datatracker.ietf.org
Sign in
Version 5.7.1.p2, 2014-10-29
Report a bug

Bundle Security Protocol Specification
RFC 6257

Internet Research Task Force (IRTF)                         S. Symington
Request for Comments: 6257                         The MITRE Corporation
Category: Experimental                                        S. Farrell
ISSN: 2070-1721                                   Trinity College Dublin
                                                                H. Weiss
                                                               P. Lovell
                                                            SPARTA, Inc.
                                                                May 2011

                 Bundle Security Protocol Specification

Abstract

   This document defines the bundle security protocol, which provides
   data integrity and confidentiality services for the Bundle Protocol.
   Separate capabilities are provided to protect the bundle payload and
   additional data that may be included within the bundle.  We also
   describe various security considerations including some policy
   options.

   This document is a product of the Delay-Tolerant Networking Research
   Group and has been reviewed by that group.  No objections to its
   publication as an RFC were raised.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for examination, experimental implementation, and
   evaluation.

   This document defines an Experimental Protocol for the Internet
   community.  This document is a product of the Internet Research Task
   Force (IRTF).  The IRTF publishes the results of Internet-related
   research and development activities.  These results might not be
   suitable for deployment.  This RFC represents the consensus of the
   Delay-Tolerant Networking Research Group of the Internet Research
   Task Force (IRTF).  Documents approved for publication by the IRSG
   are not a candidate for any level of Internet Standard; see Section 2
   of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6257.

Symington, et al.             Experimental                      [Page 1]
RFC 6257                Bundle Security Protocol                May 2011

Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Symington, et al.             Experimental                      [Page 2]
RFC 6257                Bundle Security Protocol                May 2011

Table of Contents

   1. Introduction ....................................................4
      1.1. Related Documents ..........................................4
      1.2. Terminology ................................................5
   2. Security Blocks .................................................8
      2.1. Abstract Security Block ....................................9
      2.2. Bundle Authentication Block ...............................13
      2.3. Payload Integrity Block ...................................15
      2.4. Payload Confidentiality Block .............................16
      2.5. Extension Security Block ..................................20
      2.6. Parameters and Result Fields ..............................21
      2.7. Key Transport .............................................23
      2.8. PIB and PCB Combinations ..................................24
   3. Security Processing ............................................25
      3.1. Nodes as Policy Enforcement Points ........................26
      3.2. Processing Order of Security Blocks .......................26
      3.3. Security Regions ..........................................29
      3.4. Canonicalization of Bundles ...............................31
      3.5. Endpoint ID Confidentiality ...............................37
      3.6. Bundles Received from Other Nodes .........................38
      3.7. The At-Most-Once-Delivery Option ..........................39
      3.8. Bundle Fragmentation and Reassembly .......................40
      3.9. Reactive Fragmentation ....................................41
      3.10. Attack Model .............................................42
   4. Mandatory Ciphersuites .........................................42
      4.1. BAB-HMAC ..................................................42
      4.2. PIB-RSA-SHA256 ............................................43
      4.3. PCB-RSA-AES128-PAYLOAD-PIB-PCB ............................44

[include full document text]