<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 18px; font-family: Calibri, sans-serif;">
<div>
<div>
<div>I hope this actually went out… I did send it out before today (the one below is itself a resend).</div>
<div><br>
</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>—keith</div>
<div><br>
</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>"Scott, Keith L."<br>
<span style="font-weight:bold">Date: </span>Tuesday, June 30, 2015 at 8:09 AM<br>
<span style="font-weight:bold">To: </span>Stephen Farrell, "<a href="mailto:sis-dtn@mailman.ccsds.org">sis-dtn@mailman.ccsds.org</a>", "Sheehe, Charles J. (GRC-LCA0)"<br>
<span style="font-weight:bold">Cc: </span>Gian Calzolari, David Israel, Howie Weiss, Tomaso de Cola, Scott Burleigh, Jason Soloff, Leigh Torgerson, Edward Birrane, "<a href="mailto:dtn@ietf.org">dtn@ietf.org</a>"<br>
<span style="font-weight:bold">Subject: </span>Re: [Sis-dtn] SIS-DTN Security Discussion<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-family: Calibri, sans-serif; font-size: 18px; color: rgb(0, 0, 0);">
<div>
<div>
<div>Absolutely. They are, and that’s a pretty big concern. We’ve been using Ed as a point of contact into the IETF work but I’ll cc the list.</div>
<div><br>
</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>—keith</div>
<div>
<div id="">
<div><br>
</div>
<div>
<div style="font-family: 'Times New Roman'; font-size: 16px;">Next round of security discussion: Tuesday June 30, 1600 EDT.</div>
<div style="font-family: 'Times New Roman'; font-size: 16px;"><br>
</div>
<blockquote style="font-family: 'Times New Roman'; font-size: 16px; margin: 0px 0px 0px 40px; border: none; padding: 0px;">
<span style="color: rgb(51, 51, 51); font-family: 'segoe ui'; widows: 1; background-color: rgb(255, 255, 255);">Join Lync Meeting</span>
<div id="inviteLink" style="color: rgb(51, 51, 51); padding: 0px; margin: 0px; border: 0px; font-family: 'segoe ui'; widows: 1; background-color: rgb(255, 255, 255);">
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__meet.mitre.org_kscott_OLAP75H0&d=BQMGaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=dT3K0y3n0RD9-56k-UVMPMP98PIQRd2Kzfa-AwqQOww&m=rM1YSuQd-se9TeXwUPoXeI7pRNcxGEohsICXSRfqHs0&s=hL_T7qylOWKDKwIhGkpXbd1jCGAr1dciALGQzwsicE0&e=" target="_blank" style="padding: 0px; margin: 0px; border: 0px; color: rgb(10, 150, 190); font-size: 14px;">https://meet.mitre.org/kscott/OLAP75H0[meet.mitre.org]</a></div>
<br style="padding: 0px; margin: 0px; border: 0px; color: rgb(51, 51, 51); font-family: 'segoe ui'; widows: 1; background-color: rgb(255, 255, 255);">
<div id="dynamicMeetingDetails" style="padding: 0px; margin: 0px; border: 0px; font-family: 'segoe ui'; widows: 1;">
<div id="dynamicMeetingDetailsContent" style="padding: 0px; margin: 0px; border: 0px;">
<div id="enableForPhoneAccess1" style="padding: 0px; margin: 0px; border: 0px;"><label target="_blank" style="color: rgb(51, 51, 51); background-color: rgb(255, 255, 255); padding: 0px; margin: 0px; border: 0px;">Join by phone</label>
<div id="invitePhone" dir="ltr" style="color: rgb(51, 51, 51); background-color: rgb(255, 255, 255); padding: 0px; margin: 0px; border: 0px; font-size: 14px;">
+1 (781) 271-2020<br style="padding: 0px; margin: 0px; border: 0px;">
+1 (703) 983-2020</div>
<div id="findLocalNo" style="color: rgb(51, 51, 51); background-color: rgb(255, 255, 255); padding: 0px; margin: 0px; border: 0px;">
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__dialin.mitre.org_&d=BQMGaQ&c=Nwf-pp4xtYRe0sCRVM8_LWH54joYF7EKmrYIdfxIq10&r=dT3K0y3n0RD9-56k-UVMPMP98PIQRd2Kzfa-AwqQOww&m=rM1YSuQd-se9TeXwUPoXeI7pRNcxGEohsICXSRfqHs0&s=uvK6LVeLzl9sbz5oGgfTAx1vQBEO1xMzOLnwBhoZtHc&e=" target="_blank" style="padding: 0px; margin: 0px; border: 0px; color: rgb(10, 150, 190); font-size: 14px;">Find
a local number[dialin.mitre.org]</a></div>
<br style="padding: 0px; margin: 0px; border: 0px;">
<div style="color: rgb(51, 51, 51); background-color: rgb(255, 255, 255); padding: 0px; margin: 0px; border: 0px;">
Conference ID:<span id="confId" style="padding: 0px; margin: 0px; border: 0px;">69969900</span></div>
<div><span style="padding: 0px; margin: 0px; border: 0px;"><br>
