IETF Logo Mail Archive

Re: [dtn] [Acme] WGLC for ACME DTN Node ID

Brian Sipos <BSipos@rkf-eng.com> Thu, 15 April 2021 18:32 UTC

Return-Path: <BSipos@rkf-eng.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B212C3A29AE for <dtn@ietfa.amsl.com>; Thu, 15 Apr 2021 11:32:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rkf-eng.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i_Xq2dXYQBDo for <dtn@ietfa.amsl.com>; Thu, 15 Apr 2021 11:31:58 -0700 (PDT)
Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam08on2072.outbound.protection.outlook.com [40.107.100.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD3063A197E for <dtn@ietf.org>; Thu, 15 Apr 2021 11:31:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TeGvW0WPZsKDEJW3YFtrfs9kxO382aoj1CwfmSatxvBiI3c6BQneilFMRr+v4fLe+T12g2pBE2oR0ypqgGWjnggqF69MZnv2VZyo1lemH74IVmYYfyPj1OuV2c9c9cZ6MPyHugnMGcguZuTrgf0bJdws0qt7YbOWrW2exjGW7sGw7nJXtP1TqaTQmkrrzXkyp5qTJH1n4K7pQ5MlSKm/1H5XTpkh2TuT+G3d12AhDKkz27LoOmphxj5dfr5LkowyZbOf0ame18D8xLwNFHOTLFUwCad4RnYsqLQDnguBqrGDS8m4Ougvwxjp+hiLnXJtnpkImMO2sefnChj/KywAmA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g7bfxmN+1Y/7RDJ/2dVPTJuQHT6s5P0cZgOoL/2JPB0=; b=Mzk7kJ4biNbwnMJ7WK7qIB6RkRMHz0hbpT+CualZOOwtm1NGEmvJFd/tinQ0YZ0VnKSruO8nJ9LFr7vFuePLHUvCpIWlXgmX2AvbaDqUB6Ond+Qz0GuvC/P4Grgp++T2aUrPjlsgysD4ihpIwBqxwBd2EuwoDnQ+JRXVHUabjTyL3WJX6d0fw6laLoOK7kC6d6aVl5BnCBsugSARj/Do/80dlx6Pdi4JVXlzQrIJKL4QVrL+qwbBZNvCG5xufGA2dKxxjglI1/QJCoDPlJsDE1BZK+FF92hcJ0LJA43YyOrsrht5nHORscFfg95Z3cErlzDEQVWDNsA3YAUxCFrr9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkf-eng.com; dmarc=pass action=none header.from=rkf-eng.com; dkim=pass header.d=rkf-eng.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rkf-eng.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=g7bfxmN+1Y/7RDJ/2dVPTJuQHT6s5P0cZgOoL/2JPB0=; b=LjKcuYwBsi254JbAuBMYSTCHSnNpTm3LSosZvX6QPfkIlU0W1av5jHTNsyLOiR2tVIoHvSF/q27O9GRMp/VVYoITyuYdBFndQFElDQei7dx9Fu7uZrJgQFaleluMalav6NKgOdIn1i+e7tx8yDOAvnQ5pLkfrQdc7L6waCUKAXo=
Received: from MN2PR13MB3567.namprd13.prod.outlook.com (2603:10b6:208:168::10) by BL0PR13MB4420.namprd13.prod.outlook.com (2603:10b6:208:17c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.6; Thu, 15 Apr 2021 18:31:52 +0000
Received: from MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::5db2:2ebc:2020:496f]) by MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::5db2:2ebc:2020:496f%5]) with mapi id 15.20.4042.016; Thu, 15 Apr 2021 18:31:51 +0000
From: Brian Sipos <BSipos@rkf-eng.com>
To: "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [Acme] WGLC for ACME DTN Node ID
Thread-Index: AQHXLT5BfSNCozHHr0WDM1PTxsWmz6qw8xdw
Date: Thu, 15 Apr 2021 18:31:51 +0000
Message-ID: <DM6PR13MB3562154A007745F3F22C45909F709@DM6PR13MB3562.namprd13.prod.outlook.com>
References: <MN2PR13MB356786C244606E57E23EC3039F739@MN2PR13MB3567.namprd13.prod.outlook.com>
In-Reply-To: <MN2PR13MB356786C244606E57E23EC3039F739@MN2PR13MB3567.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=rkf-eng.com;
x-originating-ip: [96.241.16.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2bfdb932-7274-4865-71cd-08d9003cbcf3
x-ms-traffictypediagnostic: BL0PR13MB4420:
x-microsoft-antispam-prvs: <BL0PR13MB44208E62C103BC2EC037C8E99F4D9@BL0PR13MB4420.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9Jx8KwDtXYzA9uBKypQUzyyru9pqIcuBttcc2Hg3QTosdnRuWdTAJ3uvM0FUKf0Eh0A7UBQtRag2mzSX6uvDf6QkDDyDQAPye3U5L8/6zSU7jxSv9SPQYfI+LVIMDvOhNzW7nn+xeYabeu/rK+c4PQ3D3rtQyywHNjTZr6rhSidCYhl48x4kJWH0Ov4amithxBjOT/TCbeHcdEJDWMs6avoO5OsurrU5XCq/UyQ5jxYkusYCx0boKa2FAz5NMZ0eI9aIqxx/CUQCuideTUjovtWXddN9PIy0gq3p3Os9g16n94dRhAF6tDDCXP593JItTwYo2tPkB/0ZzypImufXsmXlJ09Jt0nfY3kj+R2+AndGj4f1qb5YdEU1ox0dJhfmD8AQmxvB4apj8r399UbmbDMRll1RPFVKV0jr5hbqLL/arqLfke1R35u08s679VdJyVvaNk2acnSzEw7ilWmPrUQ26lL1IpBU0eMpdLtolQz1oP9FBgdryTswC03tYqTbZZDMQwEMpCW/80qsAaLLcdXjX8snRCvgBsVTbLSxZCGFspPbVJqHii962j9XAzltOMi69womhiZ7iPRZrH3nhfW7eRtUvdN+pXgXUvepGIa2exWfDxOTbq0agYHMqtCLhEwHzX/PEnc/V7CiuFdgLF//aU2Np/IXRKHWO8A1eYc=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB3567.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(376002)(39830400003)(396003)(346002)(6916009)(478600001)(316002)(19627405001)(71200400001)(8936002)(19627235002)(66556008)(66574015)(33656002)(38100700002)(66446008)(966005)(5660300002)(186003)(6506007)(52536014)(2906002)(122000001)(26005)(76116006)(8676002)(83380400001)(66946007)(6512007)(9686003)(53546011)(86362001)(66476007)(166002)(6486002)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 2DcNC9bB9Owt4IABF6SUlGVzIdZ34keRBjw5HCWt1eByEDjIpxlBUu4RdQT6PpbT1EBKMFVmf8nFN1HdbjErHONg+0ByXz4+IBI14B/yET+B92+1OFKMXI1Pc7dh5FIGtCg6084Wf8W22E/trsxj6h6NnAqLhzZXFyJE7REMn9l26CG08SSj23A8mrEfhzKgsGZdA9ndI7ofOKTdNrqUiOo81ItAUc/qgSLPtd0xqPU3qz0bncKkyzCbSjgwqzLRKWQTnpwWSec0qgcj5JTDDTGuYRupAoRMrNJXXX883WTztQ4BehWqwhDSKHpyrlCkbyOrSdpn1ZRAexL1Hxbnv963YCyX6hwWhP5DuL73Ab/gzsk3dLBXEUAwoy+CqMQ2LUA6b+WFkQxkW/WCTKTv+wG2x4LBNJJDlcd8xOoUIlrcWaGLJk1LsHj+pHzfCIUYoLzJ34QCoYO96pDnUgecGc3S2GAcORiGZDA3wJfGdwlW1tKMEiF8zrw6QENjA3/WXea2rDulJPP6bhoY9BDkyk7FaQ6S6xdiKaMvl42+E56FkudvOEzqnT8dHxG/8hO+mW3Ku68gOWz5bgVPkQ6L7lfy3ykvBdq3HShsudBR0DP2UVcrb+UOaggSpf25JN/sVwTZYhA1FHrfZpGqeK2gTcqBCuvwEFCV8ALSYsggXHAvdvDdEWmEaI39hYfM25aM6ceKXBjgiNwbbfEmX9MgNjZR+E+IOkELfmE5NrhUkqn4JHNck+1r9n1b0xQ9uuwfQ3u9bzXHy1v0Ll+aNEOtOelLLd4emPoR3Qkut8zPRmuclcnGx4cUWs85kRUOeowH4/yYyQVtUvCTh4cmat2yqIR5GxwZ1pASlwGknzx4nJmSdsgaVoBLXdrFiygAciHmLIv3mkGsc5J4FuHjMfA5X+zoboPpIAvnu/hd+9ZuU1+nvVVG+uAJpgmM6uoYYBjZzuuH0G+wweue62y45tL87czCrGJiQYudND6pLNa3omRd9W0aIoIhUZ9YXMFCvE5aZD66MZbrah77mN0n4i2D0u60bIXPspGzwoQwuCI2khpVOxeQS6Fr3+2S29cO/J9jT+otzHdpgjjco+ympwI+Imb8hFy/du4TF81XT9Q+ZrL95ao0M3z+F2qGyOIK3EX9NgFVdE7nIjSIumk8kLztrrySQJSeTeKPlWHR30e/hgXJIojzToaeTdSYgaeampOnTBUykvD4ch6URTU9viKJ2o5C1+oxrj+QedtyrpYVGwpt0MeoSb4dfdrHLWBZFnnLHc5saDAHa12sr2+sDyj1lvajGn9WogYZYX2uFOP6BDw=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR13MB3562154A007745F3F22C45909F709DM6PR13MB3562namp_"
MIME-Version: 1.0
X-OriginatorOrg: rkf-eng.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB3567.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2bfdb932-7274-4865-71cd-08d9003cbcf3
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2021 18:31:51.6605 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4ed8b15b-911f-42bc-8524-d89148858535
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: clRr2eb7tBDBgba97hvEESHmidV281DZe8vCoEoTrUZRgJFBFHEXlngzhqLQyI+djnaJwphmt39LWVvYkevpNg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR13MB4420
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/pDKqBsmdAMeq4NQ3JKp1fk5A5Qo>
Subject: Re: [dtn] [Acme] WGLC for ACME DTN Node ID
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Apr 2021 18:32:04 -0000

