Re: [dtn-security] A comment on BSP draft -03
"Peter Lovell" <peter.lovell@sparta.com> Fri, 20 April 2007 17:22 UTC
Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by webbie.berkeley.intel-research.net (8.11.6/8.11.6) with ESMTP id l3KHMmY04903 for <dtn-security@mailman.dtnrg.org>; Fri, 20 Apr 2007 10:22:48 -0700
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id l3KHMlSO029530; Fri, 20 Apr 2007 12:22:47 -0500
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id l3KHMl6Y015896; Fri, 20 Apr 2007 12:22:48 -0500
Received: from [192.168.4.99] ([157.185.80.253]) by nemo.columbia.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 20 Apr 2007 13:22:47 -0400
From: Peter Lovell <peter.lovell@sparta.com>
To: dtn-security@mailman.dtnrg.org, Susan <susan@mitre.org>
Cc: Peter Lovell <peter.lovell@sparta.com>
Subject: Re: [dtn-security] A comment on BSP draft -03
Date: Fri, 20 Apr 2007 13:22:45 -0400
Message-Id: <20070420172245.2084852048@127.0.0.1>
In-Reply-To: <8E507634779E22488719233DB3DF9FF001752B28@IMCSRV4.MITRE.ORG>
References: <8E507634779E22488719233DB3DF9FF001752B28@IMCSRV4.MITRE.ORG>
X-Mailer: CTM PowerMail version 5.5.3 build 4480 English (PPC) <http://www.ctmdev.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 20 Apr 2007 17:22:47.0366 (UTC) FILETIME=[83C52660:01C78370]
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (M4.sparta.com [157.185.61.2]); Fri, 20 Apr 2007 12:22:47 -0500 (CDT)
Sender: dtn-security-admin@mailman.dtnrg.org
Errors-To: dtn-security-admin@mailman.dtnrg.org
X-BeenThere: dtn-security@mailman.dtnrg.org
X-Mailman-Version: 2.0.13
Precedence: bulk
Reply-To: dtn-security@mailman.dtnrg.org
List-Unsubscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=unsubscribe>
List-Id: DTN Security Discussion <dtn-security.mailman.dtnrg.org>
List-Post: <mailto:dtn-security@mailman.dtnrg.org>
List-Help: <mailto:dtn-security-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=subscribe>
List-Archive: <http://mailman.dtnrg.org/pipermail/dtn-security/>
Hi Susan, On Fri, Apr 20, 2007, Symington, Susan F. <susan@mitre.org> wrote: > >1. The EID references could contain ZERO, one or two EIDs. That's true. I guess I was thinking of the reference code implementation which omits the field entirely if there are no entries. >2. I dont' think you should call it bit 6. Just call it by the flag >name, in case the flags change place sometime in the BP. I had suggested that BP include short names for these, in addition to the very-long-winded-descriptive-labels-which-lose-people's-attention-as- they-read-to-the-end. I'll catch this next time around. >3. I don't think that using only the ordering of the EIDs is >sufficient. What if only one EID is present. How does the node know >whether this is the security-source or the security-destination? I >think we need some other indicator to be able to tell the difference. This was a KISS call on my part when we were doing the suggestion. The only extension blocks with two EIDs are security ones, and we already have flags in the ciphersuite field to say which are present. It's like moving those fields from the block-specific-data into the preamble -- the same rules apply. If there are two in the list, it's sec-source then sec-dest just as it was previously in the block data. If there's only one, the flags in ciphersuite tell you which, and the other is null, just as it was previously. If the count is zero then they're both null. No other blocks presently have more than one EID, so the issue does not come up elsewhere. If/when new blocks are defined with more, they'll have to include some way to deal with this. I was mindful of this issue during the discussions, and tried to get some way to simply define a null EID. That, of course, is not the same as "dtn:none" but more like the usage in BSP where, for example, a null sec-dest means that sec-dest is the bundle destination. Obviously this is not at all the same as "dtn:none" as a destination. My suggestion was to include a single NULL byte as the start of the dictionary. That way, a reference of {0, 0} would be guaranteed to refer to a null EID. Unfortunately that suggestion was not adopted, so if you need a null EID in the list then you have to actually create one and add it. Cheers.....Peter
- Re: [dtn-security] A comment on BSP draft -03 Peter Lovell
- [dtn-security] A comment on BSP draft -03 Symington, Susan F.