</span></div>
</div>
</div>
</div>
</blockquote>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
<div><br>
</div>
<div>On 6/30/15, 5:40 AM, "Stephen Farrell" <<a href="mailto:stephen.farrell@cs.tcd.ie">stephen.farrell@cs.tcd.ie</a>> wrote:</div>
<div><br>
</div>
<blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;">
<div><br>
</div>
<div>Hi all,</div>
<div><br>
</div>
<div>Seems like a reasonable set of discussions to have. The only</div>
<div>thing I'd ask is that you sync up with the IETF DTNWG who may</div>
<div>also be working on this topic, but perhaps with slightly</div>
<div>different requirements (not entirely sure).</div>
<div><br>
</div>
<div>S.</div>
<div><br>
</div>
<div>On 29/06/15 18:16, Scott, Keith L. wrote:</div>
<blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;">
<div>Next round of security discussion: Tuesday June 30, 1600 EDT.</div>
<div></div>
<div>Join Lync Meeting</div>
<div><a href="https://meet.mitre.org/kscott/OLAP75H0">https://meet.mitre.org/kscott/OLAP75H0</a></div>
<div></div>
<div>Join by phone</div>
<div>+1 (781) 271-2020</div>
<div>+1 (703) 983-2020</div>
<div>Find a local number<<a href="https://dialin.mitre.org/">https://dialin.mitre.org/</a>></div>
<div></div>
<div>Conference ID:69969900</div>
<div></div>
<div></div>
<div>Charles Sheehe of GRC sent some decent notes (below). Essentially we’re trying to figure out, following Howie’s suggestion, whether the actual implementation of bundle security might be accomplishable using the CMS<<a href="https://datatracker.ietf.org/doc/rfc5652/">https://datatracker.ietf.org/doc/rfc5652/</a>>
mechanisms and, if so, what the implications would be in terms of overhead and complexity.</div>
<div></div>
<div>For CMS encapsulation, the exact ‘way’ of doing the encapsulation is an open question:</div>
<div>One CMS ‘context’ for the whole bundle — I think this was ruled out — we need per-block granularity</div>
<div>One CMS ‘context’ per block, CMS context wraps the block (block inside CMS) [the ‘CMS content eats blocks’ approach]</div>
<div>One CMS ‘context’ per block, CMS wraps block CONTENT (block header, CMS, block content) [could have a flag in the block processing control blocks to indicate ‘cms content’]?</div>
<div>One CMS ‘context’ per block, can separate the CMS bits from the block itself (more like current BSP)</div>
<div></div>
<div>In addition to what’s below, Ed asked a couple times if we couldn’t essentially define a ‘CMS cipher suite’ for SBSP. That might allow the use of the SBSP mechanisms and the CMS encryption machinery. I’m not sure that’s a real win in terms of complexity
/ interoperability, but we should figure that out.</div>
<div></div>
<div>Charles’ notes:</div>
<div></div>
<div>• Jeremy is implementing CMS system overlay on DTN BP to determine the overhead difference between CMS and SBSP for the same file.</div>
<div>• The working group will conduct a SBSP vs CMS comparison.</div>
<div>Overhead</div>
<div>Computational complexity</div>
<div>Availability of open source cryptographic software</div>
<div>• The working group is posting use cases to the CCSDS CWE or Wiki</div>
<div>Email comments; highly redundant and messy, but easier than CWE</div>
<div>• The working group will be developing security requirements form the use cases.</div>
<div>• Compatibility with IP will be done by a Gateway devices.</div>
<div>A few thought that it was a good idea to have CMS as an option. Exact method to implement left open. Flag or CMS block</div>
<div>CMS inside block</div>
<div>CMS outside the block</div>
<div>Eats or reference?</div>
<div>Certificate management: x.509 Size of certificates</div>
<div>No other actions or decision that I noted.</div>
<div>Thanks</div>
<div>Chuck</div>
<div>Charles J. Sheehe III</div>
<div>Electronics Engineer</div>
<div>System Architectures and Networks Branch</div>
<div>21000 Brookpark Rd</div>
<div>Cleveland, OH 44135</div>
<div><a href="mailto:Charles.J.Sheehe@nasa.gov">Charles.J.Sheehe@nasa.gov</a></div>
<div>Office: 216-433-5179</div>
<div></div>
<div></div>
<div></div>
</blockquote>
<div><br>
</div>
</blockquote>
</div>
</div>
</span>
</body>
</html>