From david.a.zoller@nasa.gov Fri May 10 08:05:01 2013 Return-Path: X-Original-To: dtn-security@ietfa.amsl.com Delivered-To: dtn-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF33F21F8B2B for ; Fri, 10 May 2013 08:05:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGZKE64TnOSw for ; Fri, 10 May 2013 08:04:55 -0700 (PDT) Received: from ndjsnpf03.ndc.nasa.gov (ndjsnpf03.ndc.nasa.gov [IPv6:2001:4d0:a302:1100::103]) by ietfa.amsl.com (Postfix) with ESMTP id 5B78521F8B54 for ; Fri, 10 May 2013 08:04:52 -0700 (PDT) Received: from ndmsppt103.ndc.nasa.gov (NDMSPPT103.ndc.nasa.gov [198.117.0.68]) by ndjsnpf03.ndc.nasa.gov (Postfix) with ESMTP id EA0FC2D8040 for ; Fri, 10 May 2013 10:04:51 -0500 (CDT) Received: from ndmshub02.ndc.nasa.gov (ndmshub02-pub.ndc.nasa.gov [198.117.0.161]) by ndmsppt103.ndc.nasa.gov (8.14.5/8.14.5) with ESMTP id r4AF4pNT008241 for ; Fri, 10 May 2013 10:04:51 -0500 Received: from NDMSSCC05.ndc.nasa.gov ([198.117.2.175]) by ndmshub02.ndc.nasa.gov ([198.117.2.161]) with mapi; Fri, 10 May 2013 10:04:51 -0500 From: "Zoller, David A. (MSFC-EO50)[HOSC SERVICES CONTRACT]" To: dtn-security Date: Fri, 10 May 2013 10:04:49 -0500 Thread-Topic: BSP mutable canonicalization of CBHE Thread-Index: Ac5NjSKhKlX5lVhbTO6In/E8TlBZPA== Message-ID: <04E3D99A62496240BCD6A576813E6E31E0C71676EC@NDMSSCC05.ndc.nasa.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_04E3D99A62496240BCD6A576813E6E31E0C71676ECNDMSSCC05ndcn_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-05-10_04:2013-05-10, 2013-05-10, 1970-01-01 signatures=0 Subject: [dtn-security] BSP mutable canonicalization of CBHE X-BeenThere: dtn-security@irtf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2013 15:05:01 -0000 --_000_04E3D99A62496240BCD6A576813E6E31E0C71676ECNDMSSCC05ndcn_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Noticed while looking through the new DTN2 ciphersuite code... Is there a specification of the BSP mutable canonicalization of a primary h= eader in Compressed Bundle Header Encoding format (RFC 6260)? Would you generate the string "ipn::" and use th= at for the EIDs and lengths? And use "dtn:none" for the case where the offsets are both zero? Thanks, DZ --_000_04E3D99A62496240BCD6A576813E6E31E0C71676ECNDMSSCC05ndcn_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Noticed w= hile looking through the new DTN2 ciphersuite code…=

Is there a specification of the BSP mutable= canonicalization of a primary header in Compressed Bundle Header Encoding = format (RFC 6260)?

Would y= ou generate the string “ipn:<scheme offset>:<ssp offset>&= #8221; and use that for the EIDs and lengths?

And use “dtn:none” for the case where the o= ffsets are both zero?

