[dtn-security] BSP questions

"Peter Lovell" <peter.lovell@sparta.com> Tue, 06 February 2007 13:31 UTC

Received: from M4.sparta.com (M4.sparta.com []) by webbie.berkeley.intel-research.net (8.11.6/8.11.6) with ESMTP id l16DVXY28653 for <dtn-security@mailman.dtnrg.org>; Tue, 6 Feb 2007 05:31:33 -0800
Received: from Beta5.sparta.com (beta5.sparta.com []) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id l16DVWeZ005876 for <dtn-security@mailman.dtnrg.org>; Tue, 6 Feb 2007 07:31:32 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com []) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id l16DVWUS020613 for <dtn-security@mailman.dtnrg.org>; Tue, 6 Feb 2007 07:31:32 -0600
Received: from [] ([]) by nemo.columbia.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 6 Feb 2007 08:31:31 -0500
From: "Peter Lovell" <peter.lovell@sparta.com>
To: <dtn-security@mailman.dtnrg.org>
Cc: "Howard Weiss" <howard.weiss@sparta.com>
Date: Tue, 6 Feb 2007 08:31:29 -0500
Message-Id: <20070206133129.1301477151@>
X-Mailer: CTM PowerMail version 5.5 build 4456 English (intel) <http://www.ctmdev.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 06 Feb 2007 13:31:31.0850 (UTC) FILETIME=[1D29AEA0:01C749F3]
Subject: [dtn-security] BSP questions
Sender: dtn-security-admin@mailman.dtnrg.org
Errors-To: dtn-security-admin@mailman.dtnrg.org
X-BeenThere: dtn-security@mailman.dtnrg.org
X-Mailman-Version: 2.0.13
Precedence: bulk
Reply-To: dtn-security@mailman.dtnrg.org
List-Unsubscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=unsubscribe>
List-Id: DTN Security Discussion <dtn-security.mailman.dtnrg.org>
List-Post: <mailto:dtn-security@mailman.dtnrg.org>
List-Help: <mailto:dtn-security-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=subscribe>
List-Archive: <http://mailman.dtnrg.org/pipermail/dtn-security/>

a question arising from doing the implementation ...

Bundle security spec 2.3 description for PS includes the statement
"The ciphersuite ID MUST be documented as an end-to-end authentication-
ciphersuite or as an end-to-end error-detection-ciphersuite."

Is it the intent that PS is only ever end-to-end? It can never be added
at intermediate points such as a bastion gateway. Gateway-to-gateway
would be done using encapsulation (tunneling), so the gateway would be
the source for the encapsulated bundle. If this is the intent then
several other issues no longer exist.