Re: [dtn-security] SDNV

Scott Burleigh <Scott.Burleigh@jpl.nasa.gov> Fri, 10 June 2005 14:26 UTC

Received: from nmta2.jpl.nasa.gov (nmta.jpl.nasa.gov [137.78.160.215]) by webbie.berkeley.intel-research.net (8.11.6/8.11.6) with ESMTP id j5AEQYV22787 for <dtn-security@mailman.dtnrg.org>; Fri, 10 Jun 2005 07:26:35 -0700
Received: from xmta3.jpl.nasa.gov (xmta3.jpl.nasa.gov [137.78.160.111]) by nmta2.jpl.nasa.gov (Switch-3.1.7/Switch-3.1.7) with ESMTP id j5AEQH0N007607 for <dtn-security@mailman.dtnrg.org>; Fri, 10 Jun 2005 07:26:25 -0700
Received: from [127.0.0.1] (dhcp-79-22-229.jpl.nasa.gov [137.79.22.229]) by xmta3.jpl.nasa.gov (Switch-3.1.7/Switch-3.1.7) with ESMTP id j5AEQCik012809 for <dtn-security@mailman.dtnrg.org>; Fri, 10 Jun 2005 07:26:16 -0700
Message-ID: <42A9A303.9030103@jpl.nasa.gov>
Date: Fri, 10 Jun 2005 07:26:11 -0700
From: Scott Burleigh <Scott.Burleigh@jpl.nasa.gov>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: dtn-security@mailman.dtnrg.org
Subject: Re: [dtn-security] SDNV
References: <4253247634.4763442532@jpl.nasa.gov>
In-Reply-To: <4253247634.4763442532@jpl.nasa.gov>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-Source-IP: dhcp-79-22-229.jpl.nasa.gov [137.79.22.229]
X-Source-Sender: Scott.Burleigh@jpl.nasa.gov
X-AUTH: Internal IP
Sender: dtn-security-admin@mailman.dtnrg.org
Errors-To: dtn-security-admin@mailman.dtnrg.org
X-BeenThere: dtn-security@mailman.dtnrg.org
X-Mailman-Version: 2.0.13
Precedence: bulk
Reply-To: dtn-security@mailman.dtnrg.org
List-Unsubscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=unsubscribe>
List-Id: DTN Security Discussion <dtn-security.mailman.dtnrg.org>
List-Post: <mailto:dtn-security@mailman.dtnrg.org>
List-Help: <mailto:dtn-security-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://mailman.dtnrg.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@mailman.dtnrg.org?subject=subscribe>
List-Archive: <http://mailman.dtnrg.org/pipermail/dtn-security/>

John S Segui wrote:

>I am currently working on a DTN simulation project and have read the interesting email exchanges regarding SDNVs. First, I would like to say that I agree with the current push to unify SDNV-8 and SDNV-16. However, while the proposed SDNV nicely allows for relatively large length fields, it has an upper limit in length. So my question is: is there any reason SDNV should not handle variable length fields of all sizes?
>
>One method for handling infinitely long fields is to nest SDNVs. For instance, make bit two of the SDNV discriminant byte signify whether the SDNV nests another SDNV. In this case, the “root” SDNV follows whatever agreed upon standard for root SDNV encoding but its numerical value represents the length (in bits) of the *length* field in the nested SDNV (e.g. SDNV{SDNV}, SDNV{SDNV{SDNV}}, etc.). This is somewhat similar to the proposed method of encoding the length of the following field inside an SDNV, but has the added benefit, through nesting, of allowing infinite length; thus avoiding the Y2.1K bug.
>
>An alternative (suggested by a co-worker) is to chain SDNVs together. For instance, let bit two of the SDNV’s discriminant byte signify whether the field overflowed into another SDNV.
>
>In conclusion, there appears no reason why we can’t have a standard fully scalable data type to handle all variable length fields, including ever-growing crypto keys. Also, neither suggested method seems more complex or simpler than the current method. Comments?
>  
>
This is a pretty elegant idea, John, especially the nested variant, but 
I don't think I'd favor changing.  One disadvantage of both these 
approaches is that you lose the second bit of the discriminant, reducing 
the maximum size of the value you can represent in one byte from 127 to 
63; having to use two bytes to encode values on a fairly common scale 
like 1-100 doesn't seem attractive.  At the same time, it's not clear 
that we'll need to be able to represent numeric values of infinite 
length in these protocols.  For some kinds of math research I can 
imagine the nested SDNV structure being pretty handy, but using the SDNV 
to encode the length of a field (such as an encryption key) lets us have 
fields whose lengths are up to (2^68) bytes; I think that is likely to 
be plenty.

Scott