IETF Logo Mail Archive

Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02

Mehmet Adalier <madalier@antarateknik.com> Wed, 12 May 2021 22:52 UTC

Return-Path: <madalier@antarateknik.com>
X-Original-To: dtn@ietfa.amsl.com
Delivered-To: dtn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20E6C3A17BD for <dtn@ietfa.amsl.com>; Wed, 12 May 2021 15:52:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ib_j0qZXeGci for <dtn@ietfa.amsl.com>; Wed, 12 May 2021 15:52:28 -0700 (PDT)
Received: from sonic313-26.consmr.mail.gq1.yahoo.com (sonic313-26.consmr.mail.gq1.yahoo.com [98.137.65.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BB5F3A17B4 for <dtn@ietf.org>; Wed, 12 May 2021 15:52:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620859947; bh=WcjHSe1uGeBqA1AP1m+On6lVeTZINHjGPQpUat0RUis=; h=Date:Subject:From:To:CC:References:In-Reply-To:From:Subject:Reply-To; b=JwW1Y70Nm17GsMtPBjp2tDi7GThe+NOGoIA3x2mKDjI9/LHSwHIAJ8OrAj69yGLSxD/G9LpWgBgq9HXAIZ5/pluB0pIUX9ivGEuywk17B4dy5v3bmVhIiEjfCRuEsn0YjYIfpKBipe5nOLsdtToyQY6rGcgwMcg7VhPyu0U42I0pmqHS/P2UW5buTWrv7P5M4RCFJOpt4xmWVUbMULdupjI9ir6zTd8YkUiWcrxwEVrm8DbZPYZZUTq2g8CG+FehzfPbB0NneQ/Ky0W3PI7fusYJGD8ER/kemcLvnGPEbvUcQtiK1uyuirlpjg4lQYpMSc/hZEKqvpVHkdWsjSp3pA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1620859947; bh=4fMlCkzfOi9uWOR0xpavWOBKgCj5V222pBeJZHQbM73=; h=X-Sonic-MF:Date:Subject:From:To:From:Subject; b=CLichxIHtgsRRQecatkDdrmnqzK0+FBGBpm4TBRyAKLbQTGx4d8aoJE8pvr7/7wZFmwT1IWg3JN+OU32s5zAZeGZIR9bhHZre/nWkNuKcFCnoZYscwkInpZHEVzrVP4QQ8uIs6w/PX0myX1beyxgd8Lp5U7aOcW2gMg73GRNLYMAfED7oBHQDrLCZlvBnNPCEaQLPjS2weAeOabu/5oz9lrPtK6KSFZlOxuqL2zABP9v1JCrcGoX1D0xRZMTxRLZNvbzYGwzrXGLEypf6742V+UwPmkJgs9osFxMmuRUAYJQJaQEVx5XlAm2aCp2oXI2dBw4rIPxRP5Z9LprkXbE1g==
X-YMail-OSG: C.D0kr4VM1lKNQqzZa0hru.8OS4YTS8QrJMqKzch3prcpIhKWqw1QGYVJFuTE2B SZU0AmanXtni5G6Zc6gIbBLX9s4vRnPSr1knChJHLTK5qj99m._GuS7EEwgsG5sEiDRGpQ7iltiv frSB4yi14.iouECFj7so5zz6z4BlTdYeLf8IM6DnxUOkdJBp8UsgGHg950vUVk9uEVry.Vj5P5Ky 4a9NwrnwYllQA7ggAr2A1e35RVIWNclnhOBZXOHM_x5YORm4xnlWhaU4Fm8Yr1zce6qIALSZxlp. vbSTcjHLq_Fx8f4af1u7gJL9fpx7xJhr9ZgREo6e8XSmYP49p1XQBikri3aydNsxisVIOEDZa6nA mhvid1wuRzTJUGzhyl3HlkYEv35D9QIxdHmsRCoZv0iF3c7zwWuut7eQq2PXUh6POYsc8lVLPpNx Nb7S32XpHyR0w9QJ30oU1uJX9WhxtRQT4X7s2a3rUALWHpABzy0kQvGjAbysRvNt9kDrBb7ezY7M TkxmCrw3uzzKKIGRhH_.AZoLOIywRS1Vh0sWxfVk2OTithe9Am1DIsse5KqF7OVFjbt3SkCrKid6 e2kJ69smK70f.YerwIcerJCFyikVOMT_DdhI3.UcoifLyh_JYAClYAchBg.VHa2QYqc9FPQx9fYB DJcp3tSjVD0R7chTYS2KiLRl_8_M.fzsR3ZzOZ_daJeFZkM1or87zd6gaHhS2kSjbXFgtUxVzowD wI101LtZ5oelpVIAPD1O3zEbIT6S5Ne81zDACjN9emNuw58buh3DyvTSHUD3d9xeu5RnXzzyw4uU KKzykpEQ7yKbd2gAR36L1FjAEp674Xrfwy5gfQ8XgaP5n40hAjyKg2ydVxvvLqIja10PdPqIJVew KvR32Ic._HKFJd9k6yVV334rwMlXKRXrQdg49dh82U_zEcd9Y2F4MbLSmnTDj7xlc9huGwVzAMhm h5wHlIbo_WRsj3.Lt4xu1yAhpG9W0dpbiPtNvW44u73uxYC7Tw9gxNjo4o4oKSTAnPMqpCtt4ZZr dmJgoFWwxeHAeyUzwNML1Ckm_g6ZAdWOTFf3wiy520iDZRydoojDB94mO6zjq42WapgWSJBDkSBo v3eIrS2XRWxEhAzgh7yApfPMfDufOfNnJpqre54TO0O_40AWuRap4vPz8gzBKsAj1etn6drAScaC jha06vbSROrmQYu4Ikwfa_yODJIs1ZDsO3Fz5_aDyW9iO.hPcPTNciePb2Sevx32N_mokDLR9vWs