[dtn-security] Implementing Security Destinations in DTN2

ahennes1@math.umd.edu Mon, 03 September 2012 13:38 UTC

Return-Path: <ahennes1@math.umd.edu>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 988A521F8575 for <dtn-security@ietfa.amsl.com>; Mon, 3 Sep 2012 06:38:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.949
X-Spam-Level:
X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPuimZ-L9R43 for <dtn-security@ietfa.amsl.com>; Mon, 3 Sep 2012 06:38:52 -0700 (PDT)
Received: from mailfilter.ece.umd.edu (mailfilter.ece.umd.edu [129.2.90.4]) by ietfa.amsl.com (Postfix) with ESMTP id 1E82621F856D for <dtn-security@irtf.org>; Mon, 3 Sep 2012 06:38:52 -0700 (PDT)
X-ASG-Debug-ID: 1346679530-04739d10282459c0001-NoPDhg
Received: from svr4.math.umd.edu (svr4.math.umd.edu [129.2.56.14]) by mailfilter.ece.umd.edu with ESMTP id KGt52sDcfBQDBbgD; Mon, 03 Sep 2012 09:38:50 -0400 (EDT)
X-Barracuda-Envelope-From: ahennes1@math.umd.edu
X-Barracuda-Apparent-Source-IP: 129.2.56.14
Received: by svr4.math.umd.edu (Postfix, from userid 48) id D6F5C6FC83; Mon, 3 Sep 2012 09:38:50 -0400 (EDT)
Received: from 69.243.25.71 by webmail.math.umd.edu with HTTP; Mon, 3 Sep 2012 09:38:50 -0400
Message-ID: <2665b4bca07d1e0d3d9de88844cc02e9.squirrel@webmail.math.umd.edu>
Date: Mon, 3 Sep 2012 09:38:50 -0400
From: ahennes1@math.umd.edu
X-ASG-Orig-Subj: Implementing Security Destinations in DTN2
To: dtn-security@irtf.org
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Barracuda-Connect: svr4.math.umd.edu[129.2.56.14]
X-Barracuda-Start-Time: 1346679530
X-Barracuda-URL: http://mailfilter.ece.umd.edu:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at ece.umd.edu
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=7.0 KILL_LEVEL=1000.0 tests=BSF_SC0_MISMATCH_TO, NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.107490 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 NO_REAL_NAME From: does not include a real name 0.00 BSF_SC0_MISMATCH_TO Envelope rcpt doesn't match header
Subject: [dtn-security] Implementing Security Destinations in DTN2
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Sep 2012 13:38:52 -0000

We're working on adding support for defining security source/destinations
in DTN2 (which could be different than the bundle src/dest).

This raised the issue of whether or not we should route the bundle to the
security destination (if defined), rather than the bundle destination. If
we don't route the bundle through the security dest, then it may be
discarded at the bundle dest if it did not pass through the security dest
in transit.

There are also some practical issues that are raised. There can be a
security destination for PIB/PCB, and a (possibly different) security dest
for ESB, and we'd have to decide which one to choose.

Also, the routers in DTN2 access the bundle destination themselves, i.e.
bundle->dest(). They would each have to be corrected to use some other
value.


Any comments/feedback would be appreciated.


thanks,
Angela