IETF Logo Mail Archive

Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02

"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Wed, 14 April 2021 12:39 UTC

Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD923A0D00 for <dtn@ietfa.amsl.com>; Wed, 14 Apr 2021 05:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ryMu8xP3-GJn for <dtn@ietfa.amsl.com>; Wed, 14 Apr 2021 05:39:29 -0700 (PDT)
Received: from aplegw02.jhuapl.edu (aplegw02.jhuapl.edu [128.244.251.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 876273A0CFE for <dtn@ietf.org>; Wed, 14 Apr 2021 05:39:29 -0700 (PDT)
Received: from pps.filterd (aplegw02.jhuapl.edu [127.0.0.1]) by aplegw02.jhuapl.edu (8.16.0.43/8.16.0.43) with SMTP id 13ECXndd092755; Wed, 14 Apr 2021 08:39:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=JHUAPLDec2018; bh=F6m6YQFdGDYRlC0Eqy2P+wPL1rsKVOgmG/WcsJwER4Y=; b=lTmUlipmSQkr5DCOH1+JVaaSrMIj+d/hgStA9J9Z+Dz+avPf9Qj4ws82A9TI/y787Tzt QrlHek+EjqnokwChI3ms74PTqt5P98trgot2e9KFVCdDxPIB1VfjIPxsg+xOsLwgYMJt VI7y5MUQQyewfrW5Cj3h7SHLgrWJe5GxnXbHdXEsA27X9Rq2VJgc4TNYV9S2Q67ZC2XR WQxtPwxJQL2QhjhXEPKdcK797d/mNJKaELuhrOBQL0kvxX66eV/xix+PalB22rVeFXyb yKZlvpmd2fj4VafG+J2EkQWBUyqFv860tszRfNke2fvSvpMCexHAkBdYGY1fp+Xsiq+i NA==
Received: from aplex05.dom1.jhuapl.edu (aplex05.dom1.jhuapl.edu [128.244.198.135]) by aplegw02.jhuapl.edu with ESMTP id 37wdgd8xte-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 14 Apr 2021 08:39:26 -0400
X-CrossPremisesHeadersFilteredBySendConnector: aplex05.dom1.jhuapl.edu
Received: from aplex01.dom1.jhuapl.edu (128.244.198.5) by aplex05.dom1.jhuapl.edu (128.244.198.135) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 14 Apr 2021 08:39:25 -0400
Received: from aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50]) by aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50%25]) with mapi id 15.00.1497.012; Wed, 14 Apr 2021 08:39:25 -0400
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: Rick Taylor <rick@tropicalstormsoftware.com>, "zaheduzzaman.sarker@ericsson.com" <zaheduzzaman.sarker@ericsson.com>, "dtn@ietf.org" <dtn@ietf.org>
CC: "magnus.westerlund@ericsson.com" <magnus.westerlund@ericsson.com>
Thread-Topic: AD review of draft-ietf-dtn-bpsec-default-sc-02
Thread-Index: AQHXH1vax7LWSJVgGEW7LhnHV51gYaqaUmZQgAOJLQCACcDOsIAD56AAgABZGoCACDoLcA==
Date: Wed, 14 Apr 2021 12:39:24 +0000
Message-ID: <20e4815e2e9e479c8d11f78695e4b05f@aplex01.dom1.jhuapl.edu>
References: <EAF9AEEC-B28E-48AC-BE47-1DAD6FA3609B@ericsson.com> <7b1238eb22fa41cd826548c5a53f2e42@aplex01.dom1.jhuapl.edu> <1663F867-DB26-4B00-B341-EAE4AB84D39B@ericsson.com> <38A5475DE83986499AEACD2CFAFC3F9801F5A55580@tss-server1.home.tropicalstormsoftware.com> <D0F15504-4889-4ADF-BD74-DFB82D1C4F6A@ericsson.com> <01fde9bd754f4578f6e81b10e8b22dea77de89c4.camel@tropicalstormsoftware.com>
In-Reply-To: <01fde9bd754f4578f6e81b10e8b22dea77de89c4.camel@tropicalstormsoftware.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.244.198.169]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OrganizationHeadersPreserved: aplex05.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.761 definitions=2021-04-14_07:2021-04-14, 2021-04-14 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/qYydwVBlCswF9Mqe3jC06oOknwg>
Subject: Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 12:39:34 -0000

Rick, Zahed,

  Yes, that works for me. My apologies that I did not see this comment before posting a -04.  

