[dtn-security] Issue implementing security source/destination with ESB blocks

ahennes1@math.umd.edu Thu, 02 August 2012 15:52 UTC

Return-Path: <ahennes1@math.umd.edu>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1518121F869A for <dtn-security@ietfa.amsl.com>; Thu, 2 Aug 2012 08:52:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBCLfkntRkAJ for <dtn-security@ietfa.amsl.com>; Thu, 2 Aug 2012 08:52:48 -0700 (PDT)
Received: from mailfilter.ece.umd.edu (mailfilter.ece.umd.edu [129.2.90.4]) by ietfa.amsl.com (Postfix) with ESMTP id 4732F21F868A for <dtn-security@irtf.org>; Thu, 2 Aug 2012 08:52:48 -0700 (PDT)
X-ASG-Debug-ID: 1343922765-04739d104d313280001-NoPDhg
Received: from svr4.math.umd.edu ([129.2.56.14]) by mailfilter.ece.umd.edu with ESMTP id DFPXRoxsMYSdVTx7; Thu, 02 Aug 2012 11:52:45 -0400 (EDT)
X-Barracuda-Envelope-From: ahennes1@math.umd.edu
X-Barracuda-Apparent-Source-IP: 129.2.56.14
Received: by svr4.math.umd.edu (Postfix, from userid 48) id 4D9B26FC83; Thu, 2 Aug 2012 11:52:45 -0400 (EDT)
Received: from 65.127.220.136 by webmail.math.umd.edu with HTTP; Thu, 2 Aug 2012 11:52:45 -0400
Message-ID: <38cc307b4972055558f2e38b0293db0c.squirrel@webmail.math.umd.edu>
Date: Thu, 2 Aug 2012 11:52:45 -0400
From: ahennes1@math.umd.edu
X-ASG-Orig-Subj: Issue implementing security source/destination with ESB blocks
To: dtn-security@irtf.org, stephen.farrell@cs.tcd.ie, dtnbsp@gmail.com
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Barracuda-Connect: UNKNOWN[129.2.56.14]
X-Barracuda-Start-Time: 1343922765
X-Barracuda-URL: http://mailfilter.ece.umd.edu:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at ece.umd.edu
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=7.0 KILL_LEVEL=1000.0 tests=NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.104479 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 NO_REAL_NAME From: does not include a real name
Subject: [dtn-security] Issue implementing security source/destination with ESB blocks
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2012 15:52:49 -0000

We've run into a problem while implementing the security source and
destination in the ESB blocks.  When ESB encapsulates a block, the BSP RFC
states that the eid ref list of the encapsulated block should be used as
the eid ref list of the encapsulating block, as in PCB.  However, the eid
ref list of the encapsulating block also needs to store the security
source and destination. We aren't sure if the eid ref list of the
encapsulated block should be appended to the eid ref list of the
encapsulating block.  The RFC states that an Abstract Security Block
should have at most 2 eid references, and this would contradict that
statement.

We get around this problem with PCB because the first PCB block's eid ref
list stores the security source and destination, and an extra PCB block is
added for any encapsulated blocks (and this extra PCB block contains the
eid ref list of the encapsulated block).  With ESB, there is a one-to-one
correspondence between the 'replacing' ESB block and the block to be
encapsulated, so we do not have an extra block as in PCB.



thanks,
Angela


Angela Hennessy
Laboratory for Telecommunication Sciences (LTS)