Re: [dtn] [EXTERNAL] Benjamin Kaduk's Discuss on draft-ietf-dtn-bpbis-22: (with DISCUSS and COMMENT)

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 10 February 2020 11:07 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D499120131; Mon, 10 Feb 2020 03:07:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NE00E0R-7PkP; Mon, 10 Feb 2020 03:07:32 -0800 (PST)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30076.outbound.protection.outlook.com [40.107.3.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B735D12012D; Mon, 10 Feb 2020 03:07:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZQXo9LCjy2u6n+NTWfBwLsLbsTvMahxkE5GPCjsVXtjRZ4ZtUA1YS56O/8LU9PBkhHPwsCXcN/TBnR3F9el9ebtIYwLjjJRLcX9KGolv4Jc/ELTvi9Vi7cMGflvhvv7wb5AYz2h2sEIMtIAsbjR0/NBqTM3cX2EUzvkwLmDaClgYXlSEkTN0kDbK093DswpXn7Ls0asatyPHZNOsewYRDAykkdXF/H6XiihnJzBH6+3Q/BT+M9eXrhgPOsneXfevkeRMFTnPW64m5bxwsz2I270ifWj7tcEbMZ0pj+LSKBh2sOQWwTkYm+PnlU86ZJMduEFj3e9e5BNljJqk0oO1FA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UUDiXA4b8a7k/MxRkBV2IFzAOvPe1nEaX0ZXHHMJlbw=; b=feH9tG7V64BHO2wzYQ+MyBfPPDmdEPPrYUO5lcRfrHrsm8ZzG/FIzAblr3v1KJwdWERuJBE8pUwD1vS21NZ48JHaAT9nK7VWEAb92uVFTwgrGzcFXnJjN93Rn4wsocdtGfUMgshqjAcMBSAUvPwdMKH8vlImo/DG0b3DFDwuM1YQbSOiHeLO0So5Np7Ii+BxMDzUuI/sCE5BR5vf2eKLsZGGY9iN7ix3qeEDKOPctVencWTZ4Uy8GOzpwrj5CVlGlnUgbQLv7NmORJ5HClBeXL6qCtC6zSq+GgcCTuiM+8xZ5+w4eXGqq1/UB2QafIjjuqFDraxi7jGFXpTC3eLADQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UUDiXA4b8a7k/MxRkBV2IFzAOvPe1nEaX0ZXHHMJlbw=; b=Eo3BTKGvMpHvpomauzbls8hVEjCCW64LCbH96QUjoSqtNp1bpeQ7g2js3x9Xnm74tJnHavnhSk6Um95Xk9T4QrC7slFF4q3ISi3L+xYuOriuEUuTHkKnqv8WbRSoyehojypsq1O+ot+eI+BT7Pl3yfi8RNZoK+6lWIpT9sfnDZc=
Received: from DB7PR07MB4572.eurprd07.prod.outlook.com (52.135.133.12) by DB7PR07MB5863.eurprd07.prod.outlook.com (20.177.193.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2729.14; Mon, 10 Feb 2020 11:07:24 +0000
Received: from DB7PR07MB4572.eurprd07.prod.outlook.com ([fe80::cd9a:187a:90ab:3544]) by DB7PR07MB4572.eurprd07.prod.outlook.com ([fe80::cd9a:187a:90ab:3544%5]) with mapi id 15.20.2707.028; Mon, 10 Feb 2020 11:07:24 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "scott.c.burleigh=40jpl.nasa.gov@dmarc.ietf.org" <scott.c.burleigh=40jpl.nasa.gov@dmarc.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "kaduk@mit.edu" <kaduk@mit.edu>
CC: "draft-ietf-dtn-bpbis@ietf.org" <draft-ietf-dtn-bpbis@ietf.org>, "dtn-chairs@ietf.org" <dtn-chairs@ietf.org>, "dtn@ietf.org" <dtn@ietf.org>, "fred.l.templin@boeing.com" <fred.l.templin@boeing.com>
Thread-Topic: [dtn] [EXTERNAL] Benjamin Kaduk's Discuss on draft-ietf-dtn-bpbis-22: (with DISCUSS and COMMENT)
