<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma",sans-serif;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma",sans-serif;}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{mso-style-name:msochpdefault;
mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
span.emailstyle19
{mso-style-name:emailstyle19;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.apple-tab-span
{mso-style-name:apple-tab-span;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Excellent point, Tomaso. I think the near-term requirements will come from upcoming ISS payloads such as the ECOSTRESS experiment, but I don’t think anybody
has got details yet. In general, I agree: less overhead is better, and uplink probably imposes more stringent constraints than downlink. One other point: space flight missions won’t necessarily be the only bandwidth-constrained users of DTN. Untethered
undersea vehicles, for example, are a prime use case for DTN and their transmission data rates are very limited.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Scott<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></a></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Tomaso.deCola@dlr.de [mailto:Tomaso.deCola@dlr.de]
<br>
<b>Sent:</b> Wednesday, July 1, 2015 8:57 AM<br>
<b>To:</b> Burleigh, Scott C (312B)<br>
<b>Cc:</b> Howard.Weiss@parsons.com; dennis.c.iannicca@nasa.gov; Jeremy.Mayer@dlr.de; sis-dtn@mailman.ccsds.org<br>
<b>Subject:</b> RE: [Sis-dtn] Bundle Signing And Encryption With CMS<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi Scott,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Certainly the least overhead we manage to bring in the better it is. My question is whether do we have specific space mission requirements (based on the next
missions to fly) on the bundle size so that we can have a kind of target for the protocol design. Further to this, I think it would be also worth addressing where security should/could be applied. For instance, if we think of the current uplink used for telecommand,
certainly the resources are already so scarce that probably the transport of large digital signatures could become a real issue.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Tomaso</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray">————————————————————————</span><span style="color:#1F497D">
<br>
</span><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray">Deutsches Zentrum für Luft- und Raumfahrt</span></b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray"> (DLR)</span><span style="color:#1F497D">
<br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray">German Aerospace Center</span><span style="color:#1F497D">
<br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray">Institute of Communications and Navigation | Satellite Networks | Oberpfaffenhofen | 82234 Wessling | Germany</span><span style="color:#1F497D">
</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray">Tomaso de Cola, Ph.D.</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
<br>
</span><span lang="DE" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:dimgray">Telefon +49 8153 28-2156 | Telefax +49 8153 28-2844 |</span><span lang="DE" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#1F497D">
</span><a href="mailto:tomaso.decola@dlr.de"><span lang="DE" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:blue">tomaso.decola@dlr.de</span></a><span lang="DE" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
<br>
</span><a href="http://www.dlr.de/kn/institut/abteilungen/san"><span lang="DE" style="font-size:10.0pt;font-family:"Arial",sans-serif;color:blue">http://www.dlr.de/kn/institut/abteilungen/san</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
</span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span lang="DE" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">
</span><a href="mailto:sis-dtn-bounces@mailman.ccsds.org"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">sis-dtn-bounces@mailman.ccsds.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"> [</span><a href="mailto:sis-dtn-bounces@mailman.ccsds.org"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">mailto:sis-dtn-bounces@mailman.ccsds.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">]
<b>On Behalf Of </b>Burleigh, Scott C (312B)<br>
<b>Sent:</b> Tuesday, June 30, 2015 21:07<br>
<b>To:</b> Weiss, Howard; Iannicca, Dennis C. (GRC-LCA0); Mayer, Jeremy; </span><a href="mailto:sis-dtn@mailman.ccsds.org"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">sis-dtn@mailman.ccsds.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><br>
<b>Subject:</b> RE: [Sis-dtn] Bundle Signing And Encryption With CMS</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hi, Howie. Yes, as I said, I am sure there easy ways to reduce these numbers.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">But maybe I’m confused. My understanding is that a SHA256 digest is 256 bits, 32 bytes. While that is not trivial, I don’t think I’d call it huge; it’s a lot
less than 686 bytes, and it might be tolerable for 1KB bundles even if not truncated.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Again, as I said, I am by no means saying that CMS is the wrong way to go. I just want us to bear in mind that the sort of overhead Jeremy was seeing might be
