IETF Logo Mail Archive

Re: [dtn] [EXTERNAL] BPbis consensus status

Marc Blanchet <marc.blanchet@viagenie.ca> Thu, 17 September 2020 03:25 UTC

Return-Path: <marc.blanchet@viagenie.ca>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45AF93A0995 for <dtn@ietfa.amsl.com>; Wed, 16 Sep 2020 20:25:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=viagenie-ca.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MfVAox5RCsmT for <dtn@ietfa.amsl.com>; Wed, 16 Sep 2020 20:25:57 -0700 (PDT)
Received: from mail-qt1-x842.google.com (mail-qt1-x842.google.com [IPv6:2607:f8b0:4864:20::842]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 137C63A0991 for <dtn@ietf.org>; Wed, 16 Sep 2020 20:25:56 -0700 (PDT)
Received: by mail-qt1-x842.google.com with SMTP id n18so832985qtw.0 for <dtn@ietf.org>; Wed, 16 Sep 2020 20:25:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viagenie-ca.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Syer0s2LUDawYCJJzMuKVSwVwKL3jkjJM4XXenz/SnM=; b=i43fNoP57sac2Aq5BeR8UiaVyB9ZEKsLcWp0L14BWcatOAiZG+3UDOsy3kEAy04OJR ifczvZ8gJNe7K2a7Dfv1W06ZXoK+TwbtdayJgFuBSX6NvE289CRbaYUa9Uc6yYIQWBcc 4OIE9tyjCJfKENnBbMwBcKNvR3UGxAulKT0vcYOCPkIfo3Fg7++yYHVLDM1eW5x0j/T+ A2rgvWBchH71UuSG9MT4YvLjxiAkl3jvN/P9eivyEWHP5pCuKdsZN/bfXuBCqbr983vf /mFjcNqH0UDicytgh9MdvqPiXRfNFh3Rlm87X0We4wPuOKP8nVpZ6Z/9Myn9bBzjavDW fpGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Syer0s2LUDawYCJJzMuKVSwVwKL3jkjJM4XXenz/SnM=; b=mvREEykrXtkH4J7eElcXwRm+XeoMjSvpX/hk+A4RViIHK3vm3QFnAIQcyAbJrvFYzc bzadOPC31+7ARAos7nZ00KgA+IBcwiBMM4EAPZdWAO+fa/HxCaykrlG+PgxigiANfUh5 tg7MnGdNbWaqEBNLNH6F2SPwPjTT9tuNndgC56ygIs0yoBosdhaoILEqYxwROOQAP+6p zaFBRGYspyxlARsOr7LH9ay8Ag3iXQBQhWflxHzdcIfDSJmQr+87O4KNgdli2H9nZGnk vd0pNmgS7aZilwXNsozkIcpZwnz3tvKjFadZxFF1UK6B/fESO4FmYSADQWntvLVlJkAZ lTkg==
X-Gm-Message-State: AOAM5325MJPlTXQLF86lgrOnJPCZeKe2thn7VfFBMBSQ9rwb0ywJuZTW AOSeUqN81VYAXN7LFUwV4r26mA==
X-Google-Smtp-Source: ABdhPJx5KoGGxkWPDWbhXy2J8gn5hz6BBfGwYAHMFX1zJCeSDeJSOArMCHzjgx1z1bhswj/pN5/L+A==
X-Received: by 2002:ac8:31d4:: with SMTP id i20mr26798423qte.179.1600313155591; Wed, 16 Sep 2020 20:25:55 -0700 (PDT)
Received: from [192.168.1.115] (modemcable016.82-162-184.mc.videotron.ca. [184.162.82.16]) by smtp.gmail.com with ESMTPSA id b43sm21188406qtk.84.2020.09.16.20.25.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Sep 2020 20:25:54 -0700 (PDT)
From: Marc Blanchet <marc.blanchet@viagenie.ca>
To: "Burleigh, Scott C" <scott.c.burleigh@jpl.nasa.gov>
Cc: "R. Atkinson" <rja.lists@gmail.com>, DTN WG <dtn@ietf.org>
Date: Wed, 16 Sep 2020 23:25:53 -0400
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <A2CD01A8-EDBE-4840-8CFC-5A3732AA28D2@viagenie.ca>
In-Reply-To: <d2eb737bc35b46019bdb5c5e82e96126@jpl.nasa.gov>
References: <34a7886b09d946faa816acbd26700d65@jpl.nasa.gov> <F2B67324-D3F5-4F28-8CC3-207EB607E6EA@viagenie.ca> <ED9CEA8D-3B22-4623-A7F7-F9ACA4C3A071@gmail.com> <CEBD7985-410F-4AF4-B367-1B08C99CB38A@viagenie.ca> <d2eb737bc35b46019bdb5c5e82e96126@jpl.nasa.gov>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/EknH79asGLnpq8ELz48bQbrwojI>
Subject: Re: [dtn] [EXTERNAL] BPbis consensus status
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 03:25:59 -0000

On 16 Sep 2020, at 20:34, Burleigh, Scott C (US 312B) wrote:

> Hi, Marc.  One note of clarification: BPSec does provide "end-to-end" 
> encryption (and/or integrity protection) if by "ends" we mean the 
> bundle protocol agent that the sending application entity utilizes to 
> transmit the data and the bundle protocol agent that the receiving 
> application entity utilizes to receive the data.
>
> If by "ends" you instead mean the sending and receiving application 
> entities themselves, then of course BPSec doesn't provide end-to-end 
> security service at that layer of the stack; BPSec provides security 
> service at the bundle layer, not at the application layer.

exactly. again, nothing wrong in having security at the BP layer. 
People/use cases might like to do that there. My only point is to not 
make it mandatory, since, as current Internet deployment tells us, the 
applications need to be aware of security services and this happens 
within the payload of the IP/BP, not at the IP/BP layer.

Marc.


>
> Scott
>
> -----Original Message-----
> From: dtn <dtn-bounces@ietf.org> On Behalf Of Marc Blanchet
> Sent: Wednesday, September 16, 2020 5:14 PM
> To: R. Atkinson <rja.lists@gmail.com>
> Cc: DTN WG <dtn@ietf.org>
> Subject: [EXTERNAL] Re: [dtn] BPbis consensus status
>
> On 16 Sep 2020, at 19:36, R. Atkinson wrote:
>
>>> On Sep 16, 2020, at 15:50, Marc Blanchet <marc.blanchet@viagenie.ca>
>>> wrote:
>>>
>>> I’m still opposed to have BPSEC be mandatory to implement as I 
>>> think
>>> the security services can be done within the payload. IP is 
>>> currently
>>> not secured on the Internet.
>>
>> For over 25 years now, IP has had IP-layer security in the form of
>> IPsec (ESP & AH).
>>
>> See RFC-1825 through RFC-1827 to see just how far back IPsec goes.  
>> My
>> team demonstrated open-source running code for IPsec in 4.4 BSD in
>> August 1995.[1]
>>
>> For many years, all IPv6 implementations were required to implement
>> IPsec, although I believe that constraint has been lifted recently
>> (LONG AFTER IPsec was nearly universally implemented by IPv6 devices
>> and I believe the exemption is for tiny IoT devices).
>>
>> Automated key management (which BPsec does not provide yet) came a 
>> bit
>> later with RFC-2407, RFC-2408 and RFC-2409.
>>
>> IPsec BOTH supports end-to-end security and also can support VPN
>> access.
>> In practice, IPsec is probably used more with VPNs but it does still
>> support end-to-end security.
>>
>> Virtually every IP-capable device (laptops, paid OSs, free OSs, smart
>> handphones)
>> has implemented IPsec for many years now.
>>
>> While the original goal of IPsec was end-to-end (e.g., host-to-host)
>> security
>>
>> Whether one uses IPsec is a very different question from whether it 
>> is
>> widely implemented, just as whether one uses BPsec for a given 
>> session
>> is quite separate from whether it should be mandatory to implement.
>
> i know all this. been there. done a lot, specially on IPv6. I would 
> love to have IP layer security, but that did not happened. What is 
> deployed currently is that VPNs are not using IPsec but TLS over UDP. 
> Zero trafic of real IPsec end-to-end. Hence my point: current IP 
> stacks are not using IPsec.
>
>>
>> If security is NOT mandatory-to-implement, then users in practice 
>> will
>> not be able to use it in situations where they would like to use it.
>> The deployed Internet has over 35 years experience with this
>> operational reality.
>>
>>> It is within the IP payload (TLS) that security services are 
>>> applied.
>>
