[dtn] Security in BPv7
"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Tue, 10 June 2014 04:13 UTC
Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580791A0398 for <dtn@ietfa.amsl.com>; Mon, 9 Jun 2014 21:13:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.853
X-Spam-Level:
X-Spam-Status: No, score=-4.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGMxeToVwSTt for <dtn@ietfa.amsl.com>; Mon, 9 Jun 2014 21:13:22 -0700 (PDT)
Received: from pilot.jhuapl.edu (pilot.jhuapl.edu [128.244.251.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00A291A0396 for <dtn@ietf.org>; Mon, 9 Jun 2014 21:13:21 -0700 (PDT)
Received: from aplexcas1.dom1.jhuapl.edu (unknown [128.244.198.90]) by pilot.jhuapl.edu with smtp (TLS: TLSv1/SSLv3,128bits,RC4-MD5) id 60a2_ab34_6c1ab30b_80ce_4a42_9d0c_f6cd9f070a11; Tue, 10 Jun 2014 00:13:14 -0400
Received: from aplesfreedom.dom1.jhuapl.edu ([128.244.198.204]) by aplexcas1.dom1.jhuapl.edu ([128.244.198.90]) with mapi; Tue, 10 Jun 2014 00:13:14 -0400
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, "dtn@ietf.org" <dtn@ietf.org>
Date: Tue, 10 Jun 2014 00:13:14 -0400
Thread-Topic: Security in BPv7
Thread-Index: AQHPhGJM1cQphzBZO02l8sAiqho8CQ==
Message-ID: <329D879C76FDD04AAAE84BB1D89B39700957131B7B@aplesfreedom.dom1.jhuapl.edu>
References: <2134F8430051B64F815C691A62D983181B2C0587@XCH-BLV-504.nw.nos.boeing.com>
In-Reply-To: <2134F8430051B64F815C691A62D983181B2C0587@XCH-BLV-504.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dtn/dbE5v3LHmlURficLkJnnRbN7mZ0
Subject: [dtn] Security in BPv7
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jun 2014 04:13:24 -0000
I've been thinking through the concept of whether security (e.g., security blocks) should be formally defined in BPv7 or whether their definition should be deferred to a separate document. Having worked through several use cases for both space and terrestrial networking, I think that BPv7 should not mandate a particular security block structure. In most cases, we've been using the design mantra "make the common case fast", which will work for (by definition) a majority of deployments. However, I am sure there are boundary cases and pathological topologies for which a particular closed network or other special deployment would want something different. For those networks, it is far easier to stay compliant with BP and then non-compliant with BSP/SBSP than to require divergence from the core standard. Further, my intuition is that the security posture is best captured in a series of (at least) three documents: the initial common-case security blocks (SBSP), a security recipe for common security services (drafting in progress), and configurations/policy best practices. To the extent that a "recipe book" for security would show more than one way to achieve a desired security service, baselining a single methodology in 5050 or BP7 spec would be unduly constraining. Long story short, I think the path proposed in BPv7 (pointing outside of the document) for security services seems like a sensical thing to be doing. -Ed ________________________________________ From: dtn [dtn-bounces@ietf.org] On Behalf Of Templin, Fred L [Fred.L.Templin@boeing.com] Sent: Friday, June 06, 2014 2:38 PM To: dtn@ietf.org Subject: [dtn] FW: I-D Action: draft-burleigh-bpv7-00.txt FYI, see below for a first draft of RFC5050bis (Appendix A has a summary of differences from RFC5050). Comments to dtn@ietf.org. -----Original Message----- From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Friday, June 06, 2014 10:38 AM To: i-d-announce@ietf.org Subject: I-D Action: draft-burleigh-bpv7-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Proposed Revised Bundle Protocol Author : Scott Burleigh Filename : draft-burleigh-bpv7-00.txt Pages : 64 Date : 2014-06-06 Abstract: This Internet Draft presents a proposed modification to the Bundle Protocol Specification, including notes on the rationale underlying some of the proposed changes. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-burleigh-bpv7/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-burleigh-bpv7-00 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt _______________________________________________ dtn mailing list dtn@ietf.org https://www.ietf.org/mailman/listinfo/dtn
- [dtn] FW: I-D Action: draft-burleigh-bpv7-00.txt Templin, Fred L
- [dtn] Security in BPv7 Birrane, Edward J.
- [dtn] Network Management - Node IDs versus EIDs? Birrane, Edward J.
- Re: [dtn] Security in BPv7 Stephen Farrell