a non-starter for some use cases that we might want to support with DTN.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Scott</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Weiss, Howard [</span><a href="mailto:Howard.Weiss@parsons.com"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">mailto:Howard.Weiss@parsons.com</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">]
<br>
<b>Sent:</b> Tuesday, June 30, 2015 11:49 AM<br>
<b>To:</b> Iannicca, Dennis C. (GRC-LCA0); Burleigh, Scott C (312B); Mayer, Jeremy P. (JSC-OT/ESA)[EUROPEAN SPACE AGENCY];
</span><a href="mailto:sis-dtn@mailman.ccsds.org"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">sis-dtn@mailman.ccsds.org</span></a><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><br>
<b>Subject:</b> RE: [Sis-dtn] Bundle Signing And Encryption With CMS</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Scott<br>
<br>
The SHA256 authentication/integrity digest results in a huge overhead regardless of the protocol used. While we don't usually 'encourage' people to truncate SHA digests, it can be done when wire overhead is a major issue. See NIST SP 800-107 for info on truncation
(</span><a href="http://csrc.nist.gov/publications/nistpubs/800-107-rev1/sp800-107-rev1.pdf"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">http://csrc.nist.gov/publications/nistpubs/800-107-rev1/sp800-107-rev1.pdf</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">)<br>
<br>
And as Dennis says, elliptic curve saves many bits over RSA.<br>
<br>
Howie</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Howard Weiss</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><br>
</span><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif;color:black">Technical Director</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><br>
<br>
<b>PARSONS</b></span><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif;color:black"><br>
7110 Samuel Morse Drive<br>
Columbia, MD 21046<br>
443-430-8089 (office)<br>
410-262-1479 (cell)<br>
443-430-8238 (fax)<br>
</span><a href="mailto:howard.weiss@parsons.com"><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif">howard.weiss@parsons.com</span></a><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif;color:black"><br>
</span><a href="http://www.parsons.com"><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif">www.parsons.com</span></a><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif;color:black"><br>
<br>
</span><span style="font-size:7.5pt;font-family:"Tahoma",sans-serif;color:#339966">Please consider the environment before printing this message</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="color:black">
<hr size="2" width="100%" align="center">
</span></div>
<div id="divRpF281096">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> Iannicca, Dennis C. (GRC-LCA0) [dennis.c.iannicca@nasa.gov]<br>
<b>Sent:</b> Tuesday, June 30, 2015 2:23 PM<br>
<b>To:</b> Burleigh, Scott C (JPL-312B)[Jet Propulsion Laboratory]; Weiss, Howard; Mayer, Jeremy P. (JSC-OT/ESA)[EUROPEAN SPACE AGENCY];
</span><a href="mailto:sis-dtn@mailman.ccsds.org"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">sis-dtn@mailman.ccsds.org</span></a><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"><br>
<b>Subject:</b> Re: [Sis-dtn] Bundle Signing And Encryption With CMS</span><o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">On 6/30/15 1:26 PM, "Burleigh, Scott C (312B)" <</span><a href="mailto:scott.c.burleigh@jpl.nasa.gov" target="_blank">scott.c.burleigh@jpl.nasa.gov</a><span style="color:black">> wrote:</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="color:black"> </span><o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #B5C4DF 4.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt" id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I agree, Jeremy, it’s terrific that you could do this so quickly. And I agree that the overheads are not bad, but to my mind they are still a little troubling.
I can imagine an SBSP Block Integrity Block ciphersuite that would use a one-time, randomly generated SHA256 key to generate a SHA256 digest over the payload (shipped in the BIB’s results field); would include that key in the BIB’s ciphersuite parameters;
and would also provide an elliptic-curve digital signature for that key (computed using the sender’s private key, to be verified using the sender’s pre-placed public key) as an additional ciphersuite parameter. I think that would come to 256 bits for the
SHA256 digest plus 256 bits for the SHA256 key, plus 320 bits for the ECDS, for a total of 832 bits = 104 bytes. Even allowing for a little additional BIB structural overhead, this is still less than a sixth of the overhead measured for the CMS signing option.</span><o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="color:black"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">Scott,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">CMS would allow you to use ECDSA for signatures in lieu of RSA if you wanted to reduce the overhead seen in these examples.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"> </span><o:p></o:p></p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:black">--</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:black">Dennis Iannicca</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:black">NASA Glenn Research Center</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:black">21000 Brookpark Road, MS 54-1</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:black">Cleveland, OH 44135</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica",sans-serif;color:black">216-433-6493</span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>