[dtn] Fwd: BPsec -22, Section 9.1
"R. Atkinson" <rja.lists@gmail.com> Thu, 03 September 2020 13:35 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71BD33A0BF9 for <dtn@ietfa.amsl.com>; Thu, 3 Sep 2020 06:35:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i2iTU7sSMuSV for <dtn@ietfa.amsl.com>; Thu, 3 Sep 2020 06:35:15 -0700 (PDT)
Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C51043A0BF2 for <dtn@ietf.org>; Thu, 3 Sep 2020 06:35:15 -0700 (PDT)
Received: by mail-qk1-x72c.google.com with SMTP id w186so3061925qkd.1 for <dtn@ietf.org>; Thu, 03 Sep 2020 06:35:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:date:subject:references:cc:to; bh=tAmowSYNc5WTR0ojGsEs7fRiaEWxA7CVJw/V12894Xw=; b=uFnNN3DUQ7TCk/SOp/SFYocufwGQGYJJnjgIykSPhTIiNOqZ9xGFMF4DmQKVhXmwty 84M0RcLKqUi2UYoT7E3f+aPFQbaLTY0RkKLp+FoopqeoUcJ+JzckKfVmuFcHadfJroaJ N69no2hoGuoGE1Kth4gcSigLx8OFTfZjkO6BFeSkVzn2NKYpWfKymPy37wx4GCf8adNT zXB4z8PpK0qExuSwlkBkMYQx2G5fHYJrPh+TJ60uIKlPFgdgYSCIbDX1PpeRH/nHlvTR VGfGx3WvwIE7cRT/Vx4lyWlVQoBkopYcuPF/8UOJn86cSV+w9LJZIcsSIj6NjQJ4eBik YITQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:date:subject :references:cc:to; bh=tAmowSYNc5WTR0ojGsEs7fRiaEWxA7CVJw/V12894Xw=; b=EO1ydazdsaqGWfnmRvRtfN6UiS6bA0PlvsAPbrAwLcmdF9ZC+6xUMywPFP6KzTVv7a CnxBgxdrKR0ubhv36PzoapxgxWKgHZH4mcke6FPMmxWTZu4ubNWlufEO/G/cBA77EMRf 9eyOJ23p5lzQVKyCENn/czsFJezdTWytt/OPbmzEe4GolsiMJwdhvghn1dpvLQWe85R4 BQzSlvAntS33rypveOaRr9jVH7dWgF/D9MXJXgpU5PF+P4JXmAHz1+KlZP6vrONcLGDd Wk/1m1Avc7PbhJ/QJDTj1kVEXD97i0feTQhrT3LuXZwvrj564nRaOUeF9zgxel06oBqg cRLA==
X-Gm-Message-State: AOAM533vkJkmOT87bD17FTXaB4jlGCkyKXwEBYD0Zcl5m/4WqTIGSY+p EKR64tkSQUfoMZuexQwJYx4=
X-Google-Smtp-Source: ABdhPJz7YUPYvoaj8eGneUhcWXbYOn65Pi1G6+qWhJ+ktUr3pwBT9DonldLM1MPZuWvVAj+WVk9Lsg==
X-Received: by 2002:a05:620a:346:: with SMTP id t6mr3138881qkm.29.1599140114723; Thu, 03 Sep 2020 06:35:14 -0700 (PDT)
Received: from [10.30.20.14] (pool-141-156-180-77.washdc.fios.verizon.net. [141.156.180.77]) by smtp.gmail.com with ESMTPSA id u17sm2020305qtq.20.2020.09.03.06.35.13 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Sep 2020 06:35:13 -0700 (PDT)
From: "R. Atkinson" <rja.lists@gmail.com>
Message-Id: <7CE74C48-8E7D-42D3-B895-020E022E9DAD@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C1411B7E-043F-4AF5-83FD-D08C8989AE38"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
Date: Thu, 03 Sep 2020 09:35:12 -0400
References: <DB221853-1E21-46E1-B4B8-AB29378CEBC5@gmail.com>
Cc: DTN WG <dtn@ietf.org>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/A_Da0qdOjcOoFZde47PswhywhxU>
Subject: [dtn] Fwd: BPsec -22, Section 9.1
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2020 13:35:17 -0000
Magnus, I would gently suggest that if DTN WG combined my proposed edits below (email to DTN list August 7th) -- along with the proposed edits I offered earlier (email to DTN list July 29th w/ Subject: Re: [dtn] BPbis - mandatory BPsec) —that ought to be sufficient to resolve the ”MUST implement security" concerns. I defer to the WG Chairs and AD for formal consensus determination, but I haven’t seen substantial objections to either of my notes referenced above. For context, I’m the ghost author of RFC 3552 (most of the words are mine, which is acknowledged explicitly) and I’ve done IETF security work for about 3 decades now (e.g. RFC-1704, RFC-1825 thru RFC-1827, RFC-2082, et alia). Thanks, Ran Atkinson > Begin forwarded message: > > From: "R. Atkinson" <rja.lists@gmail.com> > Subject: BPsec -22, Section 9.1 > Date: August 7, 2020 at 09:25:55 EDT > To: DTN WG <dtn@ietf.org> > > All, > > Some belated feedback on the BPsec -22 draft follows, organised by section/page.etc. > > Section 9.1, page 34, 2nd paragraph, which begins “Implementations of BPsec MUST…" > > I am open to wordsmithing, but I propose to replace that one paragraph with these 3 paragraphs. I am using separate paragraphs to talk about separate