<HTML>
<HEAD>
<TITLE>Re: [Sls-slp] Security, NGU and New TC services and there effect on COP-1</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>As usual Howie you are correct....except there needs to be a process somewhere for the system on an end to end basis to report the failure at the security point or at the application layer. Are we going to invent a protocol to do that at the security layer;. notifying the remote user of the failure at the security check point? Cop-1 will respond to the loss of a frame and request a replacement. I guess we could relate you argument to TCP; its role is to handle link problems (ordering and loss) and security (using IPSec) is riding on top of that. If the system requires in order delivery of good data without loss then there needs to be a protocol at the application layer that requests the missed item. I don’t believe that we want to do that.....so I’ll continue to say that the COP is there to assure the delivery of in order without loss delivery.<BR>
<BR>
<BR>
On 10/15/09 7:51 AM, "Howie Weiss" <<a href="Howard.Weiss@cobham.com">Howard.Weiss@cobham.com</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><FONT SIZE="2"><SPAN STYLE='font-size:10pt'>Where we disagree</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>is that the COP isn't "broken" if you put the security afterwards and the security layer fails its checks.</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>This comes back to where the COP/FARM has finished its job (to guarantee</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>delivery of complete in</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>sequence, error free commands). Our disagreement was that I believe that the COP has finished when it hands the command to the next process (whatever that is)</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>– in this</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>example it is the security layer.</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>You believe that the COP</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>has not</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>completing its job correctly if the next process or processes throws the</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>command</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>away for another failure</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>– in this case</SPAN></FONT></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'> </SPAN></FONT><FONT SIZE="2"><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:10pt'>if the security has failed.<BR>
</SPAN></FONT></FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'><BR>
This is analogous to IPSec being above the link and network (IP) layers. While IP does not guarantee in-order delivery it does (sort of) guarantee that the packet isn't clobbered (based on its weak checksum). But IP is supposed to simply hand-of what it thinks is a good packet to IPSec for security processing. IP washes its (virtual) hands of the packet and it becomes IPSec's responsibility to pass it up to the next layer as "good" to to send it to the bit-bucket because it didn't pass muster.<BR>
<BR>
Howie<BR>
<BR>
</SPAN><FONT SIZE="2"><SPAN STYLE='font-size:10pt'>-----------------------<BR>
</SPAN></FONT><SPAN STYLE='font-size:11pt'> <BR>
</SPAN><FONT SIZE="2"><SPAN STYLE='font-size:10pt'><B>Howard Weiss <BR>
</B></SPAN></FONT><FONT SIZE="1"><SPAN STYLE='font-size:8pt'>Technical Director<BR>
SPARTA National Security Sector<BR>
Cobham Analytic Solutions<BR>
T: 443 430 8089<BR>
F: 443 430 8238<BR>
C: 410 261 1479<BR>
<a href="howard.weiss@cobham.com">howard.weiss@cobham.com</a><BR>
</SPAN></FONT><FONT SIZE="2"><SPAN STYLE='font-size:10pt'><BR>
</SPAN></FONT><FONT SIZE="1"><SPAN STYLE='font-size:8pt'>SPARTA, Inc., dba Cobham Analytic Solutions, 7110 Samuel Morse Dr., Columbia MD 21046 www.sparta.com <<a href="http://www.sparta.com/">http://www.sparta.com/</a>> <BR>
</SPAN></FONT><SPAN STYLE='font-size:11pt'><BR>
</SPAN><FONT SIZE="1"><SPAN STYLE='font-size:8pt'><B>Please consider the environment before printing this email</B> <BR>
<BR>
</SPAN></FONT><SPAN STYLE='font-size:11pt'><BR>
<BR>
<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE>
</BODY>
</HTML>