IETF Logo Mail Archive

Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02

Rick Taylor <rick@tropicalstormsoftware.com> Fri, 09 April 2021 07:59 UTC

Return-Path: <rick@tropicalstormsoftware.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A297E3A14F9 for <dtn@ietfa.amsl.com>; Fri, 9 Apr 2021 00:59:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R_Q6Tk6wqzOA for <dtn@ietfa.amsl.com>; Fri, 9 Apr 2021 00:59:48 -0700 (PDT)
Received: from mail.tropicalstormsoftware.com (mail.tropicalstormsoftware.com [188.94.42.120]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92ABA3A14FA for <dtn@ietf.org>; Fri, 9 Apr 2021 00:59:47 -0700 (PDT)
Received: from tss-server1.home.tropicalstormsoftware.com ([fe80::48e4:acbb:6065:8168]) by tss-server1.home.tropicalstormsoftware.com ([fe80::48e4:acbb:6065:8168%16]) with mapi id 14.03.0513.000; Fri, 9 Apr 2021 08:59:44 +0100
From: Rick Taylor <rick@tropicalstormsoftware.com>
To: "zaheduzzaman.sarker@ericsson.com" <zaheduzzaman.sarker@ericsson.com>, "dtn@ietf.org" <dtn@ietf.org>, "Edward.Birrane@jhuapl.edu" <Edward.Birrane@jhuapl.edu>
CC: "magnus.westerlund@ericsson.com" <magnus.westerlund@ericsson.com>
Thread-Topic: AD review of draft-ietf-dtn-bpsec-default-sc-02
Thread-Index: AQHXH1vax7LWSJVgGEW7LhnHV51gYaqaUmZQgAOJLQCACcDOsIAD56AAgABZGoA=
Date: Fri, 09 Apr 2021 07:59:43 +0000
Message-ID: <01fde9bd754f4578f6e81b10e8b22dea77de89c4.camel@tropicalstormsoftware.com>
References: <EAF9AEEC-B28E-48AC-BE47-1DAD6FA3609B@ericsson.com> <7b1238eb22fa41cd826548c5a53f2e42@aplex01.dom1.jhuapl.edu> <1663F867-DB26-4B00-B341-EAE4AB84D39B@ericsson.com> <38A5475DE83986499AEACD2CFAFC3F9801F5A55580@tss-server1.home.tropicalstormsoftware.com> <D0F15504-4889-4ADF-BD74-DFB82D1C4F6A@ericsson.com>
In-Reply-To: <D0F15504-4889-4ADF-BD74-DFB82D1C4F6A@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Evolution 3.38.1-1
x-originating-ip: [2a02:1648:4000:120::5]
Content-Type: text/plain; charset="utf-8"
Content-ID: <40F8FEB084059846AE7853961877A92E@home.tropicalstormsoftware.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/XD7oXf5BkPcSDJLgh2eg-g25PzQ>
Subject: Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Apr 2021 07:59:53 -0000

Hi Zahed,

Okay.. I agree there is value in recording that key management is a
potential source of complication, and the detail isn't covered in this
document.

@Ed: Does that work for you?

