[dtn-security] BSP questions

"Peter Lovell" <peter.lovell@sparta.com> Tue, 06 February 2007 13:31 UTC

Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by webbie.berkeley.intel-research.net (8.11.6/8.11.6) with ESMTP id l16DVXY28653 for <dtn-security@mailman.dtnrg.org>; Tue, 6 Feb 2007 05:31:33 -0800
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id l16DVWeZ005876 for <dtn-security@mailman.dtnrg.org>; Tue, 6 Feb 2007 07:31:32 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id l16DVWUS020613 for <dtn-security@mailman.dtnrg.org>; Tue, 6 Feb 2007 07:31:32 -0600
Received: from [192.168.4.109] ([157.185.80.253]) by nemo.columbia.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Feb 2007 08:31:31 -0500
From: "Peter Lovell" <peter.lovell@sparta.com>
To: <dtn-security@mailman.dtnrg.org>
Cc: "Howard Weiss" <howard.weiss@sparta.com>
Date: Tue, 6 Feb 2007 08:31:29 -0500
Message-Id: <20070206133129.1301477151@127.0.0.1>
X-Mailer: CTM PowerMail version 5.5 build 4456 English (intel) <http://www.ctmdev.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 06 Feb 2007 13:31:31.0850 (UTC) FILETIME=[1D29AEA0:01C749F3]
Subject: [dtn-security] BSP questions
Sender: dtn-security-admin@mailman.dtnrg.org
Errors-To: dtn-security-admin@mailman.dtnrg.org
X-BeenThere: dtn-security@mailman.dtnrg.org
X-Mailman-Version: 2.0.13
Precedence: bulk
Reply-To: dtn-security@mailman.dtnrg.org
List-Unsubscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=unsubscribe>
List-Id: DTN Security Discussion <dtn-security.mailman.dtnrg.org>
List-Post: <mailto:dtn-security@mailman.dtnrg.org>
List-Help: <mailto:dtn-security-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=subscribe>
List-Archive: <http://mailman.dtnrg.org/pipermail/dtn-security/>

a question arising from doing the implementation ...

Bundle security spec 2.3 description for PS includes the statement
"The ciphersuite ID MUST be documented as an end-to-end authentication-
ciphersuite or as an end-to-end error-detection-ciphersuite."

Is it the intent that PS is only ever end-to-end? It can never be added
at intermediate points such as a bastion gateway. Gateway-to-gateway
would be done using encapsulation (tunneling), so the gateway would be
the source for the encapsulated bundle. If this is the intent then
several other issues no longer exist.

Thanks.....Peter