IETF Logo Mail Archive

Re: [dtn] BPbis consensus status

Marc Blanchet <marc.blanchet@viagenie.ca> Thu, 17 September 2020 00:14 UTC

Return-Path: <marc.blanchet@viagenie.ca>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA28C3A135E for <dtn@ietfa.amsl.com>; Wed, 16 Sep 2020 17:14:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=viagenie-ca.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 429fzXAS3SEY for <dtn@ietfa.amsl.com>; Wed, 16 Sep 2020 17:14:22 -0700 (PDT)
Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 179D83A135F for <dtn@ietf.org>; Wed, 16 Sep 2020 17:14:21 -0700 (PDT)
Received: by mail-qk1-x741.google.com with SMTP id w12so459326qki.6 for <dtn@ietf.org>; Wed, 16 Sep 2020 17:14:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=viagenie-ca.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=RMVUCrEb2NVgFuJyB8osI9xZalrzr6xNgOXvTwaaHdQ=; b=ccrYAhtjgNBu+iDVeNrtoaj90AqtaFBfkJaWEUvOW3zLrbPn3JJwJ98zpdf0YZCPtq H7BnzLr5VYOybehP1cNi1Cw0lUigcAM9cncQSMg33rM1sS9UVdCAoOQBa6PaRD9OVO/M NphJh1SlZFCNWgR0UMwqEwqb9t+22YSbHwb+GcPpIYkhjSLA+nSKQimMm6/JXqk2MlXf gtXUddOyuBKtDWDgbOABl0Du2qNHwq8XiizWKXvxY0rWioXQNwWSAAmLO+KbJ5jKl1EJ EwvNOTig6g5oM+elvJ3cUlG1bnYhMiCFgih7YfqZF6Qg42fBfP1bR/0INJqmD032CTVE sAnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RMVUCrEb2NVgFuJyB8osI9xZalrzr6xNgOXvTwaaHdQ=; b=uNOQqrhj+a+Q1eUK38TZAPPloUC+5xwBUfGteVfhP6SvBCuCqutC6N/egfNoHw1ahA 9lRMCy+lgfS/I1xIuBYA+iFV0BeHQOiwJxAEj2hxUKj90GOV1gfCWA9i1yNktHi1pYLX jINpVFtj+YupFitqIfZw2BuXjpNYLyNoONn7petb8c6qJzB+9DyvkuAEyHeu9HPpvd/R gjjzX2mnTepXWPNL8gd4TxI+khI4x0eZjGm5uIG2tLk9c/cYR+ROPGs3uM+9nIt0520R mpjVk3TV1rVrMacAkQOAz5IqUsZo13Xnyr4/yCiVbOJcnRr7b6WDlnYkDwyuf/o8WrBs Wqjw==
X-Gm-Message-State: AOAM5323W5fvrqKH+GMtvWlzlm7+KtgA5yhMDEEDFkHMcZZ48jd69ZSj zumoMRAdpi/qdw4t0M2h4tYgTA==
X-Google-Smtp-Source: ABdhPJyvrMvZsjon/p+c12naGDHTk93k9CT+l+vhWDo8Df2Wb9P1jmJqHFzcABetUfcNiO4mv0cn/g==
X-Received: by 2002:a37:990:: with SMTP id 138mr25344440qkj.53.1600301658009; Wed, 16 Sep 2020 17:14:18 -0700 (PDT)
Received: from [192.168.1.115] (modemcable016.82-162-184.mc.videotron.ca. [184.162.82.16]) by smtp.gmail.com with ESMTPSA id f64sm11055371qkj.124.2020.09.16.17.14.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Sep 2020 17:14:17 -0700 (PDT)
From: Marc Blanchet <marc.blanchet@viagenie.ca>
To: "R. Atkinson" <rja.lists@gmail.com>
Cc: DTN WG <dtn@ietf.org>
Date: Wed, 16 Sep 2020 20:14:15 -0400
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <CEBD7985-410F-4AF4-B367-1B08C99CB38A@viagenie.ca>
In-Reply-To: <ED9CEA8D-3B22-4623-A7F7-F9ACA4C3A071@gmail.com>
References: <34a7886b09d946faa816acbd26700d65@jpl.nasa.gov> <F2B67324-D3F5-4F28-8CC3-207EB607E6EA@viagenie.ca> <ED9CEA8D-3B22-4623-A7F7-F9ACA4C3A071@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/rMqki8yi7pGvRUaXXp5oETgVGeU>
Subject: Re: [dtn] BPbis consensus status
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Sep 2020 00:14:24 -0000

On 16 Sep 2020, at 19:36, R. Atkinson wrote:

