[dtn-security] Re(2): Implementing Security Destinations in DTN2

Peter Lovell <plovell@mac.com> Thu, 06 September 2012 04:36 UTC

Return-Path: <plovell@mac.com>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAC3121F851C for <dtn-security@ietfa.amsl.com>; Wed, 5 Sep 2012 21:36:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nZ+6qZqkEMM for <dtn-security@ietfa.amsl.com>; Wed, 5 Sep 2012 21:36:59 -0700 (PDT)
Received: from st11p00mm-asmtp003.mac.com (st11p00mm-asmtp003.mac.com [17.172.81.2]) by ietfa.amsl.com (Postfix) with ESMTP id 632BE21F851B for <dtn-security@irtf.org>; Wed, 5 Sep 2012 21:36:59 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII
Received: from [192.168.1.98] (pool-96-255-127-40.washdc.fios.verizon.net [96.255.127.40]) by st11p00mm-asmtp003.mac.com (Oracle Communications Messaging Server 7u4-23.01(7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTPSA id <0M9W00KV1VHLSK50@st11p00mm-asmtp003.mac.com> for dtn-security@irtf.org; Thu, 06 Sep 2012 04:36:58 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.7.7855, 1.0.431, 0.0.0000 definitions=2012-09-06_01:2012-09-06, 2012-09-06, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1203120001 definitions=main-1209050364
From: Peter Lovell <plovell@mac.com>
To: ahennes1@math.umd.edu, Scott Burleigh <scott.c.burleigh@jpl.nasa.gov>
Date: Thu, 06 Sep 2012 00:36:56 -0400
Message-id: <20120906043656.504416340@smtp.mail.me.com>
In-reply-to: <6af37e4869b76826d4d2108e3eef82b3.squirrel@webmail.math.umd.edu>
References: <2665b4bca07d1e0d3d9de88844cc02e9.squirrel@webmail.math.umd.edu> <20120904172458.1767559740@smtp.mail.me.com> <A5BEAD028815CB40A32A5669CF737C3B0D72DE@ap-embx-sp20.RES.AD.JPL> <6af37e4869b76826d4d2108e3eef82b3.squirrel@webmail.math.umd.edu>
X-Mailer: CTM PowerMail version 6.1.3 build 4650 English (intel) <http://www.ctmdev.com>
Cc: dtn-security@irtf.org
Subject: [dtn-security] Re(2): Implementing Security Destinations in DTN2
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Sep 2012 04:37:00 -0000

On Thu, Sep 12, 2013, ahennes1@math.umd.edu <ahennes1@math.umd.edu> wrote:

>I think this push/pop idea makes the most sense of anything we've talked
>about. It seems like it would require some modification to the spec,
>however, and maybe a flag to set when the bundle-dest is being stored
>somewhere.

Hi Angela,

it would if it were to be general for all PC and ES ciphersuites. On the other hand, one could define one's own ciphersuite that worked this way and have no impact on anything else, I believe.

The general solution is to be greatly preferred but, as Stephen noted, it's way to big for an erratum.

I am pleased to hear from Scott that ION uses a mechanism along these lines. HIs concern about removal of the address-change-block is a valid one but will not be a problem in our case as we would (a)use the security block to hold the reference, and (b)push/pop the address simultaneous with add/delete of the security block (i.e. encrypt/decrypt).

Cheers.....Peter