Bundle Protocol Security Specification
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Scott Burleigh <Scott.C.Burleigh@jpl.nasa.gov>, Scott.C.Burleigh@jpl.nasa.gov, The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'Bundle Protocol Security Specification' to Proposed Standard (draft-ietf-dtn-bpsec-27.txt) The IESG has approved the following document: - 'Bundle Protocol Security Specification' (draft-ietf-dtn-bpsec-27.txt) as Proposed Standard This document is the product of the Delay/Disruption Tolerant Networking Working Group. The IESG contact persons are Martin Duke and Magnus Westerlund. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dtn-bpsec/
Technical Summary This document defines security features for the Bundle Protocol (BP) [I-D.ietf-dtn-bpbis] and is intended for use in Delay Tolerant Networks (DTNs) to provide end-to-end security services. The BP might be deployed such that portions of the network cannot be trusted, posing the usual security challenges related to confidentiality and integrity. However, the stressed nature of the BP operating environment imposes unique conditions where usual transport security mechanisms may not be sufficient. For example, the store-carry-forward nature of the network may require protecting data at rest, preventing unauthorized consumption of critical resources such as storage space, and operating without regular contact with a centralized security oracle (such as a certificate authority). An end-to-end security service is needed that operates in all of the environments where the BP operates. This document defines such security services. Working Group Summary bpsec is descended from the Bundle Security Protocol specification documented in RFC 6257. That protocol was found to be impractical to implement in some circumstances; simplifications were developed that were originally termed "Streamlined Bundle Security Protocol" and then "bpsec" as of the DTN WG meeting at IETF 94. Technical discussion of the details of bpsec over the ensuing 3 years has been lively and well-informed, without sharp controversy. WG consensus on the draft is strong. Document Quality The Interplanetary Overlay Network (ION) open-source implementation of the DTN architecture includes an implementation of Streamlined Bundle Security Protocol, which is nearly identical to bpsec. Marshall Space Flight Center intends to add a similar implementation to the DTN2 code base. Early review of the specification by Dan Harkins (Security Area) was reported at IETF 102 (review-ietf-dtn-bpsec-06-secdir-early-harkins-2018-05-31): the review result was Has Issues, but it was the sense of the Working Group that no serious problems were found. Personnel The Document Shepherd is Scott Burleigh. The Responsible Area Director is Magnus Westerlund.