concepts primarily for readability. > > PROPOSED NEW TEXT: > > "To ensure interoperability among various implementations, all BPSec implementations > MUST support at least the current IETF standards-track mandatory security context(s). > As of this writing, that BCP mandatory security context is specified in > [I-D.ietf-dtn-interop-sc], but the mandatory security context(s) might change > over time in accordance with usual IETF processes. Such changes are likely to occur > in future if/when flaws are discovered in the applicable cryptographic algorithms, > for example. > > "Additionally, BPsec implementations need to support the security contexts which > are specified and/or used by the BP networks in which they are deployed. > > "If a node serves as a gateway amongst two or more networks, the BPSec > implementation at that node needs to support the union of security contexts > mandated in those networks.” > > REASONING: > > An implementer of BPsec might or might not have any idea where his/her implementation might be deployed. So the existing paragraph inadvertently requires an implementer to have knowledge which they very likely cannot have. > > Extensive prior experience with IETF security protocols at various layers (e.g., IPsec tunnel-mode, IPsec transport-mode, TLS, routing protocol authentication) has consistently shown that at least one mandatory-to-implement security context needs to be specified. As noted just above, an implementer might well not know where and how a BPsec implementation might be deployed in future. So it is important to require implementation of at least one security context which will be common across all implementations. > > Experience also has shown that over time the mandatory-to-implement security context will need to change. The two most common reasons are (a) newly discovered flaw in a cryptographic algorithm (e.g., MD4, MD5, SHA) and (b) improved computational power making an existing algorithm computationally-feasible to attack (e.g., DES). > > There is a practical requirement that implementations within a given network support whichever security context that network deploys and also that a gateway between networks support applicable security context(s). However, those are not something which IETF reasonably can mandate, since an implementer can’t always know where a given BPsec implementation might be deployed in future. IETF standards normally focus on implementations rather than on deployments. Where IETF does focus on deployment matters, the usual approach is to publish a “Best Current Practice (BCP)” document rather than a “standard”. > > > QUESTION: > > Should we maybe avoid mandating [ID.bpsec-interop-sc] above and instead re-word the text above to say "as per the latest IETF BCP specifying mandatory-to-implement BPsec security contexts" (and then create a 1 paragraph BCP that says ID.bpsec-interop-sc is the current mandatory-to-implement security context) ?? > > That would have the hassle of creating an additional (BCP) document now, but would avoid the future hassle of needing to deprecate the entire BPsec RFC ONLY because some other security context became the mandatory-to-implement security context. If the BPsec protocol is fine, then it would be nice to be able to change mandatory-to-implement security contexts WITHOUT changing the BPsec protocol specification. This type of thing has happened in the past with other IETF security protocols. > > > Feedback very welcome… > > > Thanks ! > >
- [dtn] BPbis - mandatory BPsec Burleigh, Scott C (US 312B)
- Re: [dtn] BPbis - mandatory BPsec R. Atkinson
- Re: [dtn] BPbis - mandatory BPsec Taylor, Rick
- Re: [dtn] BPbis - mandatory BPsec Birrane, Edward J.
- Re: [dtn] BPbis - mandatory BPsec ronnybull
- [dtn] BPsec -22, Section 9.1 R. Atkinson
- [dtn] Fwd: BPsec -22, Section 9.1 R. Atkinson
- Re: [dtn] Fwd: BPsec -22, Section 9.1 Birrane, Edward J.