x7xEPBdB2BNAz/8Ke3DmNEvJ9UgRnFzv8g+KZY+WUg92vomD7w waLg==
MIME-Version: 1.0
X-Received: by 10.60.117.41 with SMTP id kb9mr4293926oeb.33.1372099711568; Mon, 24 Jun 2013 11:48:31 -0700 (PDT)
Received: by 10.182.102.201 with HTTP; Mon, 24 Jun 2013 11:48:31 -0700 (PDT)
In-Reply-To: <51C81350.1000606@cased.de>
References: <51C0239C.5080104@cased.de> <A5BEAD028815CB40A32A5669CF737C3B235FFDAC@ap-embx-sp40.RES.AD.JPL> <51C81350.1000606@cased.de>
Date: Mon, 24 Jun 2013 14:48:31 -0400
Message-ID: <CAB9rx+9Y3rXvytmk9bW-fbzOz=eL+UBntcuzkS_Mn7T9V0wW3Q@mail.gmail.com>
From: Amy Alford <aloomis@sarn.org>
To: Michael Noisternig <michael.noisternig@cased.de>
Content-Type: multipart/alternative; boundary="047d7b414e28e7a54f04dfeadbb1"
X-Gm-Message-State: ALoCoQlo1D8I6VpNNJjx2gaiRSqfIGROi99kLgndLrBw4jGjjVmE7njdSZF4EtBgee9n0RNE3xiK
Cc: dtn-interest@irtf.org
Subject: Re: [dtn-interest] Comments on RFC 5050
X-BeenThere: dtn-interest@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Announce." <dtn-interest.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-interest>, <mailto:dtn-interest-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-interest>
List-Post: <mailto:dtn-interest@irtf.org>
List-Help: <mailto:dtn-interest-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-interest>, <mailto:dtn-interest-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 18:48:49 -0000
> 4.7. Dictionary Revision: >> "Any [unreferenced] strings (scheme names and SSPs) in a bundle's >> dictionary ... may be removed from the >> dictionary at the time the bundle is forwarded." >> ...subject to that authenticity is not lost. >> >> * Yes, but that’s implicit. Strings that are needed in order to >> >> verify authenticity are referenced, so they can’t be removed from >> the dictionary. >> > > Could it happen that some extension block be processed, removed and its > EID references removed by some intermediate node on a security path? I am > still trying to figure out what is possible with the current security spec. > Yes. Talking through a specific example is probably the best way to clarify this. Suppose we have a very boring network of: Node A --- Node B --- Node C --- Node D Node A sends a bundle to node D, with a PIB block with security source of node A and security destination of node D. Node B can add a PIB block with security source node B and security destination node C. When node C removes the PIB block destined for node C, it may change the dictionary. But, it would change it back to its state at the time the first PIB was calculated. In any event, PIBs don't cover the dictionary (only the specific entries being used in the blocks covered by the PIB). BABs cover the dictionary, but are always the last security block added and first removed. The only time dictionary changes would invalidate a BAB are if the dictionary was modified at a non security aware node. However, if the dictionary was being modified because of a change to an extension block, that would invalidate the BAB anyway. The only dictionary changes that would invalidate a PIB are gratuitous changes to case insensitive fields. - Amy
- [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Amy Alford
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Burleigh, Scott C (313B)
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Burleigh, Scott C (313B)
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Amy Alford
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Amy Alford
- [dtn-interest] Re(2): Comments on RFC 5050 Peter Lovell
- Re: [dtn-interest] Re(2): Comments on RFC 5050 Amy Alford
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig