IETF Logo Mail Archive

[dtn] Security in BPv7

"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Tue, 10 June 2014 04:13 UTC

Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 580791A0398 for <dtn@ietfa.amsl.com>; Mon, 9 Jun 2014 21:13:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.853
X-Spam-Level:
X-Spam-Status: No, score=-4.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGMxeToVwSTt for <dtn@ietfa.amsl.com>; Mon, 9 Jun 2014 21:13:22 -0700 (PDT)
Received: from pilot.jhuapl.edu (pilot.jhuapl.edu [128.244.251.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00A291A0396 for <dtn@ietf.org>; Mon, 9 Jun 2014 21:13:21 -0700 (PDT)
Received: from aplexcas1.dom1.jhuapl.edu (unknown [128.244.198.90]) by pilot.jhuapl.edu with smtp (TLS: TLSv1/SSLv3,128bits,RC4-MD5) id 60a2_ab34_6c1ab30b_80ce_4a42_9d0c_f6cd9f070a11; Tue, 10 Jun 2014 00:13:14 -0400
Received: from aplesfreedom.dom1.jhuapl.edu ([128.244.198.204]) by aplexcas1.dom1.jhuapl.edu ([128.244.198.90]) with mapi; Tue, 10 Jun 2014 00:13:14 -0400
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, "dtn@ietf.org" <dtn@ietf.org>
Date: Tue, 10 Jun 2014 00:13:14 -0400
Thread-Topic: Security in BPv7
Thread-Index: AQHPhGJM1cQphzBZO02l8sAiqho8CQ==
Message-ID: <329D879C76FDD04AAAE84BB1D89B39700957131B7B@aplesfreedom.dom1.jhuapl.edu>
References: <2134F8430051B64F815C691A62D983181B2C0587@XCH-BLV-504.nw.nos.boeing.com>
In-Reply-To: <2134F8430051B64F815C691A62D983181B2C0587@XCH-BLV-504.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/dtn/dbE5v3LHmlURficLkJnnRbN7mZ0
Subject: [dtn] Security in BPv7
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jun 2014 04:13:24 -0000

I've been thinking through the concept of whether security (e.g., security blocks) should be formally defined in BPv7 or whether their definition should be deferred to a separate document.

Having worked through several use cases for both space and terrestrial networking, I think that BPv7 should not mandate a particular security block structure. In most cases, we've been using the design mantra "make the common case fast", which will work for (by definition) a majority of deployments. However, I am sure there are boundary cases and pathological topologies for which a particular closed network or other special deployment would want something different. For those networks, it is far easier to stay compliant with BP and then non-compliant with BSP/SBSP than to require divergence from the core standard. 

Further, my intuition is that the security posture is best captured in a series of (at least) three documents: the initial common-case security blocks (SBSP), a security recipe for common security services (drafting in progress), and configurations/policy best practices. To the extent that a "recipe book" for security would show more than one way to achieve a desired security service, baselining a single methodology in 5050 or BP7 spec would be unduly constraining.

Long story short, I think the path proposed in BPv7 (pointing outside of the document) for security services seems like a sensical thing to be doing.

-Ed
________________________________________
From: dtn [dtn-bounces@ietf.org] On Behalf Of Templin, Fred L [Fred.L.Templin@boeing.com]
Sent: Friday, June 06, 2014 2:38 PM
To: dtn@ietf.org
Subject: [dtn] FW: I-D Action: draft-burleigh-bpv7-00.txt

FYI, see below for a first draft of RFC5050bis (Appendix A has a
summary of differences from RFC5050). Comments to dtn@ietf.org.

-----Original Message-----
From: I-D-Announce [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org
Sent: Friday, June 06, 2014 10:38 AM
To: i-d-announce@ietf.org
Subject: I-D Action: draft-burleigh-bpv7-00.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Proposed Revised Bundle Protocol
        Author          : Scott Burleigh
        Filename        : draft-burleigh-bpv7-00.txt
        Pages           : 64
        Date            : 2014-06-06

Abstract:
   This Internet Draft presents a proposed modification to the Bundle
   Protocol Specification, including notes on the rationale underlying
   some of the proposed changes.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-burleigh-bpv7/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-burleigh-bpv7-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

_______________________________________________
dtn mailing list
dtn@ietf.org
https://www.ietf.org/mailman/listinfo/dtn

v2.23.0 | Report a Bug | By Email