>> Security services are offered at MANY layers in the deployed 
>> Internet.
>
> right, the first one in the stack (from bottom to up) is TLS over 
> TCP/UDP. reality now.
>
>>
>> TLS is far from being the only game in town.  I discuss IPsec above,
>> but there are numerous other mandatory security capabilities both
>> within TCP and below.
>>
>> Routing protocols have had built-in cryptographic security (e.g.,
>> RFC-2082 et seq
>> for RIP; RFC-2178 et seq for OSPFv2; RFC-2385 eq seq for BGP) for 
>> over
>> 20 years.
>> Even newer routing protocols such as BABEL have been required to have
>> cryptographic authentication (e.g., RFC-7298).
>
> ok. that is the control plane. fine by me.
>
>>
>>> I want a fully conformant BP implementation to ship without BPSec 
>>> and
>>> without any specific use case (e.g. forwarding vs non-forwarding).
>>> However, I expect many use cases to require security, but again, in
>>> those cases, it can be accomplished within the payload, not at the 
>>> BP
>>> level.
>>
>> I am open to hear what you have to say, but right now it is FAR from
>> obvious to me
>>
>> (a) precisely what you mean by “accomplished within the payload”,
>>
>> (b) where that specification is documented,
>>
>> or (c) how you propose that [hypothetical] security service would be
>> mandated.
>>
>
> to me, security (i.e. auth/encryption) makes only sense at the 
> transport layer (in the IP sense), since the application making the 
> socket know and can enforce the security services it needs, including 
> taking care of the key management. At the IP layer, it is not 
> available to the application. Moreover, IPsec may only occur within 
> some parts of the network, so the application does not have the 
> ability to enforce full end-to-end encryption for example.  Back to 
> BP, I see again that BPsec does not provide that facility to the 
> application and does not warrant complete end-to-end security with the 
> requirements the application wants/need.
>
>> Over 35 years of deployed Internet experience all says that security
>> won’t be available in practice if it isn’t mandatory to 
>> implement.
>
> we (I was involved a lot in IPv6, so…) tried hard to make IPsec 
> mandatory for IPv6. I was one deeply involved in IPv6 and pushing 
> IPsec, but it just did not happen. We failed.
>
>> I doubt BP can get
>> through the IETF approval processes without mandatory-to-implement
>> security of some sort in a standards-track RFC.
>
> I’m fine with having security mandatory to implement, but not at the 
> BP layer (e.g. BPSec). That is what I’m saying. I’m not against 
> BPsec, on the contrary, I’m just saying that it should not be 
> mandatory to implement for all BP implementations and that security 
> can be handled higher in the stack.
>
> Regards, Marc.
>
>>
>> Yours,
>>
>> Ran
>>
>> [1]
>> "https://urldefense.us/v3/__https://www.usenix.org/legacy/publications/library/proceedings/sd96/atkinson.html__;!!PvBDto6Hs4WbVuu7!eVZ4Yi2LPtGgdO4l426u_10Z28qXwJkfCX-hKp8iI7mtkO2LnXkcJpScQqy_18hxoKEdLqFyYEk$ 
>> "
>>
>> _______________________________________________
>> dtn mailing list
>> dtn@ietf.org
>> https://urldefense.us/v3/__https://www.ietf.org/mailman/listinfo/dtn__
>> ;!!PvBDto6Hs4WbVuu7!eVZ4Yi2LPtGgdO4l426u_10Z28qXwJkfCX-hKp8iI7mtkO2LnX
>> kcJpScQqy_18hxoKEdz3iyPDg$
>
> _______________________________________________
> dtn mailing list
> dtn@ietf.org
> https://urldefense.us/v3/__https://www.ietf.org/mailman/listinfo/dtn__;!!PvBDto6Hs4WbVuu7!eVZ4Yi2LPtGgdO4l426u_10Z28qXwJkfCX-hKp8iI7mtkO2LnXkcJpScQqy_18hxoKEdz3iyPDg$

v2.23.0 | Report a Bug | By Email