Re: [dtn-interest] Comments on RFC 5050
Michael Noisternig <michael.noisternig@cased.de> Mon, 24 June 2013 19:03 UTC
Return-Path: <michael.noisternig@cased.de>
X-Original-To: dtn-interest@ietfa.amsl.com
Delivered-To: dtn-interest@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECAAD11E817C for <dtn-interest@ietfa.amsl.com>; Mon, 24 Jun 2013 12:03:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oCN0saHjRFix for <dtn-interest@ietfa.amsl.com>; Mon, 24 Jun 2013 12:03:36 -0700 (PDT)
Received: from lnx500.hrz.tu-darmstadt.de (lnx500.hrz.tu-darmstadt.de [130.83.156.225]) by ietfa.amsl.com (Postfix) with ESMTP id 583D511E816F for <dtn-interest@irtf.org>; Mon, 24 Jun 2013 12:03:35 -0700 (PDT)
Received: from mail.cased.de (mail.cased.de [130.83.33.42]) by lnx500.hrz.tu-darmstadt.de (8.14.4/8.14.4/HRZ/PMX) with ESMTP id r5OJ3YRc020233 for <dtn-interest@irtf.org>; Mon, 24 Jun 2013 21:03:34 +0200 (envelope-from michael.noisternig@cased.de)
Received: from [192.168.178.20] (drms-590c483a.pool.mediaWays.net [89.12.72.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.cased.de (Postfix) with ESMTPSA id E9DD147A072 for <dtn-interest@irtf.org>; Mon, 24 Jun 2013 21:03:33 +0200 (CEST)
Message-ID: <51C89801.20004@cased.de>
Date: Mon, 24 Jun 2013 21:03:29 +0200
From: Michael Noisternig <michael.noisternig@cased.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: dtn-interest@irtf.org
References: <51C0239C.5080104@cased.de> <A5BEAD028815CB40A32A5669CF737C3B235FFDAC@ap-embx-sp40.RES.AD.JPL> <51C81350.1000606@cased.de> <CAB9rx+9Y3rXvytmk9bW-fbzOz=eL+UBntcuzkS_Mn7T9V0wW3Q@mail.gmail.com>
In-Reply-To: <CAB9rx+9Y3rXvytmk9bW-fbzOz=eL+UBntcuzkS_Mn7T9V0wW3Q@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-PMX-TU: seen v1.2 by 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.6.24.185423
X-PMX-RELAY: outgoing
Subject: Re: [dtn-interest] Comments on RFC 5050
X-BeenThere: dtn-interest@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Announce." <dtn-interest.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-interest>, <mailto:dtn-interest-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-interest>
List-Post: <mailto:dtn-interest@irtf.org>
List-Help: <mailto:dtn-interest-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-interest>, <mailto:dtn-interest-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 19:03:43 -0000
Am 24.06.2013 20:48, schrieb Amy Alford: > > 4.7. Dictionary Revision: > "Any [unreferenced] strings (scheme names and SSPs) in a bundle's > dictionary ... may be removed from the > dictionary at the time the bundle is forwarded." > ...subject to that authenticity is not lost. > > * Yes, but that’s implicit. Strings that are needed in order to > > verify authenticity are referenced, so they can’t be > removed from > the dictionary. > > > Could it happen that some extension block be processed, removed and > its EID references removed by some intermediate node on a security > path? I am still trying to figure out what is possible with the > current security spec. > > Yes. Talking through a specific example is probably the best way to > clarify this. Suppose we have a very boring network of: > > Node A --- Node B --- Node C --- Node D > > Node A sends a bundle to node D, with a PIB block with security source > of node A and security destination of node D. Node B can add a PIB > block with security source node B and security destination node C. When > node C removes the PIB block destined for node C, it may change the > dictionary. But, it would change it back to its state at the time the > first PIB was calculated. > > In any event, PIBs don't cover the dictionary (only the specific entries > being used in the blocks covered by the PIB). BABs cover the > dictionary, but are always the last security block added and first > removed. The only time dictionary changes would invalidate a BAB are if > the dictionary was modified at a non security aware node. However, if > the dictionary was being modified because of a change to an extension > block, that would invalidate the BAB anyway. The only dictionary > changes that would invalidate a PIB are gratuitous changes to case > insensitive fields. > > - Amy Ah, I missed that the PIB does not protect the complete dictionary. Otherwise, I was more thinking about partially overlapping paths. Something like where Node A adds some (non-security) extension block together with some new dictionary entry, both to be processed and removed by Node C, whereas Node B adds a PIB to be consumed by Node D. But what about dictionary entries by non-primary blocks? How are they being protected end-to-end? Michael
- [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Amy Alford
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Burleigh, Scott C (313B)
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Burleigh, Scott C (313B)
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Amy Alford
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig
- Re: [dtn-interest] Comments on RFC 5050 Amy Alford
- [dtn-interest] Re(2): Comments on RFC 5050 Peter Lovell
- Re: [dtn-interest] Re(2): Comments on RFC 5050 Amy Alford
- Re: [dtn-interest] Comments on RFC 5050 Michael Noisternig