BPSec Default Security Contexts
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Scott.C.Burleigh@jpl.nasa.gov, The IESG <firstname.lastname@example.org>, Zaheduzzaman.Sarker@ericsson.com, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'BPSec Default Security Contexts' to Proposed Standard (draft-ietf-dtn-bpsec-default-sc-11.txt) The IESG has approved the following document: - 'BPSec Default Security Contexts' (draft-ietf-dtn-bpsec-default-sc-11.txt) as Proposed Standard This document is the product of the Delay/Disruption Tolerant Networking Working Group. The IESG contact persons are Zaheduzzaman Sarker and Martin Duke. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dtn-bpsec-default-sc/
Technical Summary The Bundle Protocol Security Protocol (BPSec) [I-D.ietf-dtn-bpsec] specification defines bundle integrity and confidentiality operations for networks deploying the Bundle Protocol (BP) [I-D.ietf-dtn-bpbis]. BPSec defines BP extension blocks to carry security information produced under the auspices of one or more security contexts. This document defines default integrity and confidentiality security contexts that can be used with implementations of the Bundle Protocol Security Protocol (BPSec). These security contexts can be used for both testing the interoperability of BPSec implementations and for providing basic security operations when no other security contexts are defined or otherwise required for a network. This document defines two security contexts (one for an integrity service and one for a confidentiality service) for populating BPSec Block Integrity Blocks (BIBs) and Block Confidentiality Blocks (BCBs). Working Group Summary The present document is the product of one year of active discussions on the DTN WG mailing list, beginning with questions raised by Area Directors during the initial IESG review of the BPSec specification in early 2020. In particular, it was noted that a published default security context would be required for interoperability among BPSec implementations, both for conformance testing and also for operational use under some circumstances. Constraints on this interoperability security context emerged from productive email exchanges over recent months, and at this point no aspects of the specification are controversial. The present document is cited as a normative reference in the BPSec specification. Document Quality No implementations of the default BPSec security context are known to exist yet. Significant issues were identified by Mehmet Adalier (Antara Teknik) during Working Group Last Call; these issues were addressed in draft-ietf-dtn-bpsec-default-sc-01. It is the sense of the Working Group that the document has no serious problems. Personnel The Document Shepherd is Scott Burleigh. The Responsible Area Director is Zaheduzzaman Sarker.