Re: [dtn-security] Issue implementing security source/destination with ESB blocks
ahennes1@math.umd.edu Mon, 03 September 2012 13:05 UTC
Return-Path: <ahennes1@math.umd.edu>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id E551B21F8540 for <dtn-security@ietfa.amsl.com>;
Mon, 3 Sep 2012 06:05:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No,
score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001,
RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dxsT9vnELOd5 for
<dtn-security@ietfa.amsl.com>; Mon, 3 Sep 2012 06:05:28 -0700 (PDT)
Received: from mailfilter.ece.umd.edu (mailfilter.ece.umd.edu [129.2.90.4]) by
ietfa.amsl.com (Postfix) with ESMTP id A523721F853E for
<dtn-security@irtf.org>; Mon, 3 Sep 2012 06:05:28 -0700 (PDT)
X-ASG-Debug-ID: 1346677526-04739d1028244330001-NoPDhg
Received: from svr4.math.umd.edu (svr4.math.umd.edu [129.2.56.14]) by
mailfilter.ece.umd.edu with ESMTP id hlUHYyTMQEB4F6po;
Mon, 03 Sep 2012 09:05:26 -0400 (EDT)
X-Barracuda-Envelope-From: ahennes1@math.umd.edu
X-Barracuda-Apparent-Source-IP: 129.2.56.14
Received: by svr4.math.umd.edu (Postfix, from userid 48) id 0AA3C6FC83;
Mon, 3 Sep 2012 09:05:25 -0400 (EDT)
Received: from 69.243.25.71 by webmail.math.umd.edu with HTTP;
Mon, 3 Sep 2012 09:05:25 -0400
Message-ID: <cae89cc48d18dea2288489bce7473621.squirrel@webmail.math.umd.edu>
In-Reply-To: <20120824185650.1151428911@smtp.mail.me.com>
References: <f1abb474b138939c6494addd3ac356bb.squirrel@webmail.math.umd.edu>
<CAB9rx+9v4T9f-RXQbzKV67h7wiDbqZoyLjbKSesc+mnJ_TKhtw@mail.gmail.com>
<CAB9rx+9WnNdwhDJq9HEqkHW49C+F8q_7MgZuzwzGcp9tH9+BHA@mail.gmail.com>
<dd65229141b55c413fa835120b5477aa.squirrel@webmail.math.umd.edu>
<20120821141321.215374808@smtp.mail.me.com>
<CAB9rx+-ZVvQ+rT8kVMu_TQOUm6q55gtjecWj-qb0oXhdJkmizw@mail.gmail.com>
<97735113a72c3d32d66ca834c84ff8a4.squirrel@webmail.math.umd.edu>
<20120824185650.1151428911@smtp.mail.me.com>
Date: Mon, 3 Sep 2012 09:05:25 -0400
From: ahennes1@math.umd.edu
X-ASG-Orig-Subj: Re: Issue implementing security source/destination with ESB
blocks
To: "Peter Lovell" <plovell@mac.com>, dtn-security@irtf.org
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Barracuda-Connect: svr4.math.umd.edu[129.2.56.14]
X-Barracuda-Start-Time: 1346677526
X-Barracuda-URL: http://mailfilter.ece.umd.edu:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at ece.umd.edu
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No,
SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0
QUARANTINE_LEVEL=7.0 KILL_LEVEL=1000.0 tests=NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2,
rules version 3.2.2.107488 Rule breakdown below pts
rule name description ---- ----------------------
-------------------------------------------------- 0.00 NO_REAL_NAME From:
does not include a real name
Subject: Re: [dtn-security] Issue implementing security source/destination
with ESB blocks
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security."
<dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>,
<mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>,
<mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2012 13:05:32 -0000
We've hashed out some of the wording, and below is what we'd like to
propose for the BSP errata list. Any comments are welcome.
Thanks,
Angela
Section 3.4.1,pg.32 says:
The first algorithm that can be used permits no changes at all to the
bundle between the security-source and the security-destination. It
is mainly intended for use in BAB ciphersuites. This algorithm
conceptually catenates all blocks in the order presented, but omits
all security-result data fields in blocks of this ciphersuite type.
