IETF Logo Mail Archive

Re: [dtn] [EXTERNAL] Re: BPbis consensus status

"Burleigh, Scott C (US 312B)" <scott.c.burleigh@jpl.nasa.gov> Thu, 17 September 2020 00:34 UTC

Return-Path: <scott.c.burleigh@jpl.nasa.gov>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F3AE3A0138 for <dtn@ietfa.amsl.com>; Wed, 16 Sep 2020 17:34:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.162
X-Spam-Level:
X-Spam-Status: No, score=-4.162 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_GOV_DKIM_AU=-0.448, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jpl.nasa.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JanXz3geiDlB for <dtn@ietfa.amsl.com>; Wed, 16 Sep 2020 17:34:08 -0700 (PDT)
Received: from ppa01.jpl.nasa.gov (ppa01.jpl.nasa.gov [128.149.137.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15EB33A0115 for <dtn@ietf.org>; Wed, 16 Sep 2020 17:34:07 -0700 (PDT)
Received: from pps.filterd (ppa01.jpl.nasa.gov [127.0.0.1]) by ppa01.jpl.nasa.gov (8.16.0.27/8.16.0.27) with SMTP id 08H0UPBh103769; Wed, 16 Sep 2020 17:34:05 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpl.nasa.gov; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=InSight1906; bh=cPS9UPszbpgrIV8b/bZjwqN6u4oCfkeKsjR49IUydUE=; b=HHsny7z57vGqqUspMEYIe/IEkH9OvGdWAOmTbq4P9/wd5nGJDVZ8kpqER7IFh6WQs7oI tYPWKk5X1KZevuW/WWVPQMog1/ZnqtP/Zgsz27Aik8T2zfiI5g/wMetI8K67HA0oSlGS iJTyQiRdK31k/4XGCKo35uCYZFnLypSq5LyZL8hPJjf24lXGspPcv85xNv/lfhZU2JwC Y+PbiKk23zkofK12A3G4xP9PD2Tedro1+os5CWQkE4+v6TjwIY/MC4A/Hh5UVxqGsdBv X6pFcuH/V+uVTDjkL/FbLQhw5bWHZl5vyBXzEJfCB4WUkW4v4cB+TDHQ+8iWEeJKDyq8 yQ==
Received: from mail.jpl.nasa.gov (altphysenclup03.jpl.nasa.gov [128.149.137.120]) by ppa01.jpl.nasa.gov with ESMTP id 33k5nxs88f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 16 Sep 2020 17:34:05 -0700
Received: from ap-embx16-sp40.RES.AD.JPL (ap-embx16-sp40.jpl.nasa.gov [128.149.137.86]) by smtp.jpl.nasa.gov (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id 08H0Y5mo012508 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128 bits) verified FAIL); Wed, 16 Sep 2020 17:34:05 -0700
Received: from ap-embx16-sp10.RES.AD.JPL (2002:8095:8953::8095:8953) by ap-embx16-sp40.RES.AD.JPL (2002:8095:8956::8095:8956) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3; Wed, 16 Sep 2020 17:34:05 -0700
Received: from ap-embx16-sp10.RES.AD.JPL ([fe80::4:f430:47b5:767b]) by ap-embx16-sp10.RES.AD.JPL ([fe80::4:f430:47b5:767b%17]) with mapi id 15.01.1979.003; Wed, 16 Sep 2020 17:34:04 -0700
From: "Burleigh, Scott C (US 312B)" <scott.c.burleigh@jpl.nasa.gov>
To: Marc Blanchet <marc.blanchet@viagenie.ca>, "R. Atkinson" <rja.lists@gmail.com>
CC: DTN WG <dtn@ietf.org>
Thread-Topic: [EXTERNAL] Re: [dtn] BPbis consensus status
Thread-Index: AdaMYT/t9udv/yXoSOqh+8IsTyeHogAPB2MAAAfgk4AAAVGpgAAOLVHg
Date: Thu, 17 Sep 2020 00:34:04 +0000
Message-ID: <d2eb737bc35b46019bdb5c5e82e96126@jpl.nasa.gov>
References: <34a7886b09d946faa816acbd26700d65@jpl.nasa.gov> <F2B67324-D3F5-4F28-8CC3-207EB607E6EA@viagenie.ca> <ED9CEA8D-3B22-4623-A7F7-F9ACA4C3A071@gmail.com> <CEBD7985-410F-4AF4-B367-1B08C99CB38A@viagenie.ca>
In-Reply-To: <CEBD7985-410F-4AF4-B367-1B08C99CB38A@viagenie.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [207.151.104.72]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Source-IP: ap-embx16-sp40.jpl.nasa.gov [128.149.137.86]
X-Source-Sender: scott.c.burleigh@jpl.nasa.gov
X-AUTH: Authorized
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-16_13:2020-09-16, 2020-09-16 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2006250000 definitions=main-2009170001
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/JbSrhWbNmgCfZLhTiqOzZcF74K8>
Subject: Re: [dtn] [EXTERNAL] Re: BPbis consensus status
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 00:34:10 -0000

