[dtn] BPSEC Request: Removal of BAB blocks
"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Thu, 21 January 2016 20:39 UTC
Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CB251A9101 for <dtn@ietfa.amsl.com>; Thu, 21 Jan 2016 12:39:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.203
X-Spam-Level:
X-Spam-Status: No, score=-4.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjiKVTXVW1Qb for <dtn@ietfa.amsl.com>; Thu, 21 Jan 2016 12:39:48 -0800 (PST)
Received: from piper.jhuapl.edu (piper.jhuapl.edu [128.244.251.37]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A63E91A90F7 for <dtn@ietf.org>; Thu, 21 Jan 2016 12:39:47 -0800 (PST)
Received: from aplex02.dom1.jhuapl.edu (aplex02.dom1.jhuapl.edu [128.244.198.6]) by piper.jhuapl.edu with smtp (TLS: TLSv1/SSLv3,256bits,AES256-SHA) id 1c16_4be1_0d7b42d0_ed1c_43ad_b9e0_38d66c2a31a6; Thu, 21 Jan 2016 15:39:46 -0500
X-CrossPremisesHeadersFilteredBySendConnector: aplex02.dom1.jhuapl.edu
Received: from aplex01.dom1.jhuapl.edu (128.244.198.5) by aplex02.dom1.jhuapl.edu (128.244.198.6) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Thu, 21 Jan 2016 15:39:42 -0500
Received: from aplex01.dom1.jhuapl.edu ([fe80::f159:e1c5:d8d7:cf40]) by aplex01.dom1.jhuapl.edu ([fe80::f159:e1c5:d8d7:cf40%22]) with mapi id 15.00.1076.000; Thu, 21 Jan 2016 15:39:42 -0500
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: BPSEC Request: Removal of BAB blocks
Thread-Index: AdFUixW+1dIZSXgfQ8yvJzAKm+QNQQ==
Date: Thu, 21 Jan 2016 20:39:42 +0000
Message-ID: <01415845337446d58ed9b182a8eea65f@aplex01.dom1.jhuapl.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.244.103.238]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: aplex02.dom1.jhuapl.edu
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtn/D_XV_Y6XLQtDpCMgU1ybFzAVuSQ>
Subject: [dtn] BPSEC Request: Removal of BAB blocks
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2016 20:39:50 -0000
All, At the January telecom, we agreed that BAB blocks can removed from the BPSEC specification and that hop-by-hop authentication can be achieved in (at least) 1 of 3 alternate ways: 1. Rely on lower link layers to provide hop-by-hop authentication 2. Integrity sign with a BIB an ephemeral block between two BPAs, such as the Prior Hop Notification (PHN) block. 3. Design some other user/application related block to contain a hash of some canonical form of the bundle and sign that. These mechanisms are captured in a draft "security practices" document published as https://tools.ietf.org/html/draft-birrane-dtn-sec-practices-00 in section 4.6 "Hop by Hop Authentication". ACTION: Please comment if there is an issue with removing BABs from the BPSEC specification. We can create a new thread to discuss the security practices and whether the alternate mechanisms listed above are the correct ones or if we need others. -Ed --- Edward J. Birrane, III, Ph.D. Embedded Applications Group Supervisor Space Exploration Sector Johns Hopkins Applied Physics Laboratory (W) 443-778-7423 / (F) 443-228-3839
- [dtn] BPSEC Request: Removal of BAB blocks Birrane, Edward J.
- Re: [dtn] BPSEC Request: Removal of BAB blocks Carlo Caini