Bundle Security Protocol Specification
RFC 6257
Document | Type |
RFC - Experimental
(May 2011; Errata)
Was draft-irtf-dtnrg-bundle-security (dtnrg RG)
|
|
---|---|---|---|
Last updated | 2015-10-14 | ||
Stream | IRTF | ||
Formats | plain text pdf html bibtex | ||
Stream | IRTF state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 6257 (Experimental) | |
Telechat date | |||
Responsible AD | Sean Turner | ||
IESG note | IRTF submission. Elwyn Davies (elwynd@dial.pipex.com) is the document shepherd. | ||
Send notices to | elwynd@dial.pipex.com |
Internet Research Task Force (IRTF) S. Symington Request for Comments: 6257 The MITRE Corporation Category: Experimental S. Farrell ISSN: 2070-1721 Trinity College Dublin H. Weiss P. Lovell SPARTA, Inc. May 2011 Bundle Security Protocol Specification Abstract This document defines the bundle security protocol, which provides data integrity and confidentiality services for the Bundle Protocol. Separate capabilities are provided to protect the bundle payload and additional data that may be included within the bundle. We also describe various security considerations including some policy options. This document is a product of the Delay-Tolerant Networking Research Group and has been reviewed by that group. No objections to its publication as an RFC were raised. Status of This Memo This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation. This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Research Task Force (IRTF). The IRTF publishes the results of Internet-related research and development activities. These results might not be suitable for deployment. This RFC represents the consensus of the Delay-Tolerant Networking Research Group of the Internet Research Task Force (IRTF). Documents approved for publication by the IRSG are not a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6257. Symington, et al. Experimental [Page 1] RFC 6257 Bundle Security Protocol May 2011 Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Symington, et al. Experimental [Page 2] RFC 6257 Bundle Security Protocol May 2011 Table of Contents 1. Introduction ....................................................4 1.1. Related Documents ..........................................4 1.2. Terminology ................................................5 2. Security Blocks .................................................8 2.1. Abstract Security Block ....................................9 2.2. Bundle Authentication Block ...............................13 2.3. Payload Integrity Block ...................................15 2.4. Payload Confidentiality Block .............................16 2.5. Extension Security Block ..................................20 2.6. Parameters and Result Fields ..............................21 2.7. Key Transport .............................................23 2.8. PIB and PCB Combinations ..................................24 3. Security Processing ............................................25 3.1. Nodes as Policy Enforcement Points ........................26 3.2. Processing Order of Security Blocks .......................26 3.3. Security Regions ..........................................29 3.4. Canonicalization of Bundles ...............................31 3.5. Endpoint ID Confidentiality ...............................37 3.6. Bundles Received from Other Nodes .........................38 3.7. The At-Most-Once-Delivery Option ..........................39 3.8. Bundle Fragmentation and Reassembly .......................40 3.9. Reactive Fragmentation ....................................41 3.10. Attack Model .............................................42 4. Mandatory Ciphersuites .........................................42 4.1. BAB-HMAC ..................................................42 4.2. PIB-RSA-SHA256 ............................................43 4.3. PCB-RSA-AES128-PAYLOAD-PIB-PCB ............................44 4.4. ESB-RSA-AES128-EXT ........................................48 5. Key Management .................................................51Show full document text