Hi, Marc.  One note of clarification: BPSec does provide "end-to-end" encryption (and/or integrity protection) if by "ends" we mean the bundle protocol agent that the sending application entity utilizes to transmit the data and the bundle protocol agent that the receiving application entity utilizes to receive the data.

If by "ends" you instead mean the sending and receiving application entities themselves, then of course BPSec doesn't provide end-to-end security service at that layer of the stack; BPSec provides security service at the bundle layer, not at the application layer.

Scott

-----Original Message-----
From: dtn <dtn-bounces@ietf.org> On Behalf Of Marc Blanchet
Sent: Wednesday, September 16, 2020 5:14 PM
To: R. Atkinson <rja.lists@gmail.com>
Cc: DTN WG <dtn@ietf.org>
Subject: [EXTERNAL] Re: [dtn] BPbis consensus status

On 16 Sep 2020, at 19:36, R. Atkinson wrote:

>> On Sep 16, 2020, at 15:50, Marc Blanchet <marc.blanchet@viagenie.ca>
>> wrote:
>>
>> I’m still opposed to have BPSEC be mandatory to implement as I think 
>> the security services can be done within the payload. IP is currently 
>> not secured on the Internet.
>
> For over 25 years now, IP has had IP-layer security in the form of 
> IPsec (ESP & AH).
>
> See RFC-1825 through RFC-1827 to see just how far back IPsec goes.  My 
> team demonstrated open-source running code for IPsec in 4.4 BSD in 
> August 1995.[1]
>
> For many years, all IPv6 implementations were required to implement 
> IPsec, although I believe that constraint has been lifted recently 
> (LONG AFTER IPsec was nearly universally implemented by IPv6 devices 
> and I believe the exemption is for tiny IoT devices).
>
> Automated key management (which BPsec does not provide yet) came a bit 
> later with RFC-2407, RFC-2408 and RFC-2409.
>
> IPsec BOTH supports end-to-end security and also can support VPN 
> access.
> In practice, IPsec is probably used more with VPNs but it does still 
> support end-to-end security.
>
> Virtually every IP-capable device (laptops, paid OSs, free OSs, smart
> handphones)
> has implemented IPsec for many years now.
>
> While the original goal of IPsec was end-to-end (e.g., host-to-host) 
> security
>
> Whether one uses IPsec is a very different question from whether it is 
> widely implemented, just as whether one uses BPsec for a given session 
> is quite separate from whether it should be mandatory to implement.

i know all this. been there. done a lot, specially on IPv6. I would love to have IP layer security, but that did not happened. What is deployed currently is that VPNs are not using IPsec but TLS over UDP. Zero trafic of real IPsec end-to-end. Hence my point: current IP stacks are not using IPsec.

