IETF Logo Mail Archive

[dtn] BPSec ASB structure

Brian Sipos <BSipos@rkf-eng.com> Thu, 03 December 2020 01:25 UTC

Return-Path: <BSipos@rkf-eng.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A35C3A08A9 for <dtn@ietfa.amsl.com>; Wed, 2 Dec 2020 17:25:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rkf-eng.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fs5ayyDZ8FC8 for <dtn@ietfa.amsl.com>; Wed, 2 Dec 2020 17:25:17 -0800 (PST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2083.outbound.protection.outlook.com [40.107.94.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79F913A07E6 for <dtn@ietf.org>; Wed, 2 Dec 2020 17:25:17 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ex5Rv/sSl8wJiyyeXdpPTWbAdf/Dl5iW58MTqOwD1Lf5h8Oi8Qi63hUxsYAiVhz5Y3dBxxorQuw9PXE3mS4+ZXTit26Xq6uxCOvBG4wA7MUIiEuEWG1kCOLxyIhxSFx9klsFaXQYZvbbpo6lmlVcRYyLH66CoucnF8fl4zq3gWl8su0YVic7XzyoaADHtykAjSGhydJtQ01xCHVc4TertrvFogGlxDKoVINuP0A0pmpEJAEBbKGitQgQlPVHL36PGXHgIIrW2U8aO1bksKvaJcRAlDAohsiTfUBSUOGVd2X15dI6uclLO4Y/+3Hn3+7WMOejHDo4RHu5MMBnk+X2KQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bckj4PSIjsLctDV0ETyHeK67bj+gl8ErzBDTA+xMEH8=; b=e5QXbacZEjpnjctaVbRx85D3ia3epW6+2o5uY79J0KXUHTk+0laTKK8uFqs2CSy4RYFRGuRYldM/zL7mgXuMQkRXz7pAqGQsqC1wmwmkqW41JCGCsV8sYwXrGwII30LA0aSRHtevfm0ujQfJHUB9nemyMDrHkFV4l9gPqS3iwOijZwZzn3jcmX5T2kqD7p+e3OebcTcrUNKG8xqO+NqKgr9hrZaDpK4zd5Mb1WTbLag21bma5w54J0IvAtjyGevDh5Juq+LdBMFbo+mDPpmj21W9F2lhq0gtBUgSzaRn5O5eP8GDYEurNcPBNli4Vza0Iyvr6nfkCrSHIIucDAXPsg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkf-eng.com; dmarc=pass action=none header.from=rkf-eng.com; dkim=pass header.d=rkf-eng.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rkf-eng.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bckj4PSIjsLctDV0ETyHeK67bj+gl8ErzBDTA+xMEH8=; b=I5yRlfoJpZwkNjrJu9/qn8w5qylqAuGdb2khlkdb38wx7JQLIogV6cHAAZgffqYWTBPS3MMc/TEwbaNfDjv29/XuV32I6xQ0SM38rFXTv2gf8RIu+T9k2jGTt0scvQWA/yrcFhSKHACWrSofwe6+VSKwR+noSnYMkxwl7qeFSwo=
Received: from MN2PR13MB3567.namprd13.prod.outlook.com (2603:10b6:208:168::10) by MN2PR13MB3229.namprd13.prod.outlook.com (2603:10b6:208:151::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3632.6; Thu, 3 Dec 2020 01:25:14 +0000
Received: from MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::54f4:962e:10e5:a2e1]) by MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::54f4:962e:10e5:a2e1%7]) with mapi id 15.20.3632.009; Thu, 3 Dec 2020 01:25:14 +0000
From: Brian Sipos <BSipos@rkf-eng.com>
To: "Birrane, Edward J." <edward.birrane@jhuapl.edu>, "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: BPSec ASB structure
Thread-Index: AQHWx1vN034PsQ6uOkWcHK20lKXxzg==
Date: Thu, 03 Dec 2020 01:25:14 +0000
Message-ID: <MN2PR13MB3567F2E4BF5F5B530D407DE29FF50@MN2PR13MB3567.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: jhuapl.edu; dkim=none (message not signed) header.d=none;jhuapl.edu; dmarc=none action=none header.from=rkf-eng.com;
x-originating-ip: [96.241.16.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3a52eeb0-0d2d-4c13-c5d6-08d8972a493c
x-ms-traffictypediagnostic: MN2PR13MB3229:
x-microsoft-antispam-prvs: <MN2PR13MB322929A5C938FF96896967CE9FF20@MN2PR13MB3229.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wD6j5Jb66TjTfa/zzE31gY1A5Nzy9WUe8TVoIxU+fJ6Liu29XksxmPGgYoxgJwyiatgReCO875ajlI00DG8N4us7+cz77E9a4fh0ShAnNHjDTq6XY2aVcwVPL59Ni4B6XYyswaNvO3UyuiGqce8yw8ATLBqRnWqGUU5ThfMVw/emdW6pFi5pprNSd4dzGaVdaBGqrElof6pQHL/RApcxIAXOpr2BW4S5AhWmAzgj1WgzT4138z03dM3HmMIvOcvB9sQvL/HnaQlZ6cTMVQRNzf3z7XfTocpnN/wRqM/uFwRKWLEaj3RkixWbGsuV3DV+
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB3567.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39830400003)(376002)(136003)(396003)(366004)(478600001)(64756008)(66446008)(5660300002)(55016002)(83380400001)(19627405001)(86362001)(3480700007)(33656002)(71200400001)(8936002)(110136005)(8676002)(66946007)(52536014)(316002)(7116003)(7696005)(9686003)(76116006)(26005)(6506007)(186003)(2906002)(66476007)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: jtf4ZOIRFUxHJke2oupKa4C+N7zpPteBfszNHvF8cMK1C1FwaOTKLRXbG4s20FmNzwkhqvw7iTpgV5CQd6ev1gWspr2JRHPTZF6w28znvRQwfrBYafovzLblUNkYpTDkldaTaPphmbyYHKWiSAQdSDrcTWJFZv0jK4IcIhrOZ96yIesWPRaK9U6l7DEQSv99GydcNG3GeR+2fEF9G8dElVkPvmNw5iDqp/0qzWNhB2mcp6dzJcbeyTyKbaBRJOUAf/e4W9NfAVHmPmtoFE60PFQbvZpmkedXusmafmeG4/VzAI6UOe78qmwJOw0hoDZ674fuVawaqKylFrOu4ShZ/pX6V/Beg85q6iziDBpInACvG3KvlP3ggMylSi5khQ2t7IVERlCdAQSs1XTG1mGHqkKCrHAcj6fsY+J04dbjU/mZL0WOVEHJoMoosuqK99zYwg9kqYH2n9P+toDnObA6wFDOly/xFLj8GpNJPYG2+Mp/5j1C/ry3p7/PfSvFeZHnCkXOQrLcFx+X0lPnXuO3P7gU0VRodHNolOXGSqbTrSx68GKTUaM9WPygYBdNQeZjt49drlwaZ+dNq9tn2z6CQRTZN74L1wq3aysxmPXL6IBRrsrgOoTLtlIhvGF3f0KjQH1/Fl/EFD7LPDhFXBFU+1U0HowlUO/eHY76Nwwqn2lbqPgGD3VRExzyLW2Kx+e8mEQG2qcjEt9n4a/hOerCpV+42yXY/RyeXyKRIYRX+zSO/LP9+ddBg5i3oChATBIl5MzTVaVPDM+sGxsOzr3vH3LyvShXuv/ZTZIPZFbS2zXafrvzY2YhSe94ps8T+Us6+klpzKhcK/6pweuCdTQ7gjTPHJzS9hF7fKk7/6BdtHg/OU5ZBfdsMA7oenaTfFXLIw5EZbRB+/t/FsZ8wHUrZhh8ZwcHHb8XiRAbGzE4wJu8kkLGJTE9Qldam1w+fMlGjYzY4jumn23V3LIdwGk73L7zYXpGD74jBFIXsjlgLVA=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR13MB3567F2E4BF5F5B530D407DE29FF50MN2PR13MB3567namp_"
MIME-Version: 1.0
X-OriginatorOrg: rkf-eng.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB3567.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3a52eeb0-0d2d-4c13-c5d6-08d8972a493c
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Dec 2020 01:25:14.5025 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4ed8b15b-911f-42bc-8524-d89148858535
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EruGfekn9y2NHfukBMcyjsRwyMlJyDroBN8NUn/stCyrjNd/61CG9D/rtOkYb913b8B0EAnZMHPJszJ7+ISkRA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3229
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/6IgijN9eF1-Hd49NKg_yuNsU_9w>
Subject: [dtn] BPSec ASB structure
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 01:25:26 -0000

