[dtn-security] RE: Bundle Security Protocol items for discussion
"Symington, Susan F." <susan@mitre.org> Fri, 17 November 2006 20:25 UTC
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [192.160.51.76]) by webbie.berkeley.intel-research.net (8.11.6/8.11.6) with ESMTP id kAHKPvY20318 for <dtn-security@mailman.dtnrg.org>; Fri, 17 Nov 2006 12:25:57 -0800
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.12.11.20060308/8.12.11) with SMTP id kAHKPv25020788 for <dtn-security@mailman.dtnrg.org>; Fri, 17 Nov 2006 15:25:57 -0500
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (Postfix) with ESMTP id 0CA21BEFB for <dtn-security@mailman.dtnrg.org>; Fri, 17 Nov 2006 15:25:57 -0500 (EST)
Received: from imcfe2.MITRE.ORG (imcfe2.mitre.org [129.83.29.4]) by smtp-bedford.mitre.org (8.12.11.20060308/8.12.11) with ESMTP id kAHKPuan020765; Fri, 17 Nov 2006 15:25:56 -0500
Received: from IMCSRV4.MITRE.ORG ([129.83.20.161]) by imcfe2.MITRE.ORG with Microsoft SMTPSVC(6.0.3790.1830); Fri, 17 Nov 2006 15:25:56 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C70A86.9585752C"
Date: Fri, 17 Nov 2006 15:25:54 -0500
Message-ID: <8E507634779E22488719233DB3DF9FF001229817@IMCSRV4.MITRE.ORG>
In-Reply-To: <8E507634779E22488719233DB3DF9FF001228E04@IMCSRV4.MITRE.ORG>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Bundle Security Protocol items for discussion
Thread-Index: AccHY8fyBEqx0jp0SPmXlBJ124qKsADIS4Fw
From: "Symington, Susan F." <susan@mitre.org>
To: "Symington, Susan F." <susan@mitre.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Howard Weiss <howard.weiss@sparta.com>, Peter Lovell <peter.lovell@sparta.com>
Cc: dtn-security@mailman.dtnrg.org
X-OriginalArrivalTime: 17 Nov 2006 20:25:56.0090 (UTC) FILETIME=[95F1DDA0:01C70A86]
Subject: [dtn-security] RE: Bundle Security Protocol items for discussion
Sender: dtn-security-admin@mailman.dtnrg.org
Errors-To: dtn-security-admin@mailman.dtnrg.org
X-BeenThere: dtn-security@mailman.dtnrg.org
X-Mailman-Version: 2.0.13
Precedence: bulk
Reply-To: dtn-security@mailman.dtnrg.org
List-Unsubscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=unsubscribe>
List-Id: DTN Security Discussion <dtn-security.mailman.dtnrg.org>
List-Post: <mailto:dtn-security@mailman.dtnrg.org>
List-Help: <mailto:dtn-security-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=subscribe>
List-Archive: <http://mailman.dtnrg.org/pipermail/dtn-security/>
Security authors and pundits, Thanks for your input in the past few days. It is helping to improve the spec. As far as I can tell, below are the only remaining items that we need to resolve before we can wrap up this next revision of the Bundle Security Protocol. I would appreciate receiving your input on these issues. Once I roll in whatever revisions these generate, I will circulate version 3 of the Bundle Security Protocol for your review. Thanks. -susan ***************************************************************** Susan Symington The MITRE Corporation susan@mitre.org 703-983-7209 (voice) 703-983-7142 (fax) ****************************************************************** ________________________________ From: Symington, Susan F. Sent: Monday, November 13, 2006 3:39 PM To: Stephen Farrell; 'Howard Weiss' Cc: Symington, Susan F. Subject: Bundle Security Protocol items for discussion Stephen and Howie, The following are Items we need to discuss wrt the bundle security protocol that were brought up by BBN: 1. If a bundle includes a previous hop insertion block (defined in its own internet draft) with an EID-only or EID-with-Timestamp-formatted information record, then this means that the bundle already includes the EID of its previous hop (in its dictionary), with pointers to this previous hop EID (in its previous-hop insertion block). In this case, it would be redundant to include the EID of the previous hop in the security-source field of the BAB. Therefore, I propose that we no longer make inclusion of the security-source field mandatory in the BAB. It should be optional. If the security-source field is not present, however, and the EID of the previous hop cannot be inferred from some other part of the bundle, then processing of the BAB shall fail. The proposed text would say, "If the forwarder of the bundle is not identified in any other blocks of the bundle (e.g. the optional Previous-hop insertion block), then the security-source field MUST be present and MUST identify the forwarder of the bundle." 2. Under the "Notes" section of 3.2.2, it says, "URI encoding will be a cause for errors if any node rewrites the dectionary...we simple hae to live with this problem". BBN wonders why we can't just put in a statement like, "A node SHOULD NOT change the encoding of any URI in the dictionary field (elg. changing the DNS part of some HTTP URL from lower case to upper case)." I don't understand the problem sufficiently be able to respond on this. 3. In section 3.4, Bundles received from other nodes, 5th paragraph, it says that "...the node MUST decrypt the relevant parts of the bundle according to the ciphersuite specification and delete the CH in question." BBN wants to know what to do if decryption fails. I propose we add a sentence here that says, "If the relevant parts of the bundle cannot be decrypted (i.e., the decription key cannot be deduced or decryption fails), the behavior of the bundle protocol agent will be as specified in the CB Block Processing Flags, unless overridden by the local security policy." Is this okay with you? 4. If the CH-RSA-AES-PAYLOAD-PSH ciphersuite is used, the first CH must have a ciphersuite parameter that contains a 16-byte IV, optionally followed by a key identifier. Is it true that the way we tell whether or not there is only an IV versus an IV followed by a key ID is by the length specified in the ciphersuite parameters SDNV? If this SDNV shows the ciphersuite parameters field to be 16 bytes long, then we know only an IV is included. If this SDNV shows the ciphersuite parameters field to be longer than 16 bytes, then we know that both an IV and a key ID is included, and the length of the key ID is the length shown in the SDNV minus 16 bytes. Is this correct? If so, BBN was unsure of it so we should probably explicitly say this in the spec. [Susan] Now that we have redefined the format of the Abstrace Security Block such that the parameters field morphed into a compound field (parameters-length field and parameters data field), I propose that we specify in teh CH-RSA_AES-PAYLOAD-PSH ciphersuite that if the parameters-length field has a value equal to 16, then the parameters data field consists of only a 16-bye IV. If the parameters-length field has a value greater than 16, then the parameters data field consists of a 16-byte IV followed by a key identifier, and the length of that key identifier is the value in the parameters length field minus 16. 5. To be sure I am correct, in the CH-RSA-AES-PAYLOAD-PSH ciphersuite definition, the input to the KDF is the BEK catenated wtih the IV from the ciphersuite parameter of the first CH, right? (BBN was unclear on whether there is a single IV in the first CH or whether each CH includes an IV). It is my understanding that there is a single IV in the first CH. Subsequent CHs do not contain any of the optional fields (such as ciphersuite parameters) that are included in the first CH. Is my understanding correct? -susan ***************************************************************** Susan Symington The MITRE Corporation susan@mitre.org 703-983-7209 (voice) 703-983-7142 (fax) ******************************************************************
- [dtn-security] Re: Bundle Security Protocol items… Stephen Farrell
- [dtn-security] RE: Bundle Security Protocol items… Symington, Susan F.