[dtn] BPSec interop contexts

Brian Sipos <BSipos@rkf-eng.com> Tue, 24 November 2020 22:01 UTC

Return-Path: <BSipos@rkf-eng.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EB9F3A0DEA for <dtn@ietfa.amsl.com>; Tue, 24 Nov 2020 14:01:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rkf-eng.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U05EKyZAB0a3 for <dtn@ietfa.amsl.com>; Tue, 24 Nov 2020 14:01:02 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-eopbgr750040.outbound.protection.outlook.com [40.107.75.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E70F3A0DE8 for <dtn@ietf.org>; Tue, 24 Nov 2020 14:01:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HSZpCuYtJVrrzHZ3HJohxfpy/ox349E7ac3L1C/TU9dcLx6SHnrXoCxEpRLJScmgxjCx1uKljv6xO71CYJj++uGS/btnX5rGhM94y2shBTI459O+I9MylLBXGF03dw2xQQG2PpYU2bH326617LWkVjMReFTQRV5LPjHO7O9PgXwbg9bdNPqt0R7UOWByVqIPwR0LGEBPRwtd8/Q9HYM2eXyFrOqEjoAWzrx/CN9zGfvCmS2x4INkxrXSQKxj05VzGghUB8G4ZiNQbva7LFo6MRiuLZalNbcLVFma6Z9OZlEHxjJhuj8kV3HXkeDQZ2iesf+ksaaW0Ls8e75CWxfXFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9PVYfpDzePBNXnoclAlBIkRSPI8IbqFNGoaFpR7yOAY=; b=RWFQyI39bKpubGQ5Bev98kTgaMuyhm0zqH319iUuuGvpew+CjbPqKiqRgLr5YMdDud0M8qt80IbRrIC+NLMRV3FdiV5hPxPEgWAt1LBQqQTvitHg+jxh7ePz4wLo73oBLlup6Xt91Gg4YUaCjABsISME+uic0frcZqTFd25vZV/DDfJnMP/OghV3gRjK+1eC8BeFCBZxFg3AsCur5nkc/BRy+0v6j+PwDhOOmz1Z/JqMNlK2dhoTtrTaGjp2eerbbRBL8FUUxB9/1Kw2BgiaehEEccAr8HMJrEPuQVtrMn0Fq6WnzSxf5ixAOIDxSPLtfuWswr+eStTBURiCKnE/gA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkf-eng.com; dmarc=pass action=none header.from=rkf-eng.com; dkim=pass header.d=rkf-eng.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rkf-eng.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9PVYfpDzePBNXnoclAlBIkRSPI8IbqFNGoaFpR7yOAY=; b=fXvI6goUAnERyH/SMks/Ap325M8PmlUubhbBeS1JVtdKgQm8804YGjSbNwSyvPmndR2Pb9yr8GnbnfPNjgvc3gvtNMutSQO+etVFbruK6Ffvg6EwXkW510u6unST8qRR9YQLYhcxuBxlcjfEwmVxMj1kqUhfDGrXSMmyzdUZSDE=
Received: from MN2PR13MB3567.namprd13.prod.outlook.com (2603:10b6:208:168::10) by MN2PR13MB3215.namprd13.prod.outlook.com (2603:10b6:208:13e::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.9; Tue, 24 Nov 2020 22:00:58 +0000
Received: from MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::54f4:962e:10e5:a2e1]) by MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::54f4:962e:10e5:a2e1%7]) with mapi id 15.20.3611.011; Tue, 24 Nov 2020 22:00:58 +0000
From: Brian Sipos <BSipos@rkf-eng.com>
To: "Birrane, Edward J." <edward.birrane@jhuapl.edu>
CC: "dtn@ietf.org" <dtn@ietf.org>
Thread-Topic: BPSec interop contexts
Thread-Index: AQHWwnSVY9PKJ+JqQkiQsbGN9rMAPg==
Date: Tue, 24 Nov 2020 22:00:58 +0000
Message-ID: <MN2PR13MB3567A858102480D24C1B90419FFB0@MN2PR13MB3567.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: jhuapl.edu; dkim=none (message not signed) header.d=none;jhuapl.edu; dmarc=none action=none header.from=rkf-eng.com;
x-originating-ip: [96.241.16.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 09a66dd4-8102-497d-e053-08d890c46c9c
x-ms-traffictypediagnostic: MN2PR13MB3215:
x-microsoft-antispam-prvs: <MN2PR13MB32151D91DBE73127023EF5CD9FFB0@MN2PR13MB3215.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: cvRFlZ/L1ilvdrRGKV6pNMDpVbw7KzuCYglQsxMpZqw4ZHGqMNc+46wLvaM0X4ZIoAD7+Pc9XVhTylfqh0hy5zy8QoIUKSmvdUGEpHRYYR8ipv1cEsSZ/Or93rHS/BIoBMWsVl70E5U36D7yQVHSYzaWDw+2XfhKsea+CNM6WIUPy30YFdAIttC3whbSGW2AvQsljqxxyDPug/wfFfB0HLyu85o52dzrkb6iwpD98vzBWqYQ7Xl8IPF5VQFSViY4T7aUnnGPROMqDItBx6BUSlfg5sH60zWnNlCNeNv11161fTythzDohI2E1EKiTZOzmFa6iG7Vv9D5y4NHpvUGT1L/MU5i/5v+zSOsdC+2KC4PHavAz+D+xgAeARTOMdqqc8Yvig8/KIZViZDM7hMO9Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB3567.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(376002)(39830400003)(366004)(396003)(5660300002)(9686003)(3480700007)(8936002)(8676002)(478600001)(19627405001)(83380400001)(4326008)(55016002)(6506007)(166002)(316002)(86362001)(966005)(2906002)(7116003)(66556008)(6916009)(186003)(33656002)(64756008)(26005)(76116006)(19627235002)(66446008)(71200400001)(52536014)(66476007)(66946007)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: V9LLxfmIVGy4Vv9+YwYo3tsfFAge4Famq4xibMPe40PFDBXKJXbf2bOa6kRvXSJ2wCsN95CLD03wC1u3/dzK+D2pBMrH4VuNFS6FdT22AMjAjySMJS7Ge3Cv5+9zQaenJsTlmRQWf2ttcFM0JsZrPUmjxtbhRsZxmidg2Pyqccz6AAMeR4iWGzU1MBzwquy7TPEdmLxupVlNdhNpVFCUjqn5IuT95FDERDvhdqjmIKyuaoXyTmPjq6m6HoVuXJhFonJnDuGDyeYm08miu/5wq9rAttTjLXnxhCGPDDSZ2Q9KIwUi73iPMJ6DmJA6RFFIrnAZfBei4tXQZXoPYZu87uAG6GyZ7hZD/YWr7sd2RyR7uwX4x++mbQ5TQkJVRNk0gY1Pe8B4gApeF4bGrVg3+wdwZXIqvCD02CEhLkjNXMaRyPZPcWzROWdtMIwVv6tl5BjHM0vkfOhNklQ0QaUAjXN6t+UrLsp4z2KgX0TFF6mPOPCcU4Nfi9/NWclk9zW3KYAwfUISiRukn9S2j8XVMd0gcFBLJNTmkcxdH/hmnaRTEdACJvJeyrCuY/MC4p7khIvO8c7BRSs/LLOwWzPvy1aA810BCYUDhwb1aRDYYv7iF486yhRLOqCRnvhi21OHPP2GQueRaZgEX9YwevxuxMkI414RQz4OcOOOKANV9RNZE/K+duHs0heApyAcEfMN81pKFcb1NabUdJ7DzwLIH3/c7sZn9pfXF/kemcxtDINa75ZtdFS1nept2m2kzPRVkpCF3iSL35GLjtVOCMC3BI3YMSvU9/UPn5WgkwOpXEcH+PHOM6diDB/HVne9jN+v6m6y3UN2buGHAV6JMvbd8o/fPQg/NbrLC3LghAZegmA1qjVKsqReR444KTMYXAWa0KHZOW3ycwjkRs6bUEjtVA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR13MB3567A858102480D24C1B90419FFB0MN2PR13MB3567namp_"
MIME-Version: 1.0
X-OriginatorOrg: rkf-eng.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB3567.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 09a66dd4-8102-497d-e053-08d890c46c9c
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Nov 2020 22:00:58.1676 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4ed8b15b-911f-42bc-8524-d89148858535
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jsB27E0ePe3+Tv8xnQ7jSPyXa5T/bSA+y5F5yRdHR8SZ9y0KoTOuFLhspkPYugqcBzLzHqgN5AmMW7ZKJ74Oww==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3215
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/AFhCHWA3vuZU45cgu0TUBj5XCUM>
Subject: [dtn] BPSec interop contexts
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Nov 2020 22:01:05 -0000