NkfaWVZ7qlYJEWzwqj00kHiVymPuvkyUP720htXKxlc_fHkV0V1G_ryT92XNyzIYjvVFrok1cO.P 60FfUI1AmK3XsUwGMkcnU1guF5Zo74IQdcRNwbqfkNqk.FNJcjd0GoJ0rU0yuQa6rB_cA8JOErSc wpixcOZJvtOUQHyAIIcStBHposkHWT2INR9xCV6DIObi4wWZdC0drd4gvjlxCgh.B119cZyqRnbs YSbko0U8sMSfn3R1AgCdatqJDkKlaEZyhTE1UQ6cXvv42cryLkff7ogEqgp.ea1zT6jb2aI4TQ9v iY.3Jy43uy6fFUb5ihd_wJh6.XFDa6garH.GQ1tqQOpqgemoAUDT0z6xvKxJk9zexFKQS1_xmEsa FfBQbQgADYpf4NVT1qQbnvX2eux22_znOsq7EIhK2V_rigclxO_ybY6yDKcfYkD1Iah33KAeto2Q gu2bfv9pEkNACI9AnPdkAZma3TwuYJh0OBJWuGM7uMWsSBnZvAcw8cOk1f3ORAfQnVk.jGH2qPa6 6yDSr28pnR1yFiFWsSFrnI2mleUX5b6D6uwDdBXGVXBETlFUW_HU.vlGRUgutSYgj8ZXNUUJ4FBg AA1eH80fF85PHeYM6Ijf_srn0WaL6nCTcEsSI26Ucb10pN1KEQa3_rVUu7jUaIEKyjK6GJpeQkCb jPKXvzUZ27DgMXtn655iR4RIj2wtvnqA4a8VAh6VpuYCgFoD3z5kxO8LitWmEYc5eZ.JMqMP214I KKQySAtnuDvi5UQoep2RAcCJw55Wb_JY8ZsUD4jzW2ZAv1EsCR_zeI21lhsDcSkuu.iuE4h_nv5p APWjy3H7RoWobJsIp7RnVKEHgQTIRELO4HaWNPM05g86rhiM5sFWbFUkAras1X9tafh1loqnU8cv 17MR0CFjaoJtE5KiedN2iQbnB7s9WRxKozjLiOdwUlGt4L4zOX22xhyXZcnGqkXnv2htSMaatllT GG4MRcDNsGDPd6.5.EcvG2RKM2M0vXmsN6nIRyKcv61thJtrN0LtynyoA8vfPDBh4nhxyv9N3ggM mastc15tHqds_wjI7RwkcjW4glSo1_TT7xzJ5tRtHhEQPrcGU6Hstc8X7mDo2imUfWld43Zbqiyp tbQKQcWJ3NRfZ.lTYhCPt3dEceKjeOP38LsS61HYJQNGiyBsu4t2S1HjrL6ucLuYoCfudZzChDw8 GIX6S3np2kA7GTIRaQYmpUULCDSpmouhN5BQXIGVHyelG0J637lTpK8cPe4BiG94SlSwu6kbhCOX toBhg8kaapryBYhv6kkANvpl5dcZsLF80Gkhex7wVHlmi_V7c6O1OGSq87ktUZiG_4uRdw4rqIce gsk34Eqnsc5nFCLwtOvRD_wqd7y_BrLpRqhqZkliu1k_Zy4VKNIjA
X-Sonic-MF: <madalier@antarateknik.com>
Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.gq1.yahoo.com with HTTP; Wed, 12 May 2021 22:52:27 +0000
Received: by kubenode524.mail-prod1.omega.ne1.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 2cf4301ea47b1bf1f1772ff495911066; Wed, 12 May 2021 22:52:24 +0000 (UTC)
User-Agent: Microsoft-MacOutlook/16.47.21031401
Date: Wed, 12 May 2021 15:52:20 -0700
From: Mehmet Adalier <madalier@antarateknik.com>
To: Martin Duke <martin.h.duke@gmail.com>, dtn@ietf.org
CC: Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Message-ID: <50836CDA-DF4D-460D-928D-2C756095A00E@antarateknik.com>
Thread-Topic: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02
References: <CAM4esxRUTi+iLki95x6gRzaN7KfXr72bicKRrLxf=3_No8-PSQ@mail.gmail.com>
In-Reply-To: <CAM4esxRUTi+iLki95x6gRzaN7KfXr72bicKRrLxf=3_No8-PSQ@mail.gmail.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3703679543_1719684848"
X-Mailer: WebService/1.1.18291 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Apache-HttpAsyncClient/4.1.4 (Java/16)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dtn/wvDKKYPadR97_THMQOSthprkX8U>
Subject: Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02
X-BeenThere: dtn@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Delay Tolerant Networking \(DTN\) discussion list at the IETF." <dtn.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dtn>, <mailto:dtn-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dtn/>
List-Post: <mailto:dtn@ietf.org>
List-Help: <mailto:dtn-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dtn>, <mailto:dtn-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 22:52:33 -0000

