Re: [dtn-security] Issue implementing security source/destination with ESB blocks

ahennes1@math.umd.edu Mon, 06 August 2012 15:51 UTC

Return-Path: <ahennes1@math.umd.edu>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91D0721F85B8 for <dtn-security@ietfa.amsl.com>; Mon, 6 Aug 2012 08:51:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VBI7cZ6oA-dt for <dtn-security@ietfa.amsl.com>; Mon, 6 Aug 2012 08:51:20 -0700 (PDT)
Received: from mailfilter.ece.umd.edu (mailfilter.ece.umd.edu [129.2.90.4]) by ietfa.amsl.com (Postfix) with ESMTP id 123BB21F85C4 for <dtn-security@irtf.org>; Mon, 6 Aug 2012 08:51:19 -0700 (PDT)
X-ASG-Debug-ID: 1344268277-04739d104d3eb800001-NoPDhg
Received: from svr4.math.umd.edu (svr4.math.umd.edu [129.2.56.14]) by mailfilter.ece.umd.edu with ESMTP id uQKp41Tgvqp1ZMoz; Mon, 06 Aug 2012 11:51:17 -0400 (EDT)
X-Barracuda-Envelope-From: ahennes1@math.umd.edu
X-Barracuda-Apparent-Source-IP: 129.2.56.14
Received: by svr4.math.umd.edu (Postfix, from userid 48) id 086EE6FC83; Mon, 6 Aug 2012 11:51:17 -0400 (EDT)
Received: from 63.239.65.11 by webmail.math.umd.edu with HTTP; Mon, 6 Aug 2012 11:51:17 -0400
Message-ID: <e5f316d31c243f6f6758ffc0a81303ca.squirrel@webmail.math.umd.edu>
In-Reply-To: <20120803221701.223057816@smtp.mail.me.com>
References: <20120802214016.1861780438@smtp.mail.me.com> <501B3B2F.5090508@folly.org.uk> <329D879C76FDD04AAAE84BB1D89B397006842FE3A0@aplesfreedom.dom1.jhuapl.edu> <20120803221701.223057816@smtp.mail.me.com>
Date: Mon, 6 Aug 2012 11:51:17 -0400
From: ahennes1@math.umd.edu
X-ASG-Orig-Subj: Re: [dtn-security] Issue implementing security source/destination with ESB blocks
To: "Peter Lovell" <plovell@mac.com>, aloomis@sarn.org, cherita.corbett@jhuapl.edu, stephen.farrell@cs.tcd.ie
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Barracuda-Connect: svr4.math.umd.edu[129.2.56.14]
X-Barracuda-Start-Time: 1344268277
X-Barracuda-URL: http://mailfilter.ece.umd.edu:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at ece.umd.edu
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=7.0 KILL_LEVEL=1000.0 tests=NO_REAL_NAME
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.104863 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 NO_REAL_NAME From: does not include a real name
Cc: dtn-security@irtf.org
Subject: Re: [dtn-security] Issue implementing security source/destination with ESB blocks
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2012 15:51:20 -0000

All,

I'm trying to summarize the issues with RFC6257 for an errata list. How
does this sound:

1. In Section 2.1, in the description of the EID-references, it should
mention that the EID-refs are preceded by a count field.

2. Also in Section 2.1, it states that there can be at most 2 eid refs in
an Abstract Security Block. An exception should be added for ESB, which
can have an arbitrary number of eid refs based on the number in the
original extension block and how many times it has been encapsulated.

3. In Section 2.5, in the discussion of ESB, there needs to be some
language describing how the eid-ref list in the encapsulated block is
appended to the (optional) security src/dest of the encapsulating ESB. As
a result, the eid-ref list in the ESB may be of arbitrary length. Also in
Section 2.5, the statement that eid list entries should be handled
analogously to PCB should be removed (along with the reference to Section
2.4).

4. In Section 4.4, in the description of ESB-RSA-AES128-EXT, the statement
that eid list entries should be handled analogously to PCB should be
removed (along with the reference to Section 2.4).


Thanks,
Angela