Thread-Index: AQHV3XGXnhFRdudMRk+xJvn6eYOHdqgUSaKA
Date: Mon, 10 Feb 2020 11:07:24 +0000
Message-ID: <0d0c64c87a1ef89b6bada352182c831f66c279ed.camel@ericsson.com>
References: <158095903452.30594.18160625444164563541.idtracker@ietfa.amsl.com> <803a0379e44449a98c4a3900c2b2a78d@jpl.nasa.gov>
In-Reply-To: <803a0379e44449a98c4a3900c2b2a78d@jpl.nasa.gov>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=magnus.westerlund@ericsson.com;
x-originating-ip: [192.176.1.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 8f7c0793-20b8-4e10-b97f-08d7ae196831
x-ms-traffictypediagnostic: DB7PR07MB5863:
x-microsoft-antispam-prvs: <DB7PR07MB5863519C056D2AC9C8CCD8BC95190@DB7PR07MB5863.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3826;
x-forefront-prvs: 03094A4065
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(346002)(376002)(136003)(39860400002)(366004)(199004)(189003)(2906002)(186003)(6506007)(26005)(44832011)(2616005)(4326008)(8936002)(53546011)(71200400001)(86362001)(5660300002)(6512007)(6486002)(316002)(478600001)(110136005)(81166006)(54906003)(81156014)(8676002)(64756008)(66446008)(36756003)(66556008)(76116006)(91956017)(66476007)(66946007)(66616009); DIR:OUT; SFP:1101; SCL:1; SRVR:DB7PR07MB5863; H:DB7PR07MB4572.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: aixcsFjCcdMMryn7k2sMYNhgBQbyXTVrHT3hhTESDrN5YoTYggchPjRT4bgKM/WmwSgLan0SO4TocOrfOxVFXMLIHLkgyak731U1VCJyGSkhb51lncYkpwMrTc0V9guiSmrnqpYKCefkEZzKijNNGXA4WFA8wVDC7PaYy+bhlKmlzAZMMvVcU2Bk5i/X74gKydpzziujOrv53NuU4q9Dck8cTCIVfDYQa2QxS4FGE3h2+qsujIuR7wCN8+6LEyItim2wBkUkSFnXDbf5FjaD2mbnN7WfMTp24V9eiBrikZAh2uHS+MaeLc3MGgqstOu9hV/yw+GvcDH5hb7ptBINj2CofXNAXCPjtaVU+ovHhRw7+QA7aprX6QU4jhIiUB0ZZYMf6thQ+6yVvCOB5KzIvHZfPrdPEBI395jlNXxKbQ4ie3vfp+KK5TFdEGTp0no5
x-ms-exchange-antispam-messagedata: j6XcgXmNUdmQVzTrU922dff5bRcSVru/xdBdgPQFHS51GnD/mnN7ih1JssfbPaMwKlgt67MVx+f72guhKXGntXgwgxYal9IA5J2RlAORBor7GPatY1f23s5e6G8U58pC9gddkmz8UYK2LLU4pPOg3A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/x-pkcs7-signature"; boundary="=-ffzVvMxd9VF/Ln8FoqHq"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8f7c0793-20b8-4e10-b97f-08d7ae196831
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Feb 2020 11:07:24.0389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: y/Ey/22et+jgNh9LF+WOFFq+qOcowRG1j8Uh8QdzDYcvYQDYtw8zNMJYB5BfM0qkHbqUGOh5zzgqk7pYHUoNQ66WNWQtIG34QC63zvT3Gco=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR07MB5863
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/rjgVF08Dly3vO_Pcfc6xqM-YfaQ>
Subject: Re: [dtn] [EXTERNAL] Benjamin Kaduk's Discuss on draft-ietf-dtn-bpbis-22: (with DISCUSS and COMMENT)
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2020 11:07:33 -0000

