[dtn-security] Re(2): Header Encryption

Peter Lovell <plovell@mac.com> Fri, 17 July 2009 18:20 UTC

Received: from asmtpout020.mac.com (asmtpout020.mac.com []) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6HIKrhn018925 for <dtn-security@maillists.intel-research.net>; Fri, 17 Jul 2009 11:20:53 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Received: from [] by asmtp020.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMX009LNUVFTFA0@asmtp020.mac.com> for dtn-security@maillists.intel-research.net; Fri, 17 Jul 2009 11:18:55 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: Sushil Chaudhari <schaudhari@mzeal.com>, dtn-security@maillists.intel-research.net
Date: Fri, 17 Jul 2009 12:20:14 -0400
Message-id: <20090717162014.1496793716@smtp.mac.com>
In-reply-to: <20090717155125.7458.qmail@mzeal.com>
References: <20090717155125.7458.qmail@mzeal.com>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Subject: [dtn-security] Re(2): Header Encryption
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2009 18:20:54 -0000

On Fri, Jul 17, 2009, Sushil Chaudhari <schaudhari@mzeal.com> wrote:

>We are using BSP and while observing bundles on Wireshark, the header
>seems to be unencrypted. Also as per draft-irtf-dtnrg-bundle-
>security-08, "every bundle must contain a primary block that contains
>the source and destination EID's that can not be encrypted"
>My question is, 
>1.Do we have some method for header encryption?

The nodes need to be able to process the bundle, so you need basic
things like addresses. If it's important to encrypt the headers, about
your only choice is bundle-in-bundle encapsulation. You then encrypt the
encapsulated bundle (PCB). But this new bundle *still* needs a primary
block, and addresses, and the like. 

What goal are you trying to achieve?

>2.Does DTN2 can be used with IPSEC? if not do we need additional
>convergence layer for the support to IPSEC?

I know of no particular reason it would be a problem but I must admit I
haven't tried it. I'm sure others have and maybe they'll comment on
successes or failure.