IETF Logo Mail Archive

Re: [dtn] BPSec Last Call?

lloyd.wood@yahoo.co.uk Mon, 18 September 2017 19:37 UTC

Return-Path: <lloyd.wood@yahoo.co.uk>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DED791241F3 for <dtn@ietfa.amsl.com>; Mon, 18 Sep 2017 12:37:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.co.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BY76VmPsT0s8 for <dtn@ietfa.amsl.com>; Mon, 18 Sep 2017 12:37:44 -0700 (PDT)
Received: from sonic301-22.consmr.mail.ir2.yahoo.com (sonic301-22.consmr.mail.ir2.yahoo.com [77.238.176.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 886E013303A for <dtn@ietf.org>; Mon, 18 Sep 2017 12:37:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1505763460; bh=/Tqpo/8WNgd36VsvvM/jveoda7y2utRJF1j9XVDYspo=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject; b=OnOUgwHWIRIfsqHJBv6YC9qCIi6RxoB526X4dO6l+zFzcoY0FpB7Ko1nw6AXmRfk9Sn5jQp5NX/xX9xDN+KdGp5vrc6vd3kYLbj2PTMCOR2K+gHyXzDsi4W5zxubgk1MvOnuTQnrX6+IUu+UKFl/85LZLZ51KranGchARa17FRth1HwuMdHLaqrwtKkRL5iGG8itxQORXCL9QZ/czAS8Kn4byN9MgJk5LqAqbySBwfqnTmrm47dTm0BxiLzhjOCDSFQUApdJr9wmrE8kv7w9iNaLUheXqQZSjbIJSxI/mKHoTde4yqMoN/4YKdDLenfoqw0iuZ0dYYxu1+qmBcfzFQ==
X-YMail-OSG: aHv_m80VM1mzjP5jxDtGsV4UfES1NiCxvegqq.K9CMAfJVmhumkWjI5kbZHnV8. ih9q4EaD82KxIXNDftFZ8lakUyZjkof9M7sGiTPH89Z5iSJE2Ai2WeDP.P7jW12Czp4mEJPH_2VF Su1RSivJXI9UJKd83hcnQ62wnjn6GMZGK4CYvbXSfpyBAdAUtkZ.2BYOVBWpudp3tIrVEXQJstqy 6dQhHEqXEv8BIaqSITOx3pm_hqa735JZsLBrC6WhFNOSDoXxVgYSl3JCAVCYEvcU02lK_72GsdFI PfUPR_Pqa4GKmJQXoK1MbE2k2ayw5f9dsm6Zuuvv7pv82uZylWpxStoSx8_kuv5kWlQDC77O7B38 m1.DHXG3aVejzFG0sP_vL2QRiObKtYiQIDWgZOHSYHW.S2tcRO67zbYS3rrIJgnJdb7c5Mav.UXb dV_.zHn4B3.8BywxbHpyUwxCacxokRPN.D4ntYYrbrEO5u5cMf1ZVo.c-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.ir2.yahoo.com with HTTP; Mon, 18 Sep 2017 19:37:40 +0000
Date: Mon, 18 Sep 2017 19:37:34 +0000
From: lloyd.wood@yahoo.co.uk
To: Amy Alford <aloomis@sarn.org>, "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
Cc: "dtn@ietf.org" <dtn@ietf.org>
Message-ID: <463667247.7678564.1505763454078@mail.yahoo.com>
In-Reply-To: <CAB9rx+_f9hBZcXRjyi+7N6TARAfOKxZe+4rCH1B-Yk1pwQmD=g@mail.gmail.com>
References: <4a67e1594a484b759c29489934a7af74@aplex01.dom1.jhuapl.edu> <1501170304841.79122@jhuapl.edu> <CAB9rx+_f9hBZcXRjyi+7N6TARAfOKxZe+4rCH1B-Yk1pwQmD=g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_7678563_277017589.1505763454072"
X-Mailer: WebService/1.1.10521 YahooMailIosMobile Raven/38864 CFNetwork/811.5.4 Darwin/16.7.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/CBC3bTAXHMUJvCpXVhEliIkH2VQ>
Subject: Re: [dtn] BPSec Last Call?
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 19:37:47 -0000

bpsec isn't ready for last call, because bpbis, which it depends on,isn't ready for last call. it's that simple.
(also, the bpbis reference in this draft was out of dateeven when it was submitted.)


Lloyd WoodLloyd Wood - Delay-Tolerant Networking work
  
|  
|   
|   
|   |    |

   |

  |
|  
|   |  
Lloyd Wood - Delay-Tolerant Networking work
 

  |   |

  |

  |

 


On Wednesday, August 16, 2017, 7:26 am, Amy Alford <aloomis@sarn.org> wrote:

I'll kick off the discussion of BPsec.  These comments are lightly edited from a version I sent Ed before the working group meeting.  I'm not sure what the standard is to be ready for last call. 
My comments are pretty minor; the general approach of minimizing the constraints on implementations (leaving it to later specifications to design ciphersuites that work for different DTN use cases) makes sense.  I also appreciate the simplification.  Implementing BSP in DTN2 left me frustrated with the complexity that could accrue as intermediate nodes could repeatedly add security blocks, extension blocks, and fragment the bundle.  

