Re(2): [dtn-security] BSP questions

"Peter Lovell" <> Tue, 06 February 2007 14:41 UTC

Received: from ( []) by (8.11.6/8.11.6) with ESMTP id l16EfeY29241 for <>; Tue, 6 Feb 2007 06:41:40 -0800
Received: from ( []) by (8.13.5/8.13.5) with ESMTP id l16Efdeo009941; Tue, 6 Feb 2007 08:41:39 -0600
Received: from ( []) by (8.12.11/8.13.1) with ESMTP id l16EfcFK026376; Tue, 6 Feb 2007 08:41:39 -0600
Received: from [] ([]) by with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Feb 2007 09:41:37 -0500
From: "Peter Lovell" <>
To: <>, Susan <>
Cc: "Howard Weiss" <>
Subject: Re(2): [dtn-security] BSP questions
Date: Tue, 6 Feb 2007 09:41:36 -0500
Message-Id: <20070206144136.143416340@>
In-Reply-To: <8E507634779E22488719233DB3DF9FF0014B1749@IMCSRV4.MITRE.ORG>
References: <20070206133129.1301477151@> <8E507634779E22488719233DB3DF9FF0014B1749@IMCSRV4.MITRE.ORG>
X-Mailer: CTM PowerMail version 5.5.3 build 4480 English (PPC) <>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 06 Feb 2007 14:41:37.0671 (UTC) FILETIME=[E8070970:01C749FC]
X-Mailman-Version: 2.0.13
Precedence: bulk
List-Unsubscribe: <>, <>
List-Id: DTN Security Discussion <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
List-Archive: <>

Hi Susan,

this is as I expected, and how I have been doing the implementation. I
thought I'd check, though, as strictly end-to-end would make a few
things easier. Worth a try :)


p.s. yes - clarifying text in the spec would be good

>I believe that the term "end-to-end" here was intended to mean from
>security source to security destination, where the security source is
>not necessarily the source of the bundle, and the security destination
>is not necessarily the destination of the bundle. This
>"end-to-endishness" is described in more detail in the Security
>Overview document. An end-to-end ciphersuite is distinguished from a
>"hop-by-hop" ciphersuite by the fact that the hop-by-hop ciphersuite is
>only intended to be used between adjacent nodes and never across
>multiple nodes. 
>To avoid others having the same question as you, it seems we should add
>some clarifying text to explain this, because the BSP is normative
>whereas the Security Overview is not.
>Susan Symington
>The MITRE Corporation
>703-983-7209 (voice)
>703-983-7142 (fax)
>>-----Original Message-----
>>[] On Behalf Of Peter
>>Sent: Tuesday, February 06, 2007 8:31 AM
>>Cc: Howard Weiss
>>Subject: [dtn-security] BSP questions
>>a question arising from doing the implementation ...
>>Bundle security spec 2.3 description for PS includes the statement
>>"The ciphersuite ID MUST be documented as an end-to-end
>>ciphersuite or as an end-to-end error-detection-ciphersuite."
>>Is it the intent that PS is only ever end-to-end? It can never be
>>at intermediate points such as a bastion gateway. Gateway-to-gateway
>>would be done using encapsulation (tunneling), so the gateway would be
>>the source for the encapsulated bundle. If this is the intent then
>>several other issues no longer exist.