Dear Martin,

I am not the author but please see a couple of answers below:

 

From: dtn <dtn-bounces@ietf.org> on behalf of Martin Duke <martin.h.duke@gmail.com>
Date: Wednesday, May 12, 2021 at 2:42 PM
To: <dtn@ietf.org>
Cc: Zaheduzzaman Sarker <zaheduzzaman.sarker@ericsson.com>
Subject: Re: [dtn] AD review of draft-ietf-dtn-bpsec-default-sc-02

 

Hello DTN,

 

As Zahed is still on medical leave, I have conducted a partial review of draft-ietf-dtn-bpsec-default-sc-06 to check that it fully complies with the outcome of his AD review. I apologize for any errors due to my insufficient context -- I have not read the entire draft yet.

 

(3.3.2) I appreciate the new Key Management section, but I don't want to lose part of Zahed's original review -- does the key wrapping [AES-KW] include enough metadata that the receiver can select the correct cipher and key to use without having to do trial decryption?

mA>>If one implements the AES-KW as indicated in the referenced NIST SP800, there should be no interop issues (i.e., no need to do a trial decryption). The AES-KW cipher and any “metadata” are pre-determined, but one can use either 128 or 256-bit keys.

 

(3.3.3) IMO the discussion about a registry for Integrity Scope Flags petered out with a clear resolution -- are the authors of the opinion that use of more of these flags is simply inconceivable? A registry would provide guidelines for how to assign more of these in future.

 

(4.1) In item (3), it states "The use of the Galois/Counter Mode produces cipher-text with the
       same size as the plain text". My understanding of GCM is that there is a 128 or 256 bit authentication tag appended to it that makes the whole of the cipher text larger than the plaintext.  Is this a semantic thing, am I wrong, or are you wrong? 

mA>>The Authentication Tag is not considered as part of the ciphertext. With BPsec the tag is stored separate from the ciphertext. On receiving a ciphertext +tag, the AES-GMC process includes calculating the Authentication Tag on the ciphertext and comparing it to the received Tag, which is separate from the decryption algorithm.

 

(6.1) I fear that you successfully scrubbed sc-02 for lower-case normative words, but then added new stuff here. Specifically:

 

"must be able to perform the following activities"

"This may include pre-sharing of key encryption keys"

 

Please verify that these should not be capitalized.

 

Regards,

Martin

 

 

 

_______________________________________________ dtn mailing list dtn@ietf.org https://www.ietf.org/mailman/listinfo/dtn

v2.23.0 | Report a Bug | By Email