That is, when a BAB ciphersuite specifies this algorithm, we omit all
BAB security-results for all BAB ciphersuites. When a PIB
ciphersuite specifies this algorithm, we omit all PIB security-
results for all PIB ciphersuites. All security-result length fields
are included, even though their corresponding security-result data
fields are omitted.
It should say:
The first algorithm that can be used permits no changes at all to the
bundle between the security-source and the security-destination, with
the exception of one of the Block Processing Control Flags, as
described below. It is mainly intended for use in BAB ciphersuites.
This algorithm conceptually catenates all blocks in the order presented,
but omits all security-result data fields in blocks of this ciphersuite
type. That is, when a BAB ciphersuite specifies this algorithm, we omit
all BAB security-results for all BAB ciphersuites. When a PIB
ciphersuite specifies this algorithm, we omit all PIB security-
results for all PIB ciphersuites. All security-result length fields
are included, even though their corresponding security-result data
fields are omitted.
Notes:
o In the Block Processing Control Flags field, in every block other
than the Primary Block, the flag at bit 5, "Block was forwarded
without being processed" is canonicalized as zero. The Block
Processing
Control Flags field, which is an SDNV, is unpacked into a fixed-width
field, and some bits are masked out. The unpacked field is ANDed with
mask 0xFFFF FFFF FFFF FFDF to set to zero the "Block was forwarded
without being processed" bit for the purposes of canonicalization.
Notes: If this flag is not zeroed out, when a bundle passes through a
non-security aware node, this flag will be set. This will then change the
message digest, and a BAB block will fail to verify.
Section 3.4.2,pg.35 says:
For non-primary blocks being included in the canonicalization, the
block processing control flags value used for canonicalization is the
unpacked SDNV value with reserved and mutable bits masked to zero.
The unpacked value is ANDed with mask 0x0000 0000 0000 0077 to zero
reserved bits and the "last block" flag. The "last block" flag is
ignored because BABs and other security blocks MAY be added for some
parts of the journey but not others, so the setting of this bit might
change from hop to hop.
It should say:
For non-primary blocks being included in the canonicalization, the
block processing control flags value used for canonicalization is the
unpacked SDNV value with reserved and mutable bits are masked to zero.
The unpacked value is ANDed with mask 0x0000 0000 0000 0057 to zero
reserved bits, the "last block" flag and the "Block was forwarded
without being processed" bit. The "last block" flag is ignored because
BABs and other security blocks MAY be added for some parts of the
journey but not others, so the setting of this bit might change from hop
to hop. The "Block was forwarded without being processed" flag is
ignored because the bundle may pass through a non security-aware node,
and this flag would be set.
Section 2.1,pg.10 says:
o EID-references - composite field defined in [DTNBP] containing
references to one or two endpoint identifiers (EIDs). Presence of
the EID-reference field is indicated by the setting of the "Block
contains an EID-reference field" (EID_REF) bit of the block
processing control flags. If one or more references are present,
flags in the ciphersuite ID field, described below, specify which.
If no EID fields are present, then the composite field itself MUST
be omitted entirely and the EID_REF bit MUST be unset. A count
field of zero is not permitted.
o The possible EIDs are:
* (OPTIONAL) Security-source - specifies the security-source for
the block. If this is omitted, then the source of the bundle
is assumed to be the security-source unless otherwise
indicated.
* (OPTIONAL) Security-destination - specifies the security-
destination for the block. If this is omitted, then the
destination of the bundle is assumed to be the security-
destination unless otherwise indicated.
If two EIDs are present, security-source is first and security-
destination comes second.
It should say:
o EID-references - composite field defined in [DTNBP] containing one
or more references to endpoint identifiers (EIDs) (optional) [DTNBP].
Presence of the EID-reference field is indicated by the setting
of the "Block contains an EID-reference field" (EID_REF) bit of
the block processing control flags. If the security-source and
security-destination are present, flags in the ciphersuite ID
field, described below, specify which. Additional EID references MAY
also be present.
If no EID fields are present, then the composite field itself MUST
be omitted entirely and the EID_REF bit MUST be unset. A count
field of zero is not permitted.
o Among the possible EIDs are:
* (OPTIONAL) Security-source - specifies the security-source for
the block. If this is omitted, then the source of the bundle
is assumed to be the security-source unless otherwise
indicated.
