Re: [dtn] Roman Danyliw's No Objection on draft-ietf-dtn-bpsec-18: (with COMMENT)

"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Sat, 08 February 2020 00:30 UTC

Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 311621200B3; Fri, 7 Feb 2020 16:30:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ksbFSJkdRaeW; Fri, 7 Feb 2020 16:30:18 -0800 (PST)
Received: from aplegw02.jhuapl.edu (aplegw02.jhuapl.edu [128.244.251.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 311C412008B; Fri, 7 Feb 2020 16:30:18 -0800 (PST)
Received: from pps.filterd (aplegw02.jhuapl.edu [127.0.0.1]) by aplegw02.jhuapl.edu (8.16.0.42/8.16.0.42) with SMTP id 0180OXOU124982; Fri, 7 Feb 2020 19:30:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : cc : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version : subject; s=JHUAPLDec2018; bh=3pwb6U3Tv289gOBWIqJw1FyOUMo78YUWtreWMOzQgsg=; b=CLK9ITt0C1m0UdOYWraGnk0tAPhdb2hNwYkFGo1JUSdkY3jAV4D5gk8sG6lLjIDX5v8o ZT2nOfLW1x8bQlR3skRdIQyiPNj1o1Xs+ZsdiT6CXb9ZwprdfuN5So5efPCZhAuUjQgQ C5y1zQ0+MvuqxxU0a6tg79Cu8is/kUUUYrJBW6IBAAYUzh8LP27uImtkaS33oscn1fn5 19wDGCPdgAF1DzrGekLnps8dLq/ofDXGtpyb9QEogUYrQRIogjU5ZXHtuzRQvHOsn+XN g81ca1KJhwd43q9yVZh6ASfEqjOEa5/Vj4XsecJZfIiL/H2gAeJ+bo2+2n8jJ80s6xx5 Dw==
Received: from aplex06.dom1.jhuapl.edu (aplex06.dom1.jhuapl.edu [128.244.198.140]) by aplegw02.jhuapl.edu with ESMTP id 2xyhp8nygc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 07 Feb 2020 19:30:16 -0500
X-CrossPremisesHeadersFilteredBySendConnector: APLEX06.dom1.jhuapl.edu
Received: from aplex01.dom1.jhuapl.edu (128.244.198.5) by APLEX06.dom1.jhuapl.edu (128.244.198.140) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Fri, 7 Feb 2020 19:30:15 -0500
Received: from aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50]) by aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50%25]) with mapi id 15.00.1473.003; Fri, 7 Feb 2020 19:30:15 -0500
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-dtn-bpsec@ietf.org" <draft-ietf-dtn-bpsec@ietf.org>, "Scott Burleigh" <Scott.C.Burleigh@jpl.nasa.gov>, "dtn-chairs@ietf.org" <dtn-chairs@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [EXT] Roman Danyliw's No Objection on draft-ietf-dtn-bpsec-18: (with COMMENT)
Thread-Index: AQHV2wrrPDHfB5HhNkiMvUXxeQsCNagQdo/g
Date: Sat, 8 Feb 2020 00:30:14 +0000
Message-ID: <e3e369d5d2dc485eab728f9b0280a382@aplex01.dom1.jhuapl.edu>
References: <158078679891.28568.13665294441251920793.idtracker@ietfa.amsl.com>
In-Reply-To: <158078679891.28568.13665294441251920793.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.244.198.168]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OrganizationHeadersPreserved: APLEX06.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.572 definitions=2020-02-07_06:2020-02-07, 2020-02-07 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/aFtrrU9yZibzWN_u2XIJowSldVk>
Subject: Re: [dtn] Roman Danyliw's No Objection on draft-ietf-dtn-bpsec-18: (with COMMENT)
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Feb 2020 00:30:20 -0000

Roman,

  Thank you for the review and comments for BpSec.  I have updated the document to BPSEC20 which I believe addresses your comments.

  Specific comments are in-line below.  I have enumerated the comment items as ++C# to aid in referencing these points going forward.

Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Principal Staff, Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839


-----Original Message-----
From: Roman Danyliw via Datatracker <noreply@ietf.org> 
Sent: Monday, February 3, 2020 10:27 PM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dtn-bpsec@ietf.org; Scott Burleigh <Scott.C.Burleigh@jpl.nasa.gov>ov>; dtn-chairs@ietf.org; Scott.C.Burleigh@jpl.nasa.gov; dtn@ietf.org
Subject: [EXT] Roman Danyliw's No Objection on draft-ietf-dtn-bpsec-18: (with COMMENT)

APL external email warning: Verify sender noreply@ietf.org before clicking links or attachments 

Roman Danyliw has entered the following ballot position for
draft-ietf-dtn-bpsec-18: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dtn-bpsec/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** Section 2.  Per “The application of security services in a DTN is a complex endeavor that must consider …”, the current and future threat environment is also a needed consideration.

++C1: No issue. I have updated the text in BPSEC20.

** Section 3.6, Please explicitly state that the values of this ID should come from the registry defined in Section 11.2.

++C2: No issue. I have updated the text in BPSEC20.

** Section 3.7.  Per “The Security Context Id MUST utilize an end-to-end authentication cipher or an end-to-end error detection cipher.”, what is a “end-to-end” in this context?

++C3: Agreed this needs to be clarified. I have updated text related to this in BPSEC20.

** Section 4.  “Reserved flags  MUST NOT be included in any canonicalization as it is not known if those flags will change in transit.”, to which protocol fields is this “reserved flags” referring to?

++C4: Agreed this is ambiguous. I have clarified these are the block processing control flags in BPSEC20.

** Section 8.2.1.  Please add text to note that irrespective of whether BPSec is used, traffic analysis will be possible

++C5: Agreed this is a useful note. I have added it in BPSEC20.

** Section 8.2.4.  Per “With these attacks Mallory's objectives may vary, but may be targeting either the bundle protocol or application-layer protocols conveyed by the bundle protocol.”, please add that the target could also be the storage and compute of the nodes running the bundle or application layer protocols (e.g., a denial of service to flood on the storage of the store-and-forward mechanism; or compute which would process the packets and perhaps prevent other activities)

++C6: Agreed this is a useful note. I have added it in BPSEC20.

** Editorial Nits
-- Section 3.8.  Editorial nit.  Section 3.7 uses a bulleted list for the properties of the block.  Here there are no bullets.

++C7: This has been corrected in BPSEC20.

-- Section 3.8.  Per “The determination of where to place these data is a function of the cipher suite and security context used” -- s/place these data/place this data/

++C8: I have updated the text in BPSEC20.

-- Section 5.1.1 and 5.1.2. s/be be treated/be treated/

++C9: I have fixed this in BPSEC20.

-- Section 8.2.2. Expand the IND-CCA2 acronym.

++C10: I have included the expansion in BPSEC20.