<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:94054780;
mso-list-type:hybrid;
mso-list-template-ids:1612631266 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:323435195;
mso-list-template-ids:-1908520150;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:612054208;
mso-list-template-ids:-1321467904;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:633484077;
mso-list-type:hybrid;
mso-list-template-ids:481048260 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:662779151;
mso-list-type:hybrid;
mso-list-template-ids:1569326634 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5
{mso-list-id:1052382506;
mso-list-template-ids:549361580;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt'>In principle, following NIST guidelines..<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>A one-way, cryptographic hash </span><span style='font-size:11.0pt;color:#333333;background:white'>algorithm maps arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#333333;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#333333;background:white'>Approved hash algorithms (e.g., SHA-384) can be used to indicate the integrity of the data. However, since any entity that has access to the data could have computed the integrity value, it does not provide any authentication. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#333333;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#333333;background:white'>An approved keyed Hash Message Authentication Code (HMAC) utilizes a symmetric (secret) key. It authenticates the integrity of the data since a symmetric key was utilized, but does not provide provenance (anyone possessing the symmetric key in the network could have potentially changed the underlying data and calculated the HMAC value). </span><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>In this context, provenance is defined as: </span><span style='font-size:11.0pt;color:#333333;background:white'>The chronology and ownership of the associated data.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#333333;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;color:#333333;background:white'>An approved digital signature algorithm (e.g., ECDSA P-384) will provide provenance since it utilizes private/public keys. With ECDSA the hash of the payload data is used in generating the signature. Thus, we can infer the integrity, authenticity and the provenance of the data with digital signatures</span><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>v/r,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>mehmet<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>SIS-DTN <sis-dtn-bounces@mailman.ccsds.org> on behalf of "Dr. Keith L Scott via SIS-DTN" <sis-dtn@mailman.ccsds.org><br><b>Reply-To: </b>"Dr. Keith L Scott" <kscott@mitre.org><br><b>Date: </b>Tuesday, November 22, 2022 at 1:07 PM<br><b>To: </b>"sburleig.sb@gmail.com" <sburleig.sb@gmail.com>, "sis-dtn@mailman.ccsds.org" <sis-dtn@mailman.ccsds.org>, "sea-sec@mailman.ccsds.org" <sea-sec@mailman.ccsds.org><br><b>Cc: </b>'Peter Shames' <peter.shames@jpl.nasa.gov><br><b>Subject: </b>Re: [Sis-dtn] [EXT] RE: SIS-DTN BPsec Profile<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt'>Yeah, I think that’s mostly right. I’d add ‘if I exchange a shared secret with the peer out-of-band’ then I can get integrity (if they encrypt something in that shared secret and it decrypts correctly (assuming I can KNOW that) then they are the one who encrypted it).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> --keith<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'><o:p> </o:p></span></p><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-bottom:12.0pt'><b><span style='font-size:12.0pt;color:black'>From: </span></b><span style='font-size:12.0pt;color:black'>sburleig.sb@gmail.com <sburleig.sb@gmail.com><br><b>Date: </b>Tuesday, November 22, 2022 at 2:33 PM<br><b>To: </b>Dr. Keith L Scott <kscott@mitre.org>, sis-dtn@mailman.ccsds.org <sis-dtn@mailman.ccsds.org>, sea-sec@mailman.ccsds.org <sea-sec@mailman.ccsds.org><br><b>Cc: </b>'Peter Shames' <peter.shames@jpl.nasa.gov><br><b>Subject: </b>[EXT] RE: [Sis-dtn] SIS-DTN BPsec Profile<o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt'>My sense of integrity vs authority, which may well be wildly wrong, is that integrity can be provided by a checksum or CRC or by a signature computed in a symmetric key that everybody knows, but authority can only be provided by a signature computed in the sender’s private key (verified in the sender’s known public key). I strongly suspect it’s not that simple, though.