>> On Sep 16, 2020, at 15:50, Marc Blanchet <marc.blanchet@viagenie.ca> 
>> wrote:
>>
>> I’m still opposed to have BPSEC be mandatory to implement as I 
>> think the security services can be done within the payload. IP is 
>> currently not secured on the Internet.
>
> For over 25 years now, IP has had IP-layer security in the form of 
> IPsec (ESP & AH).
>
> See RFC-1825 through RFC-1827 to see just how far back IPsec goes.  My 
> team
> demonstrated open-source running code for IPsec in 4.4 BSD in August 
> 1995.[1]
>
> For many years, all IPv6 implementations were required to implement 
> IPsec,
> although I believe that constraint has been lifted recently (LONG 
> AFTER IPsec
> was nearly universally implemented by IPv6 devices and I believe the 
> exemption
> is for tiny IoT devices).
>
> Automated key management (which BPsec does not provide yet) came a bit
> later with RFC-2407, RFC-2408 and RFC-2409.
>
> IPsec BOTH supports end-to-end security and also can support VPN 
> access.
> In practice, IPsec is probably used more with VPNs but it does still 
> support
> end-to-end security.
>
> Virtually every IP-capable device (laptops, paid OSs, free OSs, smart 
> handphones)
> has implemented IPsec for many years now.
>
> While the original goal of IPsec was end-to-end (e.g., host-to-host) 
> security
>
> Whether one uses IPsec is a very different question from whether it is 
> widely
> implemented, just as whether one uses BPsec for a given session is 
> quite
> separate from whether it should be mandatory to implement.

i know all this. been there. done a lot, specially on IPv6. I would love 
to have IP layer security, but that did not happened. What is deployed 
currently is that VPNs are not using IPsec but TLS over UDP. Zero trafic 
of real IPsec end-to-end. Hence my point: current IP stacks are not 
using IPsec.

>
> If security is NOT mandatory-to-implement, then users in practice will 
> not be able
> to use it in situations where they would like to use it.  The deployed 
> Internet
> has over 35 years experience with this operational reality.
>
>> It is within the IP payload (TLS) that security services are applied.
>
> Security services are offered at MANY layers in the deployed Internet.

right, the first one in the stack (from bottom to up) is TLS over 
TCP/UDP. reality now.

>
> TLS is far from being the only game in town.  I discuss IPsec above,
> but there are numerous other mandatory security capabilities both
> within TCP and below.
>
> Routing protocols have had built-in cryptographic security (e.g., 
> RFC-2082 et seq
> for RIP; RFC-2178 et seq for OSPFv2; RFC-2385 eq seq for BGP) for over 
> 20 years.
> Even newer routing protocols such as BABEL have been required to have
> cryptographic authentication (e.g., RFC-7298).

ok. that is the control plane. fine by me.

>
>> I want a fully conformant BP implementation to ship without BPSec and 
>> without any specific use case (e.g. forwarding vs non-forwarding). 
>> However, I expect many use cases to require security, but again, in 
>> those cases, it can be accomplished within the payload, not at the BP 
>> level.
>
> I am open to hear what you have to say, but right now it is FAR from 
> obvious to me
>
> (a) precisely what you mean by “accomplished within the payload”,
>
> (b) where that specification is documented,
>
> or (c) how you propose that [hypothetical] security service would be 
> mandated.
>

to me, security (i.e. auth/encryption) makes only sense at the transport 
layer (in the IP sense), since the application making the socket know 
and can enforce the security services it needs, including taking care of 
the key management. At the IP layer, it is not available to the 
application. Moreover, IPsec may only occur within some parts of the 
network, so the application does not have the ability to enforce full 
end-to-end encryption for example.  Back to BP, I see again that BPsec 
does not provide that facility to the application and does not warrant 
complete end-to-end security with the requirements the application 
wants/need.

> Over 35 years of deployed Internet experience all says that security 
> won’t be
> available in practice if it isn’t mandatory to implement.

we (I was involved a lot in IPv6, so…) tried hard to make IPsec 
mandatory for IPv6. I was one deeply involved in IPv6 and pushing IPsec, 
but it just did not happen. We failed.

> I doubt BP can get
> through the IETF approval processes without mandatory-to-implement 
> security
> of some sort in a standards-track RFC.

I’m fine with having security mandatory to implement, but not at the 
BP layer (e.g. BPSec). That is what I’m saying. I’m not against 
BPsec, on the contrary, I’m just saying that it should not be 
mandatory to implement for all BP implementations and that security can 
be handled higher in the stack.

Regards, Marc.

>
> Yours,
>
> Ran
>
> [1] 
> "https://www.usenix.org/legacy/publications/library/proceedings/sd96/atkinson.html"
>
> _______________________________________________
> dtn mailing list
> dtn@ietf.org
> https://www.ietf.org/mailman/listinfo/dtn

v2.23.0 | Report a Bug | By Email