Ed,
While reading through the last draft of [1] and have a few questions:

  1.  For the document subsection breakdown, there is some differences between [1] and the outline in [2]. Which one of these would you consider as the best current template for other contexts regarding terminology (e.g., "scope" vs. "interface")?
  2.  For the interop contexts of [1] I think having AAD for both BIB and BCB are valuable to avoid replay issues. There are now security parameters to control what goes into the AAD with several options. There isn't currently any recommendation on the use of scope flags or any "Security Considerations" subsections discussing the implications of these flags. Do you anticipate that users will want to exclude AAD scope in actual use cases (and accept the replay-attack risk)?
  3.  During example implementation for [3], I defined an "augmented target block" for BCB use which is just the target block with its block-type-specific-data as an empty byte string. In this way the structure of the canonical block is preserved, it's serializable as normal, and avoids having a special canonicalization of the block. But this also includes extraneous fields like the original CRC value (if present). The target block AAD used by [1] defines a different encoding of just the first three fields of the canonical block, which seems like a better alternative. Can we find a consistent name for these "first three fields of a canonical block"?

Thanks for any feedback.

[1] https://tools.ietf.org/html/draft-ietf-dtn-bpsec-interop-sc-02
[2] https://tools.ietf.org/html/draft-birrane-dtn-scot-00
[3] https://tools.ietf.org/html/draft-bsipos-dtn-bpsec-cose-03