Bundle Protocol Security Specification

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Scott Burleigh <Scott.C.Burleigh@jpl.nasa.gov>, Scott.C.Burleigh@jpl.nasa.gov, The IESG <iesg@ietf.org>, draft-ietf-dtn-bpsec@ietf.org, dtn-chairs@ietf.org, dtn@ietf.org, magnus.westerlund@ericsson.com, rfc-editor@rfc-editor.org
Subject: Protocol Action: 'Bundle Protocol Security Specification' to Proposed Standard (draft-ietf-dtn-bpsec-27.txt)

The IESG has approved the following document:
- 'Bundle Protocol Security Specification'
  (draft-ietf-dtn-bpsec-27.txt) as Proposed Standard

This document is the product of the Delay/Disruption Tolerant Networking
Working Group.

The IESG contact persons are Martin Duke and Magnus Westerlund.

A URL of this Internet Draft is:

Technical Summary

This document defines security features for the Bundle Protocol (BP)
[I-D.ietf-dtn-bpbis] and is intended for use in Delay Tolerant Networks
(DTNs) to provide end-to-end security services. 

The BP might be deployed such that portions of the network cannot be
trusted, posing the usual security challenges related to
confidentiality and integrity. However, the stressed nature of the
BP operating environment imposes unique conditions where usual
transport security mechanisms may not be sufficient. For example,
the store-carry-forward nature of the network may require protecting
data at rest, preventing unauthorized consumption of critical
resources such as storage space, and operating without regular
contact with a centralized security oracle (such as a certificate

An end-to-end security service is needed that operates in all of the
environments where the BP operates. This document defines 
such security services.  

Working Group Summary

bpsec is descended from the Bundle Security Protocol specification documented
in RFC 6257.  That protocol was found to be impractical to implement in some
circumstances; simplifications were developed that were originally termed
"Streamlined Bundle Security Protocol" and then "bpsec" as of the DTN WG
meeting at IETF 94.  Technical discussion of the details of bpsec over the
ensuing 3 years has been lively and well-informed, without sharp controversy.
WG consensus on the draft is strong.

Document Quality

The Interplanetary Overlay Network (ION) open-source implementation of the DTN
architecture includes an implementation of Streamlined Bundle Security
Protocol, which is nearly identical to bpsec.  Marshall Space Flight Center
intends to add a similar implementation to the DTN2 code base.  Early review of
the specification by Dan Harkins (Security Area) was reported at IETF 102
(review-ietf-dtn-bpsec-06-secdir-early-harkins-2018-05-31): the review result
was Has Issues, but it was the sense of the Working Group that no serious
problems were found.


The Document Shepherd is Scott Burleigh.  
The Responsible Area Director is Magnus Westerlund.