  I am sure we will be producing a -05 in time and would include those statements in that version.

-Ed


---
Edward J. Birrane, III, Ph.D.
Embedded Applications Group Supervisor
Space Exploration Sector
Johns Hopkins Applied Physics Laboratory
(W) 443-778-7423 / (F) 443-228-3839
  

> -----Original Message-----
> From: Rick Taylor <rick@tropicalstormsoftware.com>
> Sent: Friday, April 09, 2021 4:00 AM
> To: zaheduzzaman.sarker@ericsson.com; dtn@ietf.org; Birrane, Edward J.
> <Edward.Birrane@jhuapl.edu>
> Cc: magnus.westerlund@ericsson.com
> Subject: [EXT] Re: AD review of draft-ietf-dtn-bpsec-default-sc-02
> 
> APL external email warning: Verify sender rick@tropicalstormsoftware.com
> before clicking links or attachments
> 
> Hi Zahed,
> 
> Okay.. I agree there is value in recording that key management is a potential
> source of complication, and the detail isn't covered in this document.
> 
> @Ed: Does that work for you?
> 
> Cheers,
> 
> Rick
> 
> 
> On Thu, 2021-04-08 at 23:40 +0000, Zaheduzzaman Sarker wrote:
> > Hello Rick,
> >
> > Thanks for the pointers. I have skimmed through the IETF100 minutes
> > but could not really find notes on key management discussion. I
> > certainly found the decision behind separate sec context document.
> > So, that was somewhat helpful to get the context.
> >
> > Now, if the WG has a consensus that "this limitation is appropriate
> > for now
> >     > for this default security context and the DTN WG is looking to
> > determine
> >     > delay-tolerant key management strategies in the future." As
> > mentioned by Edward in his response.
> > I think the bpsec-default-sc document should describe the potential
> > issues due to lack of proper key management and explain why this
> > limitation is OK for default security context. Basically recording
> > that the WG is aware of issues and has well thought decision for
> > default security context.
> >
> >
> > BR
> > Zahed
> >
> > On 2021-04-06, 16:08, "Rick Taylor" <rick@tropicalstormsoftware.com>
> > wrote:
> >
> >     Hi Zahed,
> >
> >     Just as a bit of clarification to your point re Key Management.
> >
> >     The working group has discussed key management a couple of times
> > (IETF-100 in particular) and there is at least one proposed solution,
> > however the rough consensus of the group is that this topic is tricky
> > to get right in a couple of paragraphs in either BPSec or in this
> > document (which we intend to be as short and simple as possible), and
> > therefore it would be better to not attempt a lose definition before
> > the WG has a firmer view on best practice, and have to update these
> > documents.
> >
> >     To that end, Key Management as a work item for the group is a firm
> > proposal for the re-chartering, and there seems to be sufficient
> > interest and excitement in the group to get it done.
> >
> >     References: IETF-100 minutes and mailing list - I can't find a
> > single obvious thread on the mailing list unfortunately.
> >
> >     Cheers,
> >
> >     Rick
> >
> >     > -----Original Message-----
> >     > From: dtn [mailto:dtn-bounces@ietf.org] On Behalf Of
> > Zaheduzzaman Sarker
> >     > Sent: 31 March 2021 08:07
> >     > To: Birrane, Edward J.; dtn@ietf.org
> >     > Cc: Magnus Westerlund
> >     > Subject: Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-
> > sc-02
> >     >
> >     > Hi Edward,
> >     >
> >     > Thanks for the update. The -03 version addresses most of the
> > comments and
> >     > concerns.
> >     >
> >     > See my further comments inline below with [ZS].
> >     >
> >     > BR
> >     > Zahed
> >     >
> >     > On 2021-03-29, 05:43, "Birrane, Edward J."
> > <Edward.Birrane@jhuapl.edu>
> >     > wrote:
> >     >
> >     >
> >     >     > * It would be good for the user of this document to
> > capture the reason
> >     >     > behind selecting HMAC-SHA and AES-GCM in respective
> > overview section
> >     >     > (section 3.1 and section 4.1).
> >     >
> >     >     C3: Agreed. I have added reasons for selection in 3.1 and
> > 4.1 in the -03
> >     > version.
> >     >
> >     > [ZS] Thanks, this is a good addition.
> >     >
> >     > In section 4.1 :
> >     >
> >     > The BCB-AES-GCM security context shall have the security context
> >     >      identifier specified in Section 5.1.
> >     >
> >     > is this "shall" should be a "MUST" as described in Section 3.1?
