IETF Logo Mail Archive

Re: [dtn] working group last call on draft-ietf-dtn-bpbis

"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Sat, 28 January 2017 20:27 UTC

Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93CB1297D0 for <dtn@ietfa.amsl.com>; Sat, 28 Jan 2017 12:27:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.399
X-Spam-Level:
X-Spam-Status: No, score=-7.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c15GTKpr5rVH for <dtn@ietfa.amsl.com>; Sat, 28 Jan 2017 12:27:22 -0800 (PST)
Received: from piper.jhuapl.edu (piper.jhuapl.edu [128.244.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F28721297F3 for <dtn@ietf.org>; Sat, 28 Jan 2017 12:27:21 -0800 (PST)
Received: from APLEX03.dom1.jhuapl.edu (unknown [128.244.198.7]) by piper.jhuapl.edu with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 369e_ac7b_6c5f8555_5043_49f1_a204_b52a87f621e8; Sat, 28 Jan 2017 15:27:12 -0500
X-CrossPremisesHeadersFilteredBySendConnector: APLEX03.dom1.jhuapl.edu
Received: from aplex01.dom1.jhuapl.edu (128.244.198.5) by APLEX03.dom1.jhuapl.edu (128.244.198.7) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 28 Jan 2017 15:27:11 -0500
Received: from aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50]) by aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50%26]) with mapi id 15.00.1178.000; Sat, 28 Jan 2017 15:27:12 -0500
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: "I-Viswanathan, Kapaleeswaran" <kapaleeswaran.viswanathan@boeing.com>, dtn <dtn@ietf.org>
Thread-Topic: [dtn] working group last call on draft-ietf-dtn-bpbis
Thread-Index: AQHSaCGm8/6Rgy1ZOEOXeZXK5aWskqFHaLIAgAEDq4CAABEggIAAjTIAgACiDACABMuYpQ==
Date: Sat, 28 Jan 2017 20:27:11 +0000
Message-ID: <1485635230897.24440@jhuapl.edu>
References: <44B4919D-4283-4FDD-91E5-1EE5288D50AC@viagenie.ca> <b573e87b-e62b-56b6-7b89-6bcbde86dd82@cs.tcd.ie> <7a143c37a178456a977662113a4ca13a@XCH15-06-08.nw.nos.boeing.com> <24108c6b-0040-5f34-3b64-23a0d4c89eea@cs.tcd.ie> <CAKKJt-fVGgVxOy7wG-pu-LpdhkZrE1ZozuJ80pa6a_z80zSmLQ@mail.gmail.com>, <98d68cbae12548829e22a5d1ec69326a@XCH15-05-04.nw.nos.boeing.com>
In-Reply-To: <98d68cbae12548829e22a5d1ec69326a@XCH15-05-04.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.244.198.168]
Content-Type: multipart/alternative; boundary="_000_148563523089724440jhuapledu_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: APLEX03.dom1.jhuapl.edu
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/8OKaWhcw533OUWu63xAVPTocfeE>
Subject: Re: [dtn] working group last call on draft-ietf-dtn-bpbis
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Jan 2017 20:27:25 -0000

I spent some time going through Stephen's comments trying to figure out a good way to address them. Rather than making dozens of individual posts on this mailing list, I put together a Google Doc spreadsheet as a way to try and capture thoughts on the items.


The document can be found and edited at:

https://docs.google.com/spreadsheets/d/1NDY3WB6JGoM0I-hNv8F03QxhNzdW8aitOEOcVfoOmUM/edit?usp=sharing


I have 3 sheets (DISCUSS, Minor, Nits) and in each sheet a column where I tried to more concisely distill the comments and then provide my own thoughts.  I would encourage others to make their own columns in the same way. I would also encourage other rows (representing new comments) to be added as we have them.


Not trying to stop or alter discussion on the mailing list itself, but I thought it might be a good idea to also have a place to capture WG member opinions as we go.


Please feel free to use if helpful.


-Ed

---
Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839
________________________________
From: dtn <dtn-bounces@ietf.org> on behalf of I-Viswanathan, Kapaleeswaran <kapaleeswaran.viswanathan@boeing.com>
Sent: Wednesday, January 25, 2017 9:09 AM
To: dtn
Subject: Re: [dtn] working group last call on draft-ietf-dtn-bpbis

Hello:

>>>>>>>>>SNIP(Fred -> Stephen -> Fred -> Stephen -> Spencer)
> I am still going through your comments, but one question that I have
> on one of your points for now:
>
>     "4) it's not ok to omit
>      security mechanism definition, (making [BPSEC] normative and
>      waiting on that in the RFC editor queue would fix this, and is
>     IMO needed),
>
> Wouldn't that create a circular dependency?

>That's not a problem. The RFC editor handles document clusters
>like that all the time.

It is certainly the case (in my experience) that there's a history of IESG Evaluations taking longer/being less enjoyable for all parties when the protocol specification says "please see this other draft for security" and the working group says "we owe you one draft on security" ;-)
<<<<<<<SNIP

I see two ways forward for Bundle Protocol specification.

1.      The IPv4 way: by providing generic data structures for security headers but without providing any detailed specification for these headers.

a.      This approach will be useful to publish the transportation protocol (bundle protocol) specification first and then publish the security protocol (BPSec).

2.      The IPv6 way: by providing clearly specified headers (data structures) for interfacing transportation and security protocols.

a.      This approach will require a complete specification of transportation and security protocols (in different documents) and releasing them at the same time.

I see this as a matter of style, because IPSec has been successfully deployed on IPv4 and IPv6.

But, purely from a documentation perspective, in its current specification style, Bundle Protocol appears to be a similar to IPv6. In the IPv4 document reference model, security specification (IPSec) refers to transportation specification (IPv4) but not the other way around. In the IPv6 document reference model, transportation (IPv6) and security (IPSec) specifications cross-reference each other. The document references in IP and IPSec documents are as follows.

1.      IPSec –refers to--> IPv4, IPv6

2.      IPv6 –refers to--> IPSec

3.      IPv4 –does not refer to--> IPSec

Bundle Protocol specifies security in extension blocks (https://tools.ietf.org/html/draft-ietf-dtn-bpbis-06#section-4.3). IPv6 specifies security in extension headers (https://tools.ietf.org/html/rfc2460#section-4.1). In IPv6, data confidentiality is specified as optional while authentication and data integrity are mandatory. IPv4 specifies security as something that is needed in “some simutations” (https://tools.ietf.org/html/rfc791#section-1.4) and minimizes any heavy-weight attention to the topic.

The following text from IPv6 could be interesting in this regard.


A full implementation of IPv6 includes implementation of the

   following extension headers:



           Hop-by-Hop Options

           Routing (Type 0)

           Fragment

           Destination Options

           Authentication

           Encapsulating Security Payload



   The first four are specified in this document; the last two are

   specified in [RFC-2402<https://sslvpn.jhuapl.edu/html/,DanaInfo=tools.ietf.org,SSL+rfc2402>] and [RFC-2406<https://sslvpn.jhuapl.edu/html/,DanaInfo=tools.ietf.org,SSL+rfc2406>], respectively.



Best regards

Kapali

v2.23.0 | Report a Bug | By Email