T= hanks,

DZ

= --_000_04E3D99A62496240BCD6A576813E6E31E0C71676ECNDMSSCC05ndcn_-- From scott.c.burleigh@jpl.nasa.gov Fri May 10 08:26:02 2013 Return-Path: X-Original-To: dtn-security@ietfa.amsl.com Delivered-To: dtn-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D208D21F8521 for ; Fri, 10 May 2013 08:26:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.598 X-Spam-Level: X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nibhJy3n1ksq for ; Fri, 10 May 2013 08:25:56 -0700 (PDT) Received: from mail.jpl.nasa.gov (sentrion2.jpl.nasa.gov [128.149.139.106]) by ietfa.amsl.com (Postfix) with ESMTP id 6234E21F81FE for ; Fri, 10 May 2013 08:25:54 -0700 (PDT) Received: from mail.jpl.nasa.gov (ap-ehub-sp02.jpl.nasa.gov [128.149.137.149]) by smtp.jpl.nasa.gov (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r4AFPrsx008417 (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits) verified NO); Fri, 10 May 2013 08:25:53 -0700 Received: from AP-EMBX-SP40.RES.AD.JPL ([169.254.7.50]) by ap-ehub-sp02.RES.AD.JPL ([fe80::dd85:7b07:1e36:7e3c%15]) with mapi id 14.02.0342.003; Fri, 10 May 2013 08:25:53 -0700 From: "Burleigh, Scott C (313B)" To: "Zoller, David A. (MSFC-EO50)[HOSC SERVICES CONTRACT]" , dtn-security Thread-Topic: BSP mutable canonicalization of CBHE Thread-Index: Ac5NjSKhKlX5lVhbTO6In/E8TlBZPAABGsPA Date: Fri, 10 May 2013 15:25:52 +0000 Message-ID: References: <04E3D99A62496240BCD6A576813E6E31E0C71676EC@NDMSSCC05.ndc.nasa.gov> In-Reply-To: <04E3D99A62496240BCD6A576813E6E31E0C71676EC@NDMSSCC05.ndc.nasa.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [128.149.137.26] Content-Type: multipart/alternative; boundary="_000_A5BEAD028815CB40A32A5669CF737C3B235CACE0apembxsp40RESAD_" MIME-Version: 1.0 X-Source-Sender: scott.c.burleigh@jpl.nasa.gov X-AUTH: Authorized Subject: Re: [dtn-security] BSP mutable canonicalization of CBHE X-BeenThere: dtn-security@irtf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2013 15:26:02 -0000 --_000_A5BEAD028815CB40A32A5669CF737C3B235CACE0apembxsp40RESAD_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Interesting question, David. I would say there's no problem, though, becau= se the CBHE specification says that (formally) the compression happens at t= he convergence layer, after the bundle has been queued for forwarding. All= of the BSP signing and encryption procedures should already have been perf= ormed prior to this time - i.e., on the original uncompressed bundle - when= all EIDs still existed in string form to support canonicalization. Scott From: dtn-security-bounces@irtf.org [mailto:dtn-security-bounces@irtf.org] = On Behalf Of Zoller, David A. (MSFC-EO50)[HOSC SERVICES CONTRACT] Sent: Friday, May 10, 2013 8:05 AM To: dtn-security Subject: [dtn-security] BSP mutable canonicalization of CBHE Noticed while looking through the new DTN2 ciphersuite code... Is there a specification of the BSP mutable canonicalization of a primary h= eader in Compressed Bundle Header Encoding format (RFC 6260)? Would you generate the string "ipn::" and use th= at for the EIDs and lengths? And use "dtn:none" for the case where the offsets are both zero? Thanks, DZ --_000_A5BEAD028815CB40A32A5669CF737C3B235CACE0apembxsp40RESAD_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Interesting question, Dav= id. I would say there’s no problem, though, because the CBHE sp= ecification says that (formally) the compression happens at the convergence layer, after the bundle has been queued for forwarding. All of the B= SP signing and encryption procedures should already have been performed pri= or to this time – i.e., on the original uncompressed bundle – w= hen all EIDs still existed in string form to support canonicalization.

<= /p>

Scott

<= /p>

From: dtn-secu= rity-bounces@irtf.org [mailto:dtn-security-bounces@irtf.org] On Behalf Of Zoller, David A. (MSFC-EO50)[HOSC SERVICES CONTRACT] Sent: Friday, May 10, 2013 8:05 AM
To: dtn-security
Subject: [dtn-security] BSP mutable canonicalization of CBHE

Noticed while looking thr= ough the new DTN2 ciphersuite code…

Is there a specification = of the BSP mutable canonicalization of a primary header in Compressed Bundl= e Header Encoding format (RFC 6260)?

Would you generate the st= ring “ipn:<scheme offset>:<ssp offset>” and use tha= t for the EIDs and lengths?

And use “dtn:none&#= 8221; for the case where the offsets are both zero?