Cheers,

Rick


On Thu, 2021-04-08 at 23:40 +0000, Zaheduzzaman Sarker wrote:
> Hello Rick, 
> 
> Thanks for the pointers. I have skimmed through the IETF100 minutes
> but could not really find notes on key management discussion. I
> certainly found the decision behind separate sec context document.
> So, that was somewhat helpful to get the context.
> 
> Now, if the WG has a consensus that "this limitation is appropriate
> for now
>     > for this default security context and the DTN WG is looking to
> determine
>     > delay-tolerant key management strategies in the future." As
> mentioned by Edward in his response. 
> I think the bpsec-default-sc document should describe the potential
> issues due to lack of proper key management and explain why this
> limitation is OK for default security context. Basically recording
> that the WG is aware of issues and has well thought decision for
> default security context.
> 
> 
> BR
> Zahed
> 
> On 2021-04-06, 16:08, "Rick Taylor" <rick@tropicalstormsoftware.com>
> wrote:
> 
>     Hi Zahed,
> 
>     Just as a bit of clarification to your point re Key Management.
> 
>     The working group has discussed key management a couple of times
> (IETF-100 in particular) and there is at least one proposed solution,
> however the rough consensus of the group is that this topic is tricky
> to get right in a couple of paragraphs in either BPSec or in this
> document (which we intend to be as short and simple as possible), and
> therefore it would be better to not attempt a lose definition before
> the WG has a firmer view on best practice, and have to update these
> documents.
> 
>     To that end, Key Management as a work item for the group is a
> firm proposal for the re-chartering, and there seems to be sufficient
> interest and excitement in the group to get it done.
> 
>     References: IETF-100 minutes and mailing list - I can't find a
> single obvious thread on the mailing list unfortunately.
> 
>     Cheers,
> 
>     Rick
> 
>     > -----Original Message-----
>     > From: dtn [mailto:dtn-bounces@ietf.org] On Behalf Of
> Zaheduzzaman Sarker
>     > Sent: 31 March 2021 08:07
>     > To: Birrane, Edward J.; dtn@ietf.org
>     > Cc: Magnus Westerlund
>     > Subject: Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-
> sc-02
>     > 
>     > Hi Edward,
>     > 
>     > Thanks for the update. The -03 version addresses most of the
> comments and
>     > concerns.
>     > 
>     > See my further comments inline below with [ZS].
>     > 
>     > BR
>     > Zahed
>     > 
>     > On 2021-03-29, 05:43, "Birrane, Edward J."
> <Edward.Birrane@jhuapl.edu>
>     > wrote:
>     > 
>     > 
>     >     > * It would be good for the user of this document to
> capture the reason
>     >     > behind selecting HMAC-SHA and AES-GCM in respective
> overview section
>     >     > (section 3.1 and section 4.1).
>     > 
>     >     C3: Agreed. I have added reasons for selection in 3.1 and
> 4.1 in the -03
>     > version.
>     > 
>     > [ZS] Thanks, this is a good addition.
>     > 
>     > In section 4.1 :
>     > 
>     > The BCB-AES-GCM security context shall have the security
> context
>     >      identifier specified in Section 5.1.
>     > 
>     > is this "shall" should be a "MUST" as described in Section 3.1?
>     > 
>     > 
>     >     > * Section 3.3.2 and Section 3.5 :
>     >     > It seems like some sort of key-id might be required to
> resolve
>     >     > this. The BPsec does not define any generic key-id and it
> is neither
>     > defined
>     >     > here. It might become an issue for interoperability.
>     > 
>     >     C5: Agreed this might become an issue for
> interoperability.  For example, if
>     > the policies for requiring security operations differ on
> different nodes there
>     > may be interop problems. Similarly, if the policies for key
>     > generation/communication differ on different nodes, there may
> be interop
>     > problems. The DTNWG consensus was this limitation is
> appropriate for now
>     > for this default security context and the DTN WG is looking to
> determine
>     > delay-tolerant key management strategies in the future.
>     > 
>     > [ZS] Ok,  is this consensus documented somewhere? Meeting notes
> or email
>     > thread or whatever?
>     > 
>     > 
>     > 
>     >     > * Section 4.3.2 :
>     >     >      Does this "security policy" refers to local security
> policy?
>     > 
>     >     C15: Yes.  Security policy at the source, verifier, or
> acceptor is meant to
>     > imply the local security policy at the node.
>     > 
>     > [ZS] Ok, then clearly stating that helps. It was clearly
> mention in the other
>     > place(s).
>     > 
>     > 
>     >     > * Section 6.3
>     >     >
>     >     >      To me this security considerations for fragmentation
> belongs to BPsec
>     > as
>     >     > the main technical issues on fragmentation are described
> there.
>     > 
>     >     C17: I would support removing the fragmentation section
> from this
>     > document and including it in some other broader-scoped document
> on DTN
>     > security, though perhaps not the BPSec document itself because
> the issues
>     > with fragmentation can extend beyond the insertion and handling
> of security
>     > blocks.
>     > 
>     > [ZS] I don't think removing the fragmentation section from this
> document to
>     > some other document actually helps. This is a very important
> aspect of the
>     > security context and I think it is better to be decisive about
> it now. If moved
>     > to BPSec then other documents , specially security context
> documentation,
>     > can just refer to it. The question really is, where does it
> make more sense put
>     > there it is in line with the context of the content of the
> document? Right now
>     > I see that is BPsec.
>     > 
>     > 
>     >     > I would also like to draw attention to the SECART review
> (Thanks to the
>     >     > SECART team and Christian Huitema) proposing test vectors
> to mitigate
>     >     > interoperability issue pointed out by the reviewer. This
> seems like a good
>     >     > proposal to include in this specification.
>     > 
>     > 
>     >     C18: Agreed and grateful for the review! As mentioned in my
> comments to
>     > the SECART review and similar to C17 above, I think that
> example encodings
>     > are a very useful concept, but would ultimately be useful at
> showing bundle
>     > structure and security block structure. Rather than repeating
> such encodings
>     > in all future security context documents, I propose the DTN WG
> consider the
>     > best way to produce this broader-scope documentation.
>     > 
>     > [ZS] I see the test vectors related to the applicability of the
> this document
>     > hence this need to be considered well. Failing to assure
> interoperability
>     > actually undermine the intention of this document, hence any
> tools to help
>     > achieving that goal is worth putting effort into. Also we need
> to make sure
>     > the test vector is actually usable by more than one
> implementation.  I would
>     > be happy if DTN WG comes up with a best way forward here.
>     > 
>     > 
>     > 
>     > _______________________________________________
>     > dtn mailing list
>     > dtn@ietf.org
>     > https://www.ietf.org/mailman/listinfo/dtn
>

v2.23.0 | Report a Bug | By Email