Re: [dtn-security] policy based key management

"Peter Lovell" <peter.lovell@sparta.com> Fri, 21 November 2008 17:01 UTC

Received: from M4.sparta.com (M4.sparta.com [157.185.61.2]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id mALH1IrC022326 for <dtn-security@maillists.intel-research.net>; Fri, 21 Nov 2008 09:01:18 -0800
Received: from Beta5.sparta.com (beta5.sparta.com [157.185.63.21]) by M4.sparta.com (8.13.5/8.13.5) with ESMTP id mALGeXdv023709; Fri, 21 Nov 2008 10:40:34 -0600
Received: from nemo.columbia.ads.sparta.com (nemo.columbia.sparta.com [157.185.80.75]) by Beta5.sparta.com (8.12.11/8.13.1) with ESMTP id mALGePNq023790; Fri, 21 Nov 2008 10:40:34 -0600
Received: from [192.168.4.98] ([157.185.80.253]) by nemo.columbia.ads.sparta.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 21 Nov 2008 11:40:26 -0500
From: "Peter Lovell" <peter.lovell@sparta.com>
To: <M.Bhutta@surrey.ac.uk>, <dtn-security@maillists.intel-research.net>
Date: Fri, 21 Nov 2008 11:40:23 -0500
Message-Id: <20081121164023.1096594686@127.0.0.1>
In-Reply-To: <676D5FD21A8EEC4591C13839BF2A14B9F1692B@EVS-EC1-NODE4.surrey.ac.uk>
References: <676D5FD21A8EEC4591C13839BF2A14B9F1692B@EVS-EC1-NODE4.surrey.ac.uk>
X-Mailer: CTM PowerMail version 5.6.5 build 4509 English (intel) <http://www.ctmdev.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
X-OriginalArrivalTime: 21 Nov 2008 16:40:26.0710 (UTC) FILETIME=[DB6C8F60:01C94BF7]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by maillists.intel-research.net id mALH1IrC022326
Subject: Re: [dtn-security] policy based key management
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Fri, 21 Nov 2008 17:01:19 -0000

On Fri, Nov 21, 2008, M.Bhutta@surrey.ac.uk <M.Bhutta@surrey.ac.uk> wrote:

>Hi, 
>
>Will it be feasible to base the solution for Key management based on
>policy (like policy based routing) .. 
>
>We can broadcast the policy within a domain, and Then we can perform
>security services..(The broadcasting can be made deterministic or
>efficient using complex algorithms)... 
>
>1. Please comment on this option for Having key management for DTN
networks.. 
>2. Will it be a best scenario to show heterogeneity of DTN to have
>different network regions connected together, showing sensors, satellite
>and internet... 
>
>Looking forward for your comments... 
>
>thanks.. 
>
>Nasir Mumtaz
>PhD Student, Electronic Engineering
>CCSR, UniS 


Hi Nasir,

that's certainly possible -- how to do it is entirely up to you.

The Bundle Protocol and Bundle Security Protocol make no assumptions
about how keys are managed. The only requirement is that the key or an
identifier of some sort for the key be placed in the "key info" item.
The spec suggests that these be asn.1-encoded but that's only a
suggestion, not a requirement.

Stephen Farrell <stephen.farrell@cs.tcd.ie> is very interested in work
on key management, as well as authentication and authorization. You
might have more conversations with him on this.

Cheers.....Peter