* (OPTIONAL) Security-destination - specifies the security-
destination for the block. If this is omitted, then the
destination of the bundle is assumed to be the security-
destination unless otherwise indicated.
If present, the security-source and security-destination are the
first EID references, with the security-source first, followed by
the security-destination.
Section 2.5,pg.21 says:
The process is reversed at the security-destination with the
recovered plaintext block replacing the ESB that had encapsulated it.
Processing of EID-list entries, if any, is described in Section 2.4,
and this MUST be followed in order to correctly recover EIDs.
It should say:
The EID reference to the security-source (if present) is the first
entry in the EID list, followed by the EID reference to the security-
destination (if present). The EID reference list from the block being
protected is then copied to the ESB, and the EID reference count is
updated appropriately.
The process is reversed at the security-destination with the
recovered plaintext block replacing the ESB that had encapsulated it.
The security-source and security-destination (if present) are removed
from the EID list, and any remaining entries are copied to the
recovered plaintext block.
Section 4.4,pg.50 says:
Subsequent ESBs MUST contain a correlator value to link them to the
first ESB. Security-source and security-destination are implied from
the first ESB; however, see the discussion in Section 2.4 concerning
EID-list entries. Subsequent ESBs MUST contain security-parameters
and security-result fields as follows:
It should say:
Subsequent ESBs MUST contain a correlator value to link them to the
first ESB. Security-source and security-destination are implied from
the first ESB; however, see the discussion in Section 2.5 concerning
EID-list entries. Subsequent ESBs MUST contain security-parameters
and security-result fields as follows:
Section 2.5,pg.21 says:
The ESB is placed in the bundle in the same position as the block
being protected. That is, the entire original block is processed
(encrypted, etc.) and encapsulated in a "replacing" ESB-type block,
and this appears in the bundle at the same sequential position as the
original block. The processed data is placed in the security-result
field.
It should say:
The ESB is placed in the bundle in the same position as the block
being protected. That is, the entire original block is processed
(encrypted, etc.) and encapsulated in a "replacing" ESB-type block,
and this appears in the bundle at the same sequential position as the
original block. The processed data is placed in the security-result
field.
Any existing EID-list in the to-be-encapsulated original block
remains exactly as-is, and is copied to the EID-list for the
replacing block. The encapsulation process MUST NOT replace or
remove the existing EID-list entries. This is critically important
for correct updating of entries at the security-destination. The
EID-list copied into the replacing block MAY be preceded by EID
references for the security-source and security-destination.
- [dtn-security] Issue implementing security source… ahennes1
- Re: [dtn-security] Issue implementing security so… Stephen Farrell
- Re: [dtn-security] Issue implementing security so… ahennes1
- Re: [dtn-security] Issue implementing security so… Birrane, Edward J.
- Re: [dtn-security] Issue implementing security so… Birrane, Edward J.
- Re: [dtn-security] Issue implementing security so… ahennes1
- Re: [dtn-security] Issue implementing security so… Peter Lovell
- Re: [dtn-security] Issue implementing security so… Birrane, Edward J.
- Re: [dtn-security] Issue implementing security so… Elwyn Davies
- Re: [dtn-security] Issue implementing security so… Birrane, Edward J.
- [dtn-security] Re(2): Issue implementing security… Peter Lovell
- Re: [dtn-security] Issue implementing security so… ahennes1
- [dtn-security] Re(2): Issue implementing security… Peter Lovell
- Re: [dtn-security] Re(2): Issue implementing secu… ahennes1
- Re: [dtn-security] Issue implementing security so… Peter Lovell
- [dtn-security] Re(4): Issue implementing security… Peter Lovell
- Re: [dtn-security] Issue implementing security so… Stephen Farrell
- Re: [dtn-security] Issue implementing security so… Peter Lovell
- Re: [dtn-security] Issue implementing security so… Birrane, Edward J.
- Re: [dtn-security] Issue implementing security so… Stephen Farrell
- Re: [dtn-security] Issue implementing security so… Birrane, Edward J.
- Re: [dtn-security] Issue implementing security so… ahennes1
- Re: [dtn-security] Issue implementing security so… Stephen Farrell