Re: [dtn] Mirja Kühlewind's Discuss on draft-ietf-dtn-bpsec-18: (with DISCUSS and COMMENT)

Mirja Kuehlewind <ietf@kuehlewind.net> Tue, 11 February 2020 12:04 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586A612010D; Tue, 11 Feb 2020 04:04:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mIBMo3g1rnA; Tue, 11 Feb 2020 04:04:31 -0800 (PST)
Received: from wp513.webpack.hosteurope.de (wp513.webpack.hosteurope.de [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E5921200F9; Tue, 11 Feb 2020 04:04:31 -0800 (PST)
Received: from 200116b82c13d0007056c073a2e217e4.dip.versatel-1u1.de ([2001:16b8:2c13:d000:7056:c073:a2e2:17e4]); authenticated by wp513.webpack.hosteurope.de running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1j1UHD-00075c-3o; Tue, 11 Feb 2020 13:04:27 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <ietf@kuehlewind.net>
In-Reply-To: <035730f96e28463a8141b026079bf3c3@aplex01.dom1.jhuapl.edu>
Date: Tue, 11 Feb 2020 13:04:25 +0100
Cc: The IESG <iesg@ietf.org>, "draft-ietf-dtn-bpsec@ietf.org" <draft-ietf-dtn-bpsec@ietf.org>, Scott Burleigh <Scott.C.Burleigh@jpl.nasa.gov>, "dtn-chairs@ietf.org" <dtn-chairs@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE73788D-7E72-4246-B996-7F79AC805B87@kuehlewind.net>
References: <158072863257.28637.8806505241822600245.idtracker@ietfa.amsl.com> <035730f96e28463a8141b026079bf3c3@aplex01.dom1.jhuapl.edu>
To: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
X-Mailer: Apple Mail (2.3445.104.11)
X-bounce-key: webpack.hosteurope.de;ietf@kuehlewind.net;1581422671;7b2112ff;
X-HE-SMSGID: 1j1UHD-00075c-3o
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/MdceZCjH1YE2RKslj9Akky2GTZM>
Subject: Re: [dtn] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Discuss_on_draft-ietf-d?= =?utf-8?q?tn-bpsec-18=3A_=28with_DISCUSS_and_COMMENT=29?=
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 12:04:35 -0000

Hi Ed,

Thanks for the new text section 9.1. Reading this text I would to confirm one more thing: I understand that the best choice for the security context can be very different, however, the point of interoperability is to have at least one available, that might not be optimal but it better than none. Having one common security context required would also simply mean that each implementation would need to support that and therefore it becomes much easier for people to reply BPSec if the provided one is suitable. Is it not possible to find such a minimal requirement?

Mirja



> On 8. Feb 2020, at 01:23, Birrane, Edward J. <Edward.Birrane@jhuapl.edu> wrote:
> 
> Mirja,
> 
>  Thank you for the review. I have updated a new version of BPSEC  (BPSEC20) which attempts to address your DISCUSS and COMMENTS below.
> 
>  Specific comments are in-line below.  I have enumerated the Discuss items as **D# and the comment items as **C# to aid in referencing these points going forward.
> 
> -Ed
> 
> ---
> Edward J. Birrane, III, Ph.D.
> Embedded Applications Group Supervisor
> Space Exploration Sector
> Johns Hopkins Applied Physics Laboratory
> (W) 443-778-7423 / (F) 443-228-3839
>   
> 
> 
>> -----Original Message-----
>> From: Mirja Kühlewind via Datatracker <noreply@ietf.org>
>> Sent: Monday, February 03, 2020 6:17 AM
>> To: The IESG <iesg@ietf.org>
>> Cc: draft-ietf-dtn-bpsec@ietf.org; Scott Burleigh
>> <Scott.C.Burleigh@jpl.nasa.gov>ov>; dtn-chairs@ietf.org;
>> Scott.C.Burleigh@jpl.nasa.gov; dtn@ietf.org
>> Subject: [EXT] Mirja Kühlewind's Discuss on draft-ietf-dtn-bpsec-18: (with
>> DISCUSS and COMMENT)
>> 
>> APL external email warning: Verify sender noreply@ietf.org before clicking
>> links or attachments
>> 
>> Mirja Kühlewind has entered the following ballot position for
>> draft-ietf-dtn-bpsec-18: Discuss
>> 
>> When responding, please keep the subject line intact and reply to all email
>> addresses included in the To and CC lines. (Feel free to cut this introductory
>> paragraph, however.)
>> 
>> 
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>> 
>> 
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-dtn-bpsec/
>> 
>> 
>> 
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>> 
>> Sec 1.2 says:
>> "A sample security
>>   context has been defined ([I-D.ietf-dtn-bpsec-interop-sc]) to support
>>   interoperability testing and serve as an exemplar for how security
>>   contexts should be defined for this specification."
>> However I don't really understand how interoperability can be reached if
>> there is not at least one security context that is mandatory to implement in
>> this draft (especially as ietf-dtn-bpsec-interop-sc is expired for more than
>> half a year already)...?
> 
> **D1: I have added a new Section 9.1 to BPSEC20 which describes the desired approach to BPSec and security contexts.  I have also updated ietf-dtn-bpsec-interop-sc which should be going into WG last call.
> 
>> 
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>> 
>> Please use the updated disclaimer in rfc8174.
>> 
> 
> **C1: Agreed. The disclaimer has been updated in BPSEC20.
> 
> -Ed
>