>
> If security is NOT mandatory-to-implement, then users in practice will 
> not be able to use it in situations where they would like to use it.  
> The deployed Internet has over 35 years experience with this 
> operational reality.
>
>> It is within the IP payload (TLS) that security services are applied.
>
> Security services are offered at MANY layers in the deployed Internet.

right, the first one in the stack (from bottom to up) is TLS over TCP/UDP. reality now.

>
> TLS is far from being the only game in town.  I discuss IPsec above, 
> but there are numerous other mandatory security capabilities both 
> within TCP and below.
>
> Routing protocols have had built-in cryptographic security (e.g.,
> RFC-2082 et seq
> for RIP; RFC-2178 et seq for OSPFv2; RFC-2385 eq seq for BGP) for over
> 20 years.
> Even newer routing protocols such as BABEL have been required to have 
> cryptographic authentication (e.g., RFC-7298).

ok. that is the control plane. fine by me.

>
>> I want a fully conformant BP implementation to ship without BPSec and 
>> without any specific use case (e.g. forwarding vs non-forwarding).
>> However, I expect many use cases to require security, but again, in 
>> those cases, it can be accomplished within the payload, not at the BP 
>> level.
>
> I am open to hear what you have to say, but right now it is FAR from 
> obvious to me
>
> (a) precisely what you mean by “accomplished within the payload”,
>
> (b) where that specification is documented,
>
> or (c) how you propose that [hypothetical] security service would be 
> mandated.
>

to me, security (i.e. auth/encryption) makes only sense at the transport layer (in the IP sense), since the application making the socket know and can enforce the security services it needs, including taking care of the key management. At the IP layer, it is not available to the application. Moreover, IPsec may only occur within some parts of the network, so the application does not have the ability to enforce full end-to-end encryption for example.  Back to BP, I see again that BPsec does not provide that facility to the application and does not warrant complete end-to-end security with the requirements the application wants/need.

> Over 35 years of deployed Internet experience all says that security 
> won’t be available in practice if it isn’t mandatory to implement.

we (I was involved a lot in IPv6, so…) tried hard to make IPsec mandatory for IPv6. I was one deeply involved in IPv6 and pushing IPsec, but it just did not happen. We failed.

> I doubt BP can get
> through the IETF approval processes without mandatory-to-implement 
> security of some sort in a standards-track RFC.

I’m fine with having security mandatory to implement, but not at the BP layer (e.g. BPSec). That is what I’m saying. I’m not against BPsec, on the contrary, I’m just saying that it should not be mandatory to implement for all BP implementations and that security can be handled higher in the stack.

Regards, Marc.

>
> Yours,
>
> Ran
>
> [1]
> "https://urldefense.us/v3/__https://www.usenix.org/legacy/publications/library/proceedings/sd96/atkinson.html__;!!PvBDto6Hs4WbVuu7!eVZ4Yi2LPtGgdO4l426u_10Z28qXwJkfCX-hKp8iI7mtkO2LnXkcJpScQqy_18hxoKEdLqFyYEk$ "
>
> _______________________________________________
> dtn mailing list
> dtn@ietf.org
> https://urldefense.us/v3/__https://www.ietf.org/mailman/listinfo/dtn__
> ;!!PvBDto6Hs4WbVuu7!eVZ4Yi2LPtGgdO4l426u_10Z28qXwJkfCX-hKp8iI7mtkO2LnX
> kcJpScQqy_18hxoKEdz3iyPDg$

_______________________________________________
dtn mailing list
dtn@ietf.org
https://urldefense.us/v3/__https://www.ietf.org/mailman/listinfo/dtn__;!!PvBDto6Hs4WbVuu7!eVZ4Yi2LPtGgdO4l426u_10Z28qXwJkfCX-hKp8iI7mtkO2LnXkcJpScQqy_18hxoKEdz3iyPDg$

v2.23.0 | Report a Bug | By Email