Ed,
I started into implementing a very simple abstract security block (ASB) dissector and have come across two separate observations about the ASB security results:

  1.  The array-of-target-block-numbers is separate from the array-of-result-sets, which allows a well-formed CBOR structure to be invalid ASB and it's not something which can be enforced by current CDDL (in the example below, the "targets" array must be equal sized to the "target-results" array).
Is there a reason why the array-of-result-sets doesn't embed the target block number along with each target's result set? I could provide an updated CDDL-type example of what I mean.
The one benefit of the current split is that a security acceptor can see the targets without caring about the results, but that can be mitigated by #2 below.
  2.  Because each of the results is a direct CBOR item, a result with a complex structure cannot be easily skipped. A security acceptor for one result may need to do additional data handling to skip over unwanted results. The same way that the canonical block structure uses cbor-within-bstr encoding to allow skipping over chunks of structure without decoding them, the ASB could have each result value be a bstr but require that it contain encoded CBOR. Then an acceptor could skip over individual result value without decoding.

Untested CDDL for an ASB, with "TBD" block type code, based on the BPbis CDDL:

$extension-block-structure /= extension-block-use<TBD, embedded-cbor<ext-data-asb>>

ext-data-asb = [
  targets: [1* target-block-num],
  context-id: int,
  flags: uint .bits asb-flag-bits,
  ? source: eid,
  ? parameters: asb-id-val-pair,
  target-results: [1* asb-id-val-pair]
]
target-block-num = uint
asb-flag-bits = &(
  sec-params-present: 1,
  sec-source-present: 2
)
asb-id-val-pair = [
  id: uint,
  val: any
]

v2.23.0 | Report a Bug | By Email