Re: [dtn] BPSEC Request: Removal of BAB blocks
Carlo Caini <carlo.caini@unibo.it> Thu, 21 January 2016 23:16 UTC
Return-Path: <prvs=28280c8e73=carlo.caini@unibo.it>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 892221B34A9 for <dtn@ietfa.amsl.com>; Thu, 21 Jan 2016 15:16:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.322
X-Spam-Level:
X-Spam-Status: No, score=-2.322 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gb9XUGB-Uk_M for <dtn@ietfa.amsl.com>; Thu, 21 Jan 2016 15:16:27 -0800 (PST)
Received: from mx02.unibo.it (mx02.unibo.it [137.204.24.59]) by ietfa.amsl.com (Postfix) with ESMTP id BC7561B34A6 for <dtn@ietf.org>; Thu, 21 Jan 2016 15:16:26 -0800 (PST)
X-AuditID: 89cc183b-f791c6d00000545c-35-56a166c84fc0
Received: from mail.unibo.it (e10-hc3-dr.unibo.loc [10.11.1.41]) by mx02.unibo.it (UNIBO) with SMTP id 2F.6D.21596.8C661A65; Fri, 22 Jan 2016 00:16:25 +0100 (CET)
Received: from E10-MBX3-DR.personale.dir.unibo.it ([169.254.3.175]) by E10-HC3-DR.personale.dir.unibo.it ([10.11.1.41]) with mapi id 14.03.0224.002; Fri, 22 Jan 2016 00:16:24 +0100
From: Carlo Caini <carlo.caini@unibo.it>
To: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>, "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: BPSEC Request: Removal of BAB blocks
Thread-Index: AdFUixW+1dIZSXgfQ8yvJzAKm+QNQQADDUFw
Date: Thu, 21 Jan 2016 23:16:23 +0000
Message-ID: <FF1750B0EDD9434A98CD71DA0C0357260132FD6F81@E10-MBX3-DR.personale.dir.unibo.it>
References: <01415845337446d58ed9b182a8eea65f@aplex01.dom1.jhuapl.edu>
In-Reply-To: <01415845337446d58ed9b182a8eea65f@aplex01.dom1.jhuapl.edu>
Accept-Language: it-IT, en-US
Content-Language: it-IT
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.12.1.71]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBIsWRmVeSWpSXmKPExsXCxc2oqXsybWGYQethbov2NSwW5zZ9ZXFg 8liy5CeTx935VgFMUdw2SYklZcGZ6Xn6dgncGddap7IVfJKpeHjpHWMD4zTxLkZODgkBE4kr WzYwQdhiEhfurWfrYuTiEBJYwijRe+IMlLODUeLm5f9gVWwCGhIHb11mB7FFBEIlts7oZAWx hQUMJfZ/Os8CETeSWNG6nA3GnnRzPiOIzSKgKvG1vx/M5hWIlni5fTNYr5CAm8Tqc6/BbE4B d4k3s7vBbEYBWYkJuxeB1TMLiEu8mH6CHeJSAYkle84zQ9iiEi8f/2OFsOUkrhxvZoWo15O4 MXUKG4StLbFs4WtmiL2CEidnPmGZwCg6C8nYWUhaZiFpmYWkZQEjyypGseLcdN3i5MQ8I73k Yr3SvMykfL2c/ORNjMBI6TwjYb2DccYFt0OMAhyMSjy8G7UWhgmxJpYVV+YeYpTgYFYS4XVP BQrxpiRWVqUW5ccXleakFh9ilOZgURLnjWtLDBMSSE8sSc1OTS1ILYLJMnFwgnRzSYkUp+al pBYllpZkxIOiNr4YGLdSDYwx/hx/zVK6RV/G/da8ce+FVOieHpZbNwV/eF5e7RQb/XrywYzt N4+ZaHZfyPEyY+f3zZz67OddT+VJK1inOLKV7em6/Oec/p851SmLn253cyub+jnNIatJIHlm f216kt/viZVn3mxSnNh26cPvrd8UNapuHtC5/akhitddz/EsQ23ewet3DjYosRRnJBpqMRcV JwIAFIWzeqsCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/dtn/ptimVXuUYFScAlrIpQ6D_gxahNY>
Subject: Re: [dtn] BPSEC Request: Removal of BAB blocks
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2016 23:16:29 -0000
Dear Ed,
I have a comment on the first point, which also applies to the new draft.
On a DTN node, the bundle layer usually operates on top of Transport, which is on top of Network, which is on top of Data link which is on top of Physical; two consecutive DTN nodes (e.g. A and B) along the path from DTN source to destination identifies one DTN hop. Between A and B you can either have, or not, a number of non-DTN nodes, such as (non-DTN) IP routers. In the former case, which I suppose will be the norm in terrestrial or mixed terrestrial-space applications, you will have, on one single DTN hop, a chain of consecutive links, where one link is by definition between two consecutive IP routers.
This is to say that one link does not generally coincides with one DTN hop, although it may happen.
This could impairs the application of method 1. If you use IP-sec in tunnel mode between consecutive gateways, you could have multiple IP-sec segments on one DTN hop, or just a partial coverage. For example, if you have a GEO sat link in the middle of your DTN hop, you could have IP-sec in tunnel mode between the two gateway PEPs, and no IP-sec coverage outside (on the basis that the sat channel is more exposed to attacks than the terrestrial part).
It seems simpler to apply security at the convergence layer instead, as one DTN hop is usually Transport-to-Transport. In this case, a possible disadvantage is that one node can be connected to other DTN nodes by a variety of different Convergence layers (A with B via LTP, A with C via TCP, and so on). In the case of BAB you need just one key per node, if I am not wrong, while at the convergence layer likely one key for each protocol (I suppose but I am not sure at all).
I have no objections on method 2 and 3 because in both cases they use mechanisms at Bundle layer, which I deem more appropriate dealing with bundle layer security.
I am not a real expert of this topic, so I could likely be wrong. My comments are just an attempt to better understand the problem.
Yours,
Carlo
________________________________________
Da: dtn [dtn-bounces@ietf.org] per conto di Birrane, Edward J. [Edward.Birrane@jhuapl.edu]
Inviato: giovedì 21 gennaio 2016 21.39
A: dtn@ietf.org
Oggetto: [dtn] BPSEC Request: Removal of BAB blocks
All,
At the January telecom, we agreed that BAB blocks can removed from the BPSEC specification and that hop-by-hop authentication can be achieved in (at least) 1 of 3 alternate ways:
1. Rely on lower link layers to provide hop-by-hop authentication
2. Integrity sign with a BIB an ephemeral block between two BPAs, such as the Prior Hop Notification (PHN) block.
3. Design some other user/application related block to contain a hash of some canonical form of the bundle and sign that.
These mechanisms are captured in a draft "security practices" document published as https://tools.ietf.org/html/draft-birrane-dtn-sec-practices-00 in section 4.6 "Hop by Hop Authentication".
ACTION:
Please comment if there is an issue with removing BABs from the BPSEC specification. We can create a new thread to discuss the security practices and whether the alternate mechanisms listed above are the correct ones or if we need others.
-Ed
---
Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839
_______________________________________________
dtn mailing list
dtn@ietf.org
https://www.ietf.org/mailman/listinfo/dtn
- [dtn] BPSEC Request: Removal of BAB blocks Birrane, Edward J.
- Re: [dtn] BPSEC Request: Removal of BAB blocks Carlo Caini