IETF Logo Mail Archive

Re: [dtn] Fwd: BPsec -22, Section 9.1

"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Thu, 03 September 2020 13:38 UTC

Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44F173A0BFF for <dtn@ietfa.amsl.com>; Thu, 3 Sep 2020 06:38:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fPuGDBm3HB7S for <dtn@ietfa.amsl.com>; Thu, 3 Sep 2020 06:38:19 -0700 (PDT)
Received: from aplegw02.jhuapl.edu (aplegw02.jhuapl.edu [128.244.251.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F8703A0BFC for <dtn@ietf.org>; Thu, 3 Sep 2020 06:38:19 -0700 (PDT)
Received: from pps.filterd (aplegw02.jhuapl.edu [127.0.0.1]) by aplegw02.jhuapl.edu (8.16.0.42/8.16.0.42) with SMTP id 083DNhLb044212; Thu, 3 Sep 2020 09:38:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : cc : date : message-id : references : in-reply-to : content-type : mime-version : subject; s=JHUAPLDec2018; bh=Gur+DOknuqvBnMDuwwHhpXL1TNP1ghu9Zh7nTeV9If4=; b=r32CQzrCDit6sXaugR+hiS+e4sDHtacj3rc5Vq4rMqV2UMdSVPeYuftl4Znh1ieUp0SR AeVFTm4/utm/pPIqlbJv4VtYfPkrDuR50gkQCDbbUQrvddPeAAXhPw/Z31Kq3sYQ/WrL fZHdPJpQHxU21qERU5RmitBcC2xcjZKTRURWYEmOJct1Jq3ik0xq/Ia5O9bzk4Qf5i2C KlMbu05v4Mac5bJETf5nzFfk6mZAdZEwSpeXPKjtu+GkZzZKcurPzkEm42TcCtUEwMMO 4hVcB9QGLZpZMrvNboDqi96mG+YBmFc9ASqxW4e6QhHlNVFlJ+LJFs7T2Cd10AM9BbaQ pA==
Received: from aplex05.dom1.jhuapl.edu (aplex05.dom1.jhuapl.edu [128.244.198.135]) by aplegw02.jhuapl.edu with ESMTP id 337k7wmfy9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 03 Sep 2020 09:38:15 -0400
X-CrossPremisesHeadersFilteredBySendConnector: aplex05.dom1.jhuapl.edu
Received: from aplex01.dom1.jhuapl.edu (128.244.198.5) by aplex05.dom1.jhuapl.edu (128.244.198.135) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 3 Sep 2020 09:38:14 -0400
Received: from aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50]) by aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50%25]) with mapi id 15.00.1497.006; Thu, 3 Sep 2020 09:38:14 -0400
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: "R. Atkinson" <rja.lists@gmail.com>, Magnus Westerlund <magnus.westerlund@ericsson.com>
CC: DTN WG <dtn@ietf.org>
Thread-Topic: [EXT] [dtn] Fwd: BPsec -22, Section 9.1
Thread-Index: AQHWgfcTIM4V8nuOMUWiMt/sBgbS+alW6oZA
Date: Thu, 03 Sep 2020 13:38:13 +0000
Message-ID: <fa24b11ea85f483282776a84a519bc9f@aplex01.dom1.jhuapl.edu>
References: <DB221853-1E21-46E1-B4B8-AB29378CEBC5@gmail.com> <7CE74C48-8E7D-42D3-B895-020E022E9DAD@gmail.com>
In-Reply-To: <7CE74C48-8E7D-42D3-B895-020E022E9DAD@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.244.198.168]
Content-Type: multipart/alternative; boundary="_000_fa24b11ea85f483282776a84a519bc9faplex01dom1jhuapledu_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: aplex05.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-03_06:2020-09-03, 2020-09-03 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/d9fqDIDwfkhCSkYnfzBDoLQudVo>
Subject: Re: [dtn] Fwd: BPsec -22, Section 9.1
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2020 13:38:21 -0000

Ran,

  I really liked your proposed working for Section 9.1.

  I am waiting a bit longer for any other accumulated comments/edits (hopefully from ADs with open DISCUSS as to whether BPsec-22 resolves their concerns…) before posting a new version.  But if it helps I can certainly post a -23 and then a -24 later.

