Re: [dtn] BPbis - BPSec requirement
"Birrane, Edward J." <Edward.Birrane@jhuapl.edu> Wed, 29 July 2020 00:55 UTC
Return-Path: <Edward.Birrane@jhuapl.edu>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B179E3A0DCE for <dtn@ietfa.amsl.com>; Tue, 28 Jul 2020 17:55:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jhuapl.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JtUplbtLZHTz for <dtn@ietfa.amsl.com>; Tue, 28 Jul 2020 17:55:47 -0700 (PDT)
Received: from aplegw01.jhuapl.edu (aplegw01.jhuapl.edu [128.244.251.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD14A3A0DBA for <dtn@ietf.org>; Tue, 28 Jul 2020 17:55:36 -0700 (PDT)
Received: from pps.filterd (aplegw01.jhuapl.edu [127.0.0.1]) by aplegw01.jhuapl.edu (8.16.0.42/8.16.0.42) with SMTP id 06T0sJMw133338 for <dtn@ietf.org>; Tue, 28 Jul 2020 20:55:35 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jhuapl.edu; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=JHUAPLDec2018; bh=i7kOlbEHK+8MSQ1wNaMQAAFraBUTqQI1tVEQuzNeRU4=; b=emcHxJaFD7pBbpLwD2363TH4a6wxw+QzARAFLIGJoEat2K/rQoNKb+jpReWu8BoY9JIU LbFF1shBt5BZIfXtibaQJm26qwb2/5gk68EdQM1ehKL9IrGQj1E2crpVledi5dNwT5X+ eSw9gmIS4mPvgbw3RkKLovzJKOhs1NhHY3tGexVWB2b8NEAukVl43N139LQCh4oxkVfY poUhAve2vIPq2J65d4SdLKTdxr+WhfYc/jpRt9RIp7d2D7NLPIQzTVWchFhTpdvvGu/r CUXTEAKM67Gvxka1g7d5yzmvh/5mSjftSQlw2uPXRNXZMnHLI/c6f0Q9Nq+axpfVKk81 7g==
Received: from aplex06.dom1.jhuapl.edu (aplex06.dom1.jhuapl.edu [128.244.198.140]) by aplegw01.jhuapl.edu with ESMTP id 32gmbyjs7c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for <dtn@ietf.org>; Tue, 28 Jul 2020 20:55:34 -0400
X-CrossPremisesHeadersFilteredBySendConnector: APLEX06.dom1.jhuapl.edu
Received: from aplex01.dom1.jhuapl.edu (128.244.198.5) by APLEX06.dom1.jhuapl.edu (128.244.198.140) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 28 Jul 2020 20:55:34 -0400
Received: from aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50]) by aplex01.dom1.jhuapl.edu ([fe80::19f5:dcc5:c696:1a50%25]) with mapi id 15.00.1497.006; Tue, 28 Jul 2020 20:55:34 -0400
From: "Birrane, Edward J." <Edward.Birrane@jhuapl.edu>
To: "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: [dtn] BPbis - BPSec requirement
Thread-Index: AQHWZS4IXZj15mizi0ut+KdMcondDqkduH6g
Date: Wed, 29 Jul 2020 00:55:34 +0000
Message-ID: <00752c43b45a46e8b0b0c1e40b6f8501@aplex01.dom1.jhuapl.edu>
References: <40333D5B-1D33-4E9B-9044-DD4E5F9B5191.ref@antarateknik.com> <40333D5B-1D33-4E9B-9044-DD4E5F9B5191@antarateknik.com>
In-Reply-To: <40333D5B-1D33-4E9B-9044-DD4E5F9B5191@antarateknik.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [128.244.198.168]
Content-Type: multipart/alternative; boundary="_000_00752c43b45a46e8b0b0c1e40b6f8501aplex01dom1jhuapledu_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: APLEX06.dom1.jhuapl.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-28_17:2020-07-28, 2020-07-28 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/sNhENsGajoDfjfJVNRGNoJkMdy0>
Subject: Re: [dtn] BPbis - BPSec requirement
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2020 00:55:50 -0000
I agree that BPSec should be required when using in-bundle security services. I agree that a BPA which does not source, verify, or accept security blocks does not need to implement BPSec. I also note that implementing BPSec is different than implementing every possible security context and/or ciphersuite. I think Section 9.0 of BPbis-26 captures this very well. -Ed Edward J. Birrane, III, Ph.D. Embedded Applications Group Supervisor Principal Staff, Space Exploration Sector Johns Hopkins Applied Physics Laboratory (W) 443-778-7423<tel:(443)%20778-7423> / (F) 443-228-3839<tel:(443)%20228-3839> From: dtn <dtn-bounces@ietf.org> On Behalf Of Mehmet Adalier Sent: Tuesday, July 28, 2020 6:26 PM To: dtn@ietf.org Subject: [EXT] Re: [dtn] BPbis - BPSec requirement APL external email warning: Verify sender dtn-bounces@ietf.org<mailto:dtn-bounces@ietf.org> before clicking links or attachments I agree with Brian’s assessment. From: dtn <dtn-bounces@ietf.org<mailto:dtn-bounces@ietf.org>> on behalf of Brian Sipos <BSipos@rkf-eng.com<mailto:BSipos@rkf-eng.com>> Date: Tuesday, July 28, 2020 at 4:52 AM To: Rick Taylor <rick@tropicalstormsoftware.com<mailto:rick@tropicalstormsoftware.com>>, "dtn@ietf.org<mailto:dtn@ietf.org>" <dtn@ietf.org<mailto:dtn@ietf.org>> Subject: Re: [dtn] BPbis - BPSec requirement All, My opinion is that BPSec should be required in the sense of: When bundle-level security is needed, you must use BPSec instead of some other mechanism with the same or similar scope. This is the same type of qualified requirement used for TLS in TCPCLv4. This requirement steers implementations away from private encodings/behaviors, which is desirable as Rick mentioned in the Monday meeting. ________________________________ From: dtn <dtn-bounces@ietf.org<mailto:dtn-bounces@ietf.org>> on behalf of Rick Taylor <rick@tropicalstormsoftware.com<mailto:rick@tropicalstormsoftware.com>> Sent: Monday, July 27, 2020 09:05 To: dtn@ietf.org<mailto:dtn@ietf.org> <dtn@ietf.org<mailto:dtn@ietf.org>> Subject: [dtn] BPbis - BPSec requirement All, At IETF-108 there was discussion on whether BPbis should require BPSec, and the chairs are interested in discovering the WG consensus on this matter. Please use this thread for your comments. Cheers, Rick & Marc _______________________________________________ dtn mailing list dtn@ietf.org<mailto:dtn@ietf.org> https://www.ietf.org/mailman/listinfo/dtn
- [dtn] BPbis - BPSec requirement Rick Taylor
- Re: [dtn] BPbis - BPSec requirement Marc Blanchet
- Re: [dtn] BPbis - BPSec requirement Brian Sipos
- Re: [dtn] BPbis - BPSec requirement Burleigh, Scott C (US 312B)
- Re: [dtn] BPbis - BPSec requirement ronnybull
- Re: [dtn] BPbis - BPSec requirement Mehmet Adalier
- Re: [dtn] BPbis - BPSec requirement Birrane, Edward J.
- Re: [dtn] BPbis - BPSec requirement Wiethuechter, Adam
- Re: [dtn] BPbis - BPSec requirement Magnus Westerlund