Hi,

Some comments and suggestions below regarding the mandatory security and the
relationship of DTN specifications. 

On Fri, 2020-02-07 at 04:46 +0000, Burleigh, Scott C (US 312B) wrote:
> Thanks for the very close reading, Ben.  Responses in-line below.
> 
> -----Original Message-----
> From: Benjamin Kaduk via Datatracker <noreply@ietf.org> 
> Sent: Wednesday, February 5, 2020 7:17 PM
> To: The IESG <iesg@ietf.org>
> Cc: draft-ietf-dtn-bpbis@ietf.org; Fred Templin <fred.l.templin@boeing.com>om>; 
> dtn-chairs@ietf.org; fred.l.templin@boeing.com; dtn@ietf.org
> Subject: [EXTERNAL] Benjamin Kaduk's Discuss on draft-ietf-dtn-bpbis-22: (with
> DISCUSS and COMMENT)
> 
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-dtn-bpbis-22: Discuss
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> I support Roman's Discuss.
> 
> (1) It's not clear to me that we should be defining new (near-)application-
> layer protocols on the standards track without mandatory security
> mechanisms.  Even draft-ietf-dtn-bpsec defines a "BPSec threat model" that is
> largly the same as the RFC 3552 threat model, in which the network is
> completely untrusted and to provide end-to-end communications we must supply
> additional security mechanisms, yet BPSec is not required to implement or
> use.  I could perhaps see room for allowing waypoint nodes that do not act as
> endpoints to remain security-unaware, but the justification for security-
> unaware endpoints seems quite lacking.
> 
> 	The consensus position of the WG, I believe, is that BP may in some
> cases be deployed in closed, highly resource-constrained systems where the
> overhead of implementing, much less using, the security mechanisms would be
> considered both prohibitive and needless.  For such environments, making those
> mechanisms mandatory might result in either non-adoption of the IETF standard
> or adoption of a non-compliant implementation, both undesirable.
> 	The specification can easily be revised to require the implementation of
> BPsec, but I think that shouldn't be done until the WG has reached a revised
> consensus.

Yes, I think this question is important to discuss in the WG. However, I think
so far it has been quite clear that deploying without a security solution in
place is generally a bad idea. So from my perspective BPSec needs to be at least
a SHOULD with a very tightly worded escape clause. I thinka a MUST would be
better. I will note that BPSec will need to have a default to implement crypto
context. I think that is more relevant to profile in some specific deployement
environments if resource constraints is the issue. 

Ben, what are your opinions on these two parts.

a) Having a SHOULD with a tightly worded escape clause or do think a MUST is
required? 

b) Having a default MTI algorithm to implement, but making clear that specific
usages of the protocol may use a profile targeted to their envirionment. However
not having a common MTI can result in non-interoperable islands. I think BPSec-
19 made the need for a algorithm clear. The only addition I would add would be
to point to a specific solution unless you have requirements that says that you
should have another MTI. 


Maybe what is missing in BPBis is a section making it clear what is actually
required to be using BPv7. Becasue at a minimal a secure deployment needs:

Existing in WG drafts
- BPv7
- BPSec
- Crypto Context (crypto algorithm specification)
- Convergence layer(s)

Parts that are not yet adopted as WG items are:
- Addressing and Routing mechanism 
- Key-exchange

However, the WG has clearly shown a desire to work on these parts and some
additional to make this a more usable protocol. The WG has discussed the
following work for an upcoming WG recharter:

Bundle Protocol Additional Blocks
   Bundle-in-Bundle Encapsulation (D)
   Manifes
t block
Neighbor Discovery (X)
Naming and Addressing
   Naming (X)
   Addressing (X)
   Registry of Service Identifiers
Asynchronous Management
   AMA Application Data
Model (ADM) (D)
   Asynchronous Management Protocol (D)
   Asynchronous Management
Protocol Agent ADM (D)
   Various protocol components agent ADM (D)
Security Key
Management (D)
Additional Convergence Layers (X)

Legend:
D an active or recent draft exists on this topic
X RFCs or draft from dtnrg exists on this topic

However, not all components need to be IETF defined. They will be defined by
another body to fit well in their usage. And there will be more IETF defined
componets if we let the WG work on them. However, not publishing the core
components and framework becasue not all parts exists will delay the WG and have
negative impact also on the deployment of the protocol. 

I think the right way for the DTN WG is to get these core specifications
published now, even if there are "missing" components. In the future one can
publsish an updated version of some of the RFCs to point to the relevant
references. 

 
Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Networks, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------