Thanks,

DZ

--_000_A5BEAD028815CB40A32A5669CF737C3B235CACE0apembxsp40RESAD_-- From david.a.zoller@nasa.gov Fri May 10 10:55:35 2013 Return-Path: X-Original-To: dtn-security@ietfa.amsl.com Delivered-To: dtn-security@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF0821F86D8 for ; Fri, 10 May 2013 10:55:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUBG3A5ETxIS for ; Fri, 10 May 2013 10:55:29 -0700 (PDT) Received: from ndmsnpf02.ndc.nasa.gov (ndmsnpf02.ndc.nasa.gov [IPv6:2001:4d0:8302:1100::102]) by ietfa.amsl.com (Postfix) with ESMTP id 4E2E921F86DD for ; Fri, 10 May 2013 10:55:28 -0700 (PDT) Received: from ndmsppt104.ndc.nasa.gov (NDMSPPT104.ndc.nasa.gov [198.117.0.69]) by ndmsnpf02.ndc.nasa.gov (Postfix) with ESMTP id 53844D0043; Fri, 10 May 2013 12:55:24 -0500 (CDT) Received: from ndmshub05.ndc.nasa.gov (ndmshub05.ndc.nasa.gov [198.117.2.164]) by ndmsppt104.ndc.nasa.gov (8.14.5/8.14.5) with ESMTP id r4AHtO7v013154; Fri, 10 May 2013 12:55:24 -0500 Received: from NDMSSCC05.ndc.nasa.gov ([198.117.2.175]) by ndmshub05.ndc.nasa.gov ([198.117.2.164]) with mapi; Fri, 10 May 2013 12:55:24 -0500 From: "Zoller, David A. (MSFC-EO50)[HOSC SERVICES CONTRACT]" To: "Burleigh, Scott C (JPL-313B)[Jet Propulsion Laboratory]" , dtn-security Date: Fri, 10 May 2013 12:55:23 -0500 Thread-Topic: BSP mutable canonicalization of CBHE Thread-Index: Ac5NjSKhKlX5lVhbTO6In/E8TlBZPAABGsPAAAM/VlA= Message-ID: <04E3D99A62496240BCD6A576813E6E31E0C7167843@NDMSSCC05.ndc.nasa.gov> References: <04E3D99A62496240BCD6A576813E6E31E0C71676EC@NDMSSCC05.ndc.nasa.gov> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_04E3D99A62496240BCD6A576813E6E31E0C7167843NDMSSCC05ndcn_" MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8626, 1.0.431, 0.0.0000 definitions=2013-05-10_04:2013-05-10, 2013-05-10, 1970-01-01 signatures=0 Subject: Re: [dtn-security] BSP mutable canonicalization of CBHE X-BeenThere: dtn-security@irtf.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2013 17:55:35 -0000 --_000_04E3D99A62496240BCD6A576813E6E31E0C7167843NDMSSCC05ndcn_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Agreed. I believe this may have uncovered a non-conformant implementation o= f 6260 in DTN2. The CBHE is done at the block processing level instead of t= he CLA and in the receive processing does not re-create the uncompressed pr= imary block needed for BSP validation. Thanks and I'll investigate further, DZ From: Burleigh, Scott C (313B) [mailto:scott.c.burleigh@jpl.nasa.gov] Sent: Friday, May 10, 2013 10:26 AM To: Zoller, David A. (MSFC-EO50)[HOSC SERVICES CONTRACT]; dtn-security Subject: RE: BSP mutable canonicalization of CBHE Interesting question, David. I would say there's no problem, though, becau= se the CBHE specification says that (formally) the compression happens at t= he convergence layer, after the bundle has been queued for forwarding. All= of the BSP signing and encryption procedures should already have been perf= ormed prior to this time - i.e., on the original uncompressed bundle - when= all EIDs still existed in string form to support canonicalization. Scott From: dtn-security-bounces@irtf.org [= mailto:dtn-security-bounces@irtf.org] On Behalf Of Zoller, David A. (MSFC-E= O50)[HOSC SERVICES CONTRACT] Sent: Friday, May 10, 2013 8:05 AM To: dtn-security Subject: [dtn-security] BSP mutable canonicalization of CBHE Noticed while looking through the new DTN2 ciphersuite code... Is there a specification of the BSP mutable canonicalization of a primary h= eader in Compressed Bundle Header Encoding format (RFC 6260)? Would you generate the string "ipn::" and use th= at for the EIDs and lengths? And use "dtn:none" for the case where the offsets are both zero? Thanks, DZ --_000_04E3D99A62496240BCD6A576813E6E31E0C7167843NDMSSCC05ndcn_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Agreed. I= believe this may have uncovered a non-conformant implementation of 6260 in= DTN2. The CBHE is done at the block processing level instead of the CLA an= d in the receive processing does not re-create the uncompressed primary blo= ck needed for BSP validation.

Thanks and I’ll investigate further,

=

DZ

From:= Bur= leigh, Scott C (313B) [mailto:scott.c.burleigh@jpl.nasa.gov]
Sent: Friday, May 10, 2013 10:26 AM
To: Zoller, David A. (MSFC-EO50)= [HOSC SERVICES CONTRACT]; dtn-security
Subject: RE: BSP mutable c= anonicalization of CBHE

Interesting question, D= avid. I would say there’s no problem, though, because the CBHE = specification says that (formally) the compression happens at the convergen= ce layer, after the bundle has been queued for forwarding. All of the= BSP signing and encryption procedures should already have been performed p= rior to this time – i.e., on the original uncompressed bundle –= when all EIDs still existed in string form to support canonicalization.

=
Scott

<= span style=3D'font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From: = dtn-security-bounces@irtf.= org [mailto:dtn-securi= ty-bounces@irtf.org] On Behalf Of Zoller, David A. (MSFC-EO50)[H= OSC SERVICES CONTRACT]
Sent: Friday, May 10, 2013 8:05 AM
T= o: dtn-security
Subject: [dtn-security] BSP mutable canonical= ization of CBHE
=
Noticed while looking through t= he new DTN2 ciphersuite code…
Is there a specification of the BSP mutable canonicalization of a= primary header in Compressed Bundle Header Encoding format (RFC 6260)?
Would you generate the string= “ipn:<scheme offset>:<ssp offset>” and use that fo= r the EIDs and lengths?
An= d use “dtn:none” for the case where the offsets are both zero?<= o:p>
Thanks,
DZ
= --_000_04E3D99A62496240BCD6A576813E6E31E0C7167843NDMSSCC05ndcn_--