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Scott<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt'>From:</span></b><span style='font-size:11.0pt'> SIS-DTN <sis-dtn-bounces@mailman.ccsds.org> <b>On Behalf Of </b>Dr. Keith L Scott via SIS-DTN<br><b>Sent:</b> Tuesday, November 22, 2022 11:04 AM<br><b>To:</b> sis-dtn@mailman.ccsds.org; sea-sec@mailman.ccsds.org<br><b>Cc:</b> Peter Shames <peter.shames@jpl.nasa.gov><br><b>Subject:</b> [Sis-dtn] SIS-DTN BPsec Profile<o:p></o:p></span></p></div></div><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Greetings,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>We have a joint meeting scheduled on Friday Dec 2. This is nominally one of the monthly meetings to discuss the new BPsec Green Book, but I’d like to propose taking the December 2 meeting to discuss the BPsec Blue Book Profile.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I had a discussion w/ Howie the other day that resulted in a number of changes to the document:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt'>Authenticity</span></b><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>Antonias had several comments around authenticity and whether or not it made any sense to provide integrity without authenticity. I could envision a mission that wanted to provide data integrity on the science data it was returning, but might not need/want to provide authenticity. The assumption here would be (I suppose) that it wouldn’t make sense for anyone to fake the data (e.g. a faked image purportedly from Pluto Express showing a sign on the surface “I want to be a planet again.”?)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>That said, it seems like the services missions might want to choose from / implement are:<o:p></o:p></span></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:0in;mso-list:l0 level1 lfo3'><span style='font-size:11.0pt'>Integrity<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l0 level1 lfo3'><span style='font-size:11.0pt'>Authenticity<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l0 level1 lfo3'><span style='font-size:11.0pt'>Confidentiality<o:p></o:p></span></li></ul><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>[I’ll admit to being a bit confused by this; MY model for authenticity would be to use some sort of signed hash on the primary bundle block (which includes the source EID), though I suppose other mechanisms are possible].<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>In the document I tried to use “authenticity / integrity” where appropriate, and to otherwise mention authenticity where I thought it was appropriate. I’d be interested if folks think I got close to right.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I still need to add some text around the ‘pick-list’ notion of integrity / authenticity / confidentiality above.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt'>Security Contexts</span></b><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I added some text about security contexts and moved other text around so that security contexts now show up earlier than they used to.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt'>Default Security Contexts</span></b><span style='font-size:11.0pt'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>RFC9173 contains a set of default security contexts for BPsec:<o:p></o:p></span></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:0in;mso-list:l4 level1 lfo6'><span style='font-size:11.0pt'>Integrity Security Context BIB-HMAC-SHA2<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0in;mso-list:l4 level1 lfo6'><span style='font-size:11.0pt'>Security Context BCB-AES-GCM<o:p></o:p></span></li></ul><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>I think the questions I’d like to get at at next week’s telecon is:<o:p></o:p></span></p><ul style='margin-top:0in' type=disc><li class=MsoListParagraph style='margin-left:0in;mso-list:l3 level1 lfo9'><span style='font-size:11.0pt'>Do we need a set of default security contexts for the CCSDS Profile of BPsec?<o:p></o:p></span></li><ul style='margin-top:0in' type=circle><li class=MsoListParagraph style='margin-left:0in;mso-list:l3 level2 lfo9'><span style='font-size:11.0pt'>I think so. Maybe not even mandatory to implement but at least a defined set that can be used for testing?<o:p></o:p></span></li></ul><li class=MsoListParagraph style='margin-left:0in;mso-list:l3 level1 lfo9'><span style='font-size:11.0pt'>If the answer to the above is in fact ‘yes’ – what should we use for the default profiles? The current book has (I think) essentially RCC9172 pulled in, but then it looks like somebody (apologies, the changes are only marked as ‘Author’) seems to have suggested changing some of the recommended key sizes.<o:p></o:p></span></li></ul><p class=MsoNormal><span style='font-size:11.0pt'>So, if we could at least start talking about a nominal set of security contexts for the profile I think that would get us a LOT further down the road to getting the book out.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> v/r,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'> --keith<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt'>_______________________________________________ SIS-DTN mailing list SIS-DTN@mailman.ccsds.org https://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-dtn <o:p></o:p></span></p></div></body></html>