[dtn-security] Re(2): Re(2): Re(2): Is there a "secure" referenceimplementation of the DTN stack?

Peter Lovell <plovell@mac.com> Mon, 29 June 2009 14:04 UTC

Received: from asmtpout013.mac.com (asmtpout013.mac.com [17.148.16.88]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n5TE4pxV006922 for <dtn-security@maillists.intel-research.net>; Mon, 29 Jun 2009 07:04:51 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Received: from [157.185.80.152] by asmtp013.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KM000BEJ70T1850@asmtp013.mac.com> for dtn-security@maillists.intel-research.net; Mon, 29 Jun 2009 07:02:57 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: "Eddy, Wesley M. (GRC-MS00)[Verizon]" <wesley.m.eddy@nasa.gov>, "Graham Keellings (Leonix Solutions Pte Ltd)" <Graham@leonixsolutions.com>
Date: Mon, 29 Jun 2009 10:02:54 -0400
Message-id: <20090629140254.662880797@smtp.mac.com>
In-reply-to: <C304DB494AC0C04C87C6A6E2FF5603DB2217B29183@NDJSSCC01.ndc.nasa.gov>
References: <89E48AE60E64EF4E8EB32B0B7EC74920A1B0F5@EVS-EC1-NODE2.surrey.ac.uk> <4A12195A.6000207@LeonixSolutions.com> <"3A5AA67A8B120B48825BFFCF544385613 7E0B06196"@NDJSSCC03.ndc.nasa.gov> <4A1DD73F.50000@bbn.com> <023601c9df2a$694fd5b0$3bef8110$@com> <4A2DF7FD.5020104@LeonixSolutions.com> <3A5AA67A8B120B48825BFFCF5443856137E3553C4B@NDJSSCC03.ndc.nasa.gov> <"029d01c 9e925$1e354880$5a9fd980$"@com> <4A46C257.3040006@LeonixSolutions.com> <"2009062 8050243.1566215671"@smtp.mac.com> <4A46FBB2.3080205@LeonixSolutions.com> <"2009 0628052255.640550503"@smtp.mac.com> <4A470CD7.4010502@LeonixSolutions.com> <"20 090628141313.1532044204"@smtp.mac.com> <4A4878A6.7010707@LeonixSolutions.com> <20090629123400.1726285002@smtp.mac.com> <C304DB494AC0C04C87C6A6E2FF5603DB2217B29183@NDJSSCC01.ndc.nasa.gov>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Cc: dtn-security@maillists.intel-research.net
Subject: [dtn-security] Re(2): Re(2): Re(2): Is there a "secure" referenceimplementation of the DTN stack?
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2009 14:04:52 -0000

Hi Wes,

very true. 

I will soon be doing some work to help this within RI. I regard key
distribution between nodes as a control-plane issue and one with which
systems designers must deal. But we can help the problem of using keys
within an individual node. Pre-placing PKI certificates will be an
adequate solution for some systems and that's what I'll be using to
start with.

Regards.....Peter


On Mon, Jun 29, 2009, Eddy, Wesley M. (GRC-MS00)[Verizon]
<wesley.m.eddy@nasa.gov> wrote:

>As Peter mentioned earlier, even with a complete BSP implementation,
>you still have to figure out how to do key management on your own.
>This is the hardest and most complex part, if you need it to scale
>to some level, be robust to disconnection, delay, and low bandwidth,
>and if you rely on the established keys to carry critical traffic.
>The BSP is only part of the solution you need, and the rest is left
>as an exercise to the user ...
>
>---------------------------
>Wes Eddy
>Network & Systems Architect
>Verizon FNS / NASA GRC
>Office: (216) 433-6682
>---------------------------
>
>>-----Original Message-----
>>From: dtn-security-bounces@maillists.intel-research.net [mailto:dtn-
>>security-bounces@maillists.intel-research.net] On Behalf Of Peter Lovell
>>Sent: Monday, June 29, 2009 8:34 AM
>>To: Graham Keellings (Leonix Solutions Pte Ltd)
>>Cc: dtn-security@maillists.intel-research.net
>>Subject: [dtn-security] Re(2): Re(2): Is there a "secure"
>>referenceimplementation of the DTN stack?
>>
>>Hi Graham,
>>
>>the best document at this time is the Bundle Security Protocol
>>Specification, available at <http://tools.ietf.org/id/draft-irtf-dtnrg-
>>bundle-security-08.txt>
>>
>>This is quite a long document and describes both the general approach
>>with ciphersuites and the specific implementation of suites for Bundle
>>Authentication (BA), Payload Integrity (PI), Payload Confidentiality
>>(PC) and Extension Security (EA). In your search for A Rosetta Stone,
>>you'll find that this is about as stony as it gets. It will take some
>>time to discern the humour in that statement :)
>>
>>Regards.....Peter