1) Is it really useful to make requirements about how security results or security parameters are stored in the security blocks?  I’m tempted to argue that this spec should provide the requirements that allow two implementations which support disjoint sets of ciphersuites to interoperate (to the extent that they can interoperate).  Specifying how ciphersuite numbers are represented and defining processing order is necessary (an implementation needs these to determine whether or not it can process received data).  Separating out security parameters vs results and specifying a key/value format for them is not (If I don't support the ciphersuite, it's not going to help me in any way to be able to locate individual parameters). 

 




2) I think “MUST” is being overused.  I've included a laundry list of cases below.  

 -------------------

Section 7. “BPAs in the network MUST understand what security operations they should apply to bundles.” “If a waypoint has been configured to add a security operation to a bundle, and the received bundle already has the security operation applied, then the receiver MUST understand what to do.“  “understand” is a very fuzzy word.  I’d argue that an implementation that completely fails to consider what to do in these cases still meets the requirement, in the sense that it shows some deterministic behavior in response to these conditions (If I wanted to be argumentative, I’d argue that showing non-deterministic behavior in these cases also constitutes understanding what to do.).  

 

Section 2.3 “Therefore, security blocks MUST have their processing flags set such that the block will be treated appropriately by non-security-aware waypoints”  Since “appropriately” is left to the implementer, this doesn’t constrain anything.

 

Section 2.4: “The security services defined in this specification MUST provide a mechanism for identifying what cipher suite has been used to populate a security block.” Isn’t this MUST referring to what you, the author, are required to do, not what an implementer is required to do?  The implementer MUST use the mechanism you’ve defined to do this.

 

Section 3.4: “This target MUST be uniquely and unambiguously identifiable when processing a security block.” Same as the last one.  You go on to define a mechanism by which they must do this, so this isn’t a constraint.

 

Section 4 uses a few MUSTS that are not requirements of this spec.  They are expressing how crypto works, not a spec requirement.  I don’t know whether those are traditionally MUSTs in RFCs.

 

In general, I’d look at each MUST/SHALL and consider whether it’s a requirement for an interoperable implementation. 

 ----------------------------- -------

 

3) Section 8.2.1 points out that a bundle may persist in the network long enough that an attacker can decrypt it before it reaches the destination.  How much does it matter whether the attacker retrieves the information before or after the recipient?  I see the expected transmission time as a lower bound on the length of time the information is sensitive for. 





4) Is the requirement about preserving payload length necessary when fragmentation can only occur after adding security blocks that target the payload?  Offsets within the payload are unambiguous, because they must refer to the size of the payload post-encryption. 




5) Since no integrity block can be processed until reassembly happens, there is a potential for a malicious node to send large numbers of garbage fragments to a node such that the fragments never reassemble.  There isn’t any magic solution to this.  It looks like linux defines a timeout for fragments to prevent this (once memory used for fragmentation exceeds some level, the IP stack begins discarding all new fragments received until fragments timing out reduce memory usage to some specified value). That won’t work for DTN, since there is no sane timeout.




6) The end of 8.2.2 makes assertions about the security of sign+encrypt.  It is too strong a statement to say that the attacker cannot produce a modified bundle /because/ he cannot decrypt. There are strong encryption schemes in which an attacker can modify the ciphertext to produce a new ciphertext which decrypts to a related plaintext (malleability).  Does anyone on the list know what strength of encryption scheme is required to guarantee the signature can't be substituted?  I think you can show IND-CCA2 covers this, but someone must know this off the top of their head.   


- Amy Alford 

On Thu, Jul 27, 2017 at 11:45 AM, Birrane, Edward J. <Edward.Birrane@jhuapl.edu> wrote:


Oops! Thanks Outlook....





Let's try that again.





DTNWG,





  At the last DTNWG meeting we discussed whether BPSec draft 05 (https://tools.ietf.org/html/d raft-ietf-dtn-bpsec-05) is ready for last call.





  If you have read the draft and have comments on the current implementation, I ask that we use this thread to discuss them.





  If you have not read the draft, but are interested in the security specification, I ask that you use this thread as a signal to read -05 and provide comments in this thread.





  If you feel that the document is ready for last call, I ask that you use this thread to indicate that.​





-Ed




---
Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839From: Birrane, Edward J.
Sent: Thursday, July 27, 2017 11:42 AM
To: dtn@ietf.org
Subject: BPSec Last Call? 
DTNWG,





  At the last DTNWG meeting we discussed whether 







---
Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839
______________________________ _________________
dtn mailing list
dtn@ietf.org
https://www.ietf.org/mailman/l istinfo/dtn



_______________________________________________
dtn mailing list
dtn@ietf.org
https://www.ietf.org/mailman/listinfo/dtn

v2.23.0 | Report a Bug | By Email