All,
One procedural complication I see is that because BPv7 didn't update the Bundle Administrative Record Types sub-registry table [4] to include a "Bundle Protocol Version" or similar column, it will need to be done by the next spec which adds a new admin record type. Record type 1 is shared between BP 6,7 but type 2 is exclusive to 6.

I'm not sure exactly how this will need to be phrased from the perspective of this table-updating document.

[4] https://www.iana.org/assignments/bundle/bundle.xhtml#admin-record-types

________________________________
From: dtn <dtn-bounces@ietf.org> on behalf of Brian Sipos <BSipos@rkf-eng.com>
Sent: Friday, April 9, 2021 17:30
To: dtn@ietf.org <dtn@ietf.org>
Subject: [dtn] FW: [Acme] WGLC for ACME DTN Node ID

All,
The ACME WG has begun last call on the draft DTN Node ID validation document [1], which proposes to add a BPv7 Administrative Record type to be able to validate ownership of a Node ID within a DTN. The ACME WG is reviewing this document from the ACME perspective, but it would be good to also review from DTN perspective.

The validation workflow is nearly identical to that email validation [2], which also relies on email routing and security (which itself relies on email-domain and DNS security) to provide assurance that the email is routed to a proper destination. I don't know, at this point, if there is any similar mechanism to DKIM [3] but making a stronger requirement about BPSec signing of the challenge and response bundle may be helpful; requiring a BIB sourced by either the ACME server or a trusted router.

[1] https://mailarchive.ietf.org/arch/msg/acme/ncn3LR_i8mPcAKx3qt33FgYuoK4/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Facme%2Fncn3LR_i8mPcAKx3qt33FgYuoK4%2F&data=04%7C01%7CBSipos%40rkf-eng.com%7C45866daaec1d4b2b522a08d8fb9ebd59%7C4ed8b15b911f42bc8524d89148858535%7C1%7C0%7C637536006513579548%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ck8SLRslkaZXGH%2B%2Fv0NlzdXdpmLFfUhwtSs5sYga6yk%3D&reserved=0>
[2] https://tools.ietf.org/html/draft-ietf-acme-email-smime-13<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-acme-email-smime-13&data=04%7C01%7CBSipos%40rkf-eng.com%7C45866daaec1d4b2b522a08d8fb9ebd59%7C4ed8b15b911f42bc8524d89148858535%7C1%7C0%7C637536006513589540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zCSzSUI%2FyaVnpAkr7jKrD82jXH4ToLAar2UGB3Fttl8%3D&reserved=0>
[3] https://www.rfc-editor.org/rfc/rfc6376.html<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-editor.org%2Frfc%2Frfc6376.html&data=04%7C01%7CBSipos%40rkf-eng.com%7C45866daaec1d4b2b522a08d8fb9ebd59%7C4ed8b15b911f42bc8524d89148858535%7C1%7C0%7C637536006513589540%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=6aZo1x9rXwMfxUU8aTiqYfHlw6tn%2FTx75oUfvVwCLMQ%3D&reserved=0>

v2.23.0 | Report a Bug | By Email