| rfc9172v4.txt | rfc9172.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) E. Birrane, III | Internet Engineering Task Force (IETF) E. Birrane, III | |||
| Request for Comments: 9172 K. McKeever | Request for Comments: 9172 K. McKeever | |||
| Category: Standards Track JHU/APL | Category: Standards Track JHU/APL | |||
| ISSN: 2070-1721 November 2021 | ISSN: 2070-1721 January 2022 | |||
| Bundle Protocol Security (BPSec) | Bundle Protocol Security (BPSec) | |||
| Abstract | Abstract | |||
| This document defines a security protocol providing data integrity | This document defines a security protocol providing data integrity | |||
| and confidentiality services for the Bundle Protocol (BP). | and confidentiality services for the Bundle Protocol (BP). | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at line 30 ¶ | skipping to change at line 30 ¶ | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | |||
| Internet Standards is available in Section 2 of RFC 7841. | Internet Standards is available in Section 2 of RFC 7841. | |||
| Information about the current status of this document, any errata, | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | and how to provide feedback on it may be obtained at | |||
| https://www.rfc-editor.org/info/rfc9172. | https://www.rfc-editor.org/info/rfc9172. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2021 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Revised BSD License text as described in Section 4.e of the | include Revised BSD License text as described in Section 4.e of the | |||
| Trust Legal Provisions and are provided without warranty as described | Trust Legal Provisions and are provided without warranty as described | |||
| skipping to change at line 1339 ¶ | skipping to change at line 1339 ¶ | |||
| associated with non-operational user data or test data. | associated with non-operational user data or test data. | |||
| * When a status report containing a security reason code is only | * When a status report containing a security reason code is only | |||
| sent for security issues associated with non-operational security | sent for security issues associated with non-operational security | |||
| contexts, or security contexts using non-operational | contexts, or security contexts using non-operational | |||
| configurations, such as test keys. | configurations, such as test keys. | |||
| Security reason codes are assigned in accordance with Section 11.2 | Security reason codes are assigned in accordance with Section 11.2 | |||
| and are as described below. | and are as described below. | |||
| Missing Security Operation: | Missing security operation: | |||
| This reason code indicates that a bundle was missing one or | This reason code indicates that a bundle was missing one or | |||
| more required security operations. This reason code is | more required security operations. This reason code is | |||
| typically used by a security verifier or security acceptor. | typically used by a security verifier or security acceptor. | |||
| Unknown Security Operation: | Unknown security operation: | |||
| This reason code indicates that one or more security operations | This reason code indicates that one or more security operations | |||
| present in a bundle cannot be understood by the security | present in a bundle cannot be understood by the security | |||
| verifier or security acceptor for the operation. For example, | verifier or security acceptor for the operation. For example, | |||
| this reason code may be used if a security block references an | this reason code may be used if a security block references an | |||
| unknown security context identifier or security context | unknown security context identifier or security context | |||
| parameter. This reason code should not be used for security | parameter. This reason code should not be used for security | |||
| operations for which the node is not a security verifier or | operations for which the node is not a security verifier or | |||
| security acceptor; there is no requirement that all nodes in a | security acceptor; there is no requirement that all nodes in a | |||
| network understand all security contexts, security context | network understand all security contexts, security context | |||
| parameters, and security services for every bundle in a | parameters, and security services for every bundle in a | |||
| network. | network. | |||
| Unexpected Security Operation: | Unexpected security operation: | |||
| This reason code indicates that a receiving node is neither a | This reason code indicates that a receiving node is neither a | |||
| security verifier nor a security acceptor for at least one | security verifier nor a security acceptor for at least one | |||