-Ed

---
Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839


From: dtn <dtn-bounces@ietf.org> On Behalf Of R. Atkinson
Sent: Thursday, September 03, 2020 9:35 AM
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Cc: DTN WG <dtn@ietf.org>
Subject: [EXT] [dtn] Fwd: BPsec -22, Section 9.1

APL external email warning: Verify sender dtn-bounces@ietf.org<mailto:dtn-bounces@ietf.org> before clicking links or attachments



Magnus,

I would gently suggest that if DTN WG combined my proposed edits below (email to DTN list August 7th) -- along with the proposed edits I offered earlier (email to DTN list July 29th w/ Subject: Re: [dtn] BPbis - mandatory BPsec) —that ought to be sufficient to resolve the ”MUST implement security" concerns.

I defer to the WG Chairs and AD for formal consensus determination, but I haven’t seen substantial objections to either of my notes referenced above.

For context, I’m the ghost author of RFC 3552 (most of the words are mine, which is acknowledged explicitly) and I’ve done IETF security work for about 3 decades now (e.g. RFC-1704, RFC-1825 thru RFC-1827, RFC-2082, et alia).

Thanks,

Ran Atkinson



Begin forwarded message:

From: "R. Atkinson" <rja.lists@gmail.com<mailto:rja.lists@gmail.com>>
Subject: BPsec -22, Section 9.1
Date: August 7, 2020 at 09:25:55 EDT
To: DTN WG <dtn@ietf.org<mailto:dtn@ietf.org>>

All,

Some belated feedback on the BPsec -22 draft follows, organised by section/page.etc.

Section 9.1, page 34, 2nd paragraph, which begins “Implementations of BPsec MUST…"

I am open to wordsmithing, but I propose to replace that one paragraph with these 3 paragraphs.  I am using separate paragraphs to talk about separate concepts primarily for readability.

PROPOSED NEW TEXT:

 "To ensure interoperability among various implementations, all BPSec implementations
   MUST support at least the current IETF standards-track mandatory security context(s).
   As of this writing, that BCP mandatory security context is specified in
   [I-D.ietf-dtn-interop-sc], but the mandatory security context(s) might change
   over time in accordance with usual IETF processes.  Such changes are likely to occur
   in future if/when flaws are discovered in the applicable cryptographic algorithms,
   for example.

   "Additionally, BPsec implementations need to support the security contexts which
    are specified and/or used by the BP networks in which they are deployed.

  "If a node serves as a gateway amongst two or more networks, the BPSec
    implementation at that node needs to support the union of security contexts
    mandated in those networks.”

REASONING:

An implementer of BPsec might or might not have any idea where his/her implementation might be deployed.  So the existing paragraph inadvertently requires an implementer to have knowledge which they very likely cannot have.

Extensive prior experience with IETF security protocols at various layers (e.g., IPsec tunnel-mode, IPsec transport-mode, TLS, routing protocol authentication) has consistently shown that at least one mandatory-to-implement security context needs to be specified.  As noted just above, an implementer might well not know where and how a BPsec implementation might be deployed in future.  So it is important to require implementation of at least one security context which will be common across all implementations.

Experience also has shown that over time the mandatory-to-implement security context will need to change.  The two most common reasons are (a) newly discovered flaw in a cryptographic algorithm (e.g., MD4, MD5, SHA) and (b) improved computational power making an existing algorithm computationally-feasible to attack (e.g., DES).

There is a practical requirement that implementations within a given network support whichever security context that network deploys and also that a gateway between networks support applicable security context(s).  However, those are not something which IETF reasonably can mandate, since an implementer can’t always know where a given BPsec implementation might be deployed in future.  IETF standards normally focus on implementations rather than on deployments.  Where IETF does focus on deployment matters, the usual approach is to publish a “Best Current Practice (BCP)” document rather than a “standard”.


QUESTION:

Should we maybe avoid mandating [ID.bpsec-interop-sc] above and instead re-word the text above to say "as per the latest IETF BCP specifying mandatory-to-implement BPsec security contexts" (and then create a 1 paragraph BCP that says ID.bpsec-interop-sc is the current mandatory-to-implement security context) ??

That would have the hassle of creating an additional (BCP) document now, but would avoid the future hassle of needing to deprecate the entire BPsec RFC ONLY because some other security context became the mandatory-to-implement security context.  If the BPsec protocol is fine, then it would be nice to be able to change mandatory-to-implement security contexts WITHOUT changing the BPsec protocol specification.  This type of thing has happened in the past with other IETF security protocols.


Feedback very welcome…


Thanks !

v2.23.0 | Report a Bug | By Email