> >     >
> >     >
> >     >     > * Section 3.3.2 and Section 3.5 :
> >     >     > It seems like some sort of key-id might be required to
> > resolve
> >     >     > this. The BPsec does not define any generic key-id and it
> > is neither
> >     > defined
> >     >     > here. It might become an issue for interoperability.
> >     >
> >     >     C5: Agreed this might become an issue for interoperability.
> > For example, if
> >     > the policies for requiring security operations differ on
> > different nodes there
> >     > may be interop problems. Similarly, if the policies for key
> >     > generation/communication differ on different nodes, there may be
> > interop
> >     > problems. The DTNWG consensus was this limitation is appropriate
> > for now
> >     > for this default security context and the DTN WG is looking to
> > determine
> >     > delay-tolerant key management strategies in the future.
> >     >
> >     > [ZS] Ok,  is this consensus documented somewhere? Meeting notes
> > or email
> >     > thread or whatever?
> >     >
> >     >
> >     >
> >     >     > * Section 4.3.2 :
> >     >     >      Does this "security policy" refers to local security
> > policy?
> >     >
> >     >     C15: Yes.  Security policy at the source, verifier, or
> > acceptor is meant to
> >     > imply the local security policy at the node.
> >     >
> >     > [ZS] Ok, then clearly stating that helps. It was clearly mention
> > in the other
> >     > place(s).
> >     >
> >     >
> >     >     > * Section 6.3
> >     >     >
> >     >     >      To me this security considerations for fragmentation
> > belongs to BPsec
> >     > as
> >     >     > the main technical issues on fragmentation are described
> > there.
> >     >
> >     >     C17: I would support removing the fragmentation section from
> > this
> >     > document and including it in some other broader-scoped document
> > on DTN
> >     > security, though perhaps not the BPSec document itself because
> > the issues
> >     > with fragmentation can extend beyond the insertion and handling
> > of security
> >     > blocks.
> >     >
> >     > [ZS] I don't think removing the fragmentation section from this
> > document to
> >     > some other document actually helps. This is a very important
> > aspect of the
> >     > security context and I think it is better to be decisive about
> > it now. If moved
> >     > to BPSec then other documents , specially security context
> > documentation,
> >     > can just refer to it. The question really is, where does it make
> > more sense put
> >     > there it is in line with the context of the content of the
> > document? Right now
> >     > I see that is BPsec.
> >     >
> >     >
> >     >     > I would also like to draw attention to the SECART review
> > (Thanks to the
> >     >     > SECART team and Christian Huitema) proposing test vectors
> > to mitigate
> >     >     > interoperability issue pointed out by the reviewer. This
> > seems like a good
> >     >     > proposal to include in this specification.
> >     >
> >     >
> >     >     C18: Agreed and grateful for the review! As mentioned in my
> > comments to
> >     > the SECART review and similar to C17 above, I think that example
> > encodings
> >     > are a very useful concept, but would ultimately be useful at
> > showing bundle
> >     > structure and security block structure. Rather than repeating
> > such encodings
> >     > in all future security context documents, I propose the DTN WG
> > consider the
> >     > best way to produce this broader-scope documentation.
> >     >
> >     > [ZS] I see the test vectors related to the applicability of the
> > this document
> >     > hence this need to be considered well. Failing to assure
> > interoperability
> >     > actually undermine the intention of this document, hence any
> > tools to help
> >     > achieving that goal is worth putting effort into. Also we need
> > to make sure
> >     > the test vector is actually usable by more than one
> > implementation.  I would
> >     > be happy if DTN WG comes up with a best way forward here.
> >     >
> >     >
> >     >
> >     > _______________________________________________
> >     > dtn mailing list
> >     > dtn@ietf.org
> >     > https://www.ietf.org/mailman/listinfo/dtn
> >

v2.23.0 | Report a Bug | By Email