| security operation in a bundle. This reason code should not be | security operation in a bundle. This reason code should not be | |||
| seen as an error condition: not every node is a security | seen as an error condition: not every node is a security | |||
| verifier or security acceptor for every security operation in | verifier or security acceptor for every security operation in | |||
| every bundle. In certain networks, this reason code may be | every bundle. In certain networks, this reason code may be | |||
| useful in identifying misconfigurations of security policy. | useful in identifying misconfigurations of security policy. | |||
| Failed Security Operation: | Failed security operation: | |||
| This reason code indicates that one or more security operations | This reason code indicates that one or more security operations | |||
| in a bundle failed to process as expected for reasons other | in a bundle failed to process as expected for reasons other | |||
| than misconfiguration. This may occur when a security-source | than misconfiguration. This may occur when a security-source | |||
| is unable to add a security block to a bundle. This may occur | is unable to add a security block to a bundle. This may occur | |||
| if the target of a security operation fails to verify using the | if the target of a security operation fails to verify using the | |||
| defined security context at a security verifier. This may also | defined security context at a security verifier. This may also | |||
| occur if a security operation fails to be processed without | occur if a security operation fails to be processed without | |||
| error at a security acceptor. | error at a security acceptor. | |||
| Conflicting Security Operations: | Conflicting security operation: | |||
| This reason code indicates that two or more security operations | This reason code indicates that two or more security operations | |||
| in a bundle are not conformant with the BPSec specification and | in a bundle are not conformant with the BPSec specification and | |||
| that security processing was unable to proceed because of a | that security processing was unable to proceed because of a | |||
| BPSec protocol violation. | BPSec protocol violation. | |||
| 8. Security Considerations | 8. Security Considerations | |||
| Given the nature of DTN applications, it is expected that bundles may | Given the nature of DTN applications, it is expected that bundles may | |||
| traverse a variety of environments and devices that each pose unique | traverse a variety of environments and devices that each pose unique | |||
| security risks and requirements on the implementation of security | security risks and requirements on the implementation of security | |||
| skipping to change at line 1929 ¶ | skipping to change at line 1929 ¶ | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object | |||
| Representation (CBOR)", STD 94, RFC 8949, | Representation (CBOR)", STD 94, RFC 8949, | |||
| DOI 10.17487/RFC8949, December 2020, | DOI 10.17487/RFC8949, December 2020, | |||
| <https://www.rfc-editor.org/info/rfc8949>. | <https://www.rfc-editor.org/info/rfc8949>. | |||
| [RFC9171] Burleigh, S., Fall, K., and E. Birrane, III, "Bundle | [RFC9171] Burleigh, S., Fall, K., and E. Birrane, III, "Bundle | |||
| Protocol Version 7", RFC 9171, DOI 10.17487/RFC9171, | Protocol Version 7", RFC 9171, DOI 10.17487/RFC9171, | |||
| November 2021, <https://www.rfc-editor.org/info/rfc9171>. | January 2022, <https://www.rfc-editor.org/info/rfc9171>. | |||
| [RFC9173] Birrane, III, E., "BPSec Default Security Contexts", | [RFC9173] Birrane, III, E., White, A., and S. Heiner, "Default | |||
| RFC 9173, DOI 10.17487/RFC9173, November 2021, | Security Contexts for Bundle Protocol Security (BPSec)", | |||
| RFC 9173, DOI 10.17487/RFC9173, January 2022, | ||||
| <https://www.rfc-editor.org/info/rfc9173>. | <https://www.rfc-editor.org/info/rfc9173>. | |||
| 12.2. Informative References | 12.2. Informative References | |||
| [RFC4838] Cerf, V., Burleigh, S., Hooke, A., Torgerson, L., Durst, | [RFC4838] Cerf, V., Burleigh, S., Hooke, A., Torgerson, L., Durst, | |||
| R., Scott, K., Fall, K., and H. Weiss, "Delay-Tolerant | R., Scott, K., Fall, K., and H. Weiss, "Delay-Tolerant | |||
| Networking Architecture", RFC 4838, DOI 10.17487/RFC4838, | Networking Architecture", RFC 4838, DOI 10.17487/RFC4838, | |||
| April 2007, <https://www.rfc-editor.org/info/rfc4838>. | April 2007, <https://www.rfc-editor.org/info/rfc4838>. | |||
| [RFC6257] Symington, S., Farrell, S., Weiss, H., and P. Lovell, | [RFC6257] Symington, S., Farrell, S., Weiss, H., and P. Lovell, | |||
| End of changes. 9 change blocks. | ||||
| 10 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||