[Cesg-all] Results of CESG Polls closing 11 September 2018
CCSDS Secretariat
thomas.gannett at tgannett.net
Wed Sep 12 22:27:44 UTC 2018
CESG E-Poll Identifier: CESG-P-2018-08-001 Approval to publish CCSDS
350.0-G-3, The Application of CCSDS Protocols to Secure Systems
(Green Book, Issue 3)
Results of CESG poll beginning 28 August 2018 and ending 11 September 2018:
Abstain: 0 (0%)
Approve Unconditionally: 2 (33.33%) (Shames, Moury)
Approve with Conditions: 4 (66.67%) (Merri, Behal, Burleigh, Wilmot)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Mario Merri (Approve with Conditions): This is not a condition, but
rather a suggestion for a future issue of the book.
From the title the book should cover security in CCSDS "protocols",
however it also touches on SLE which is more a service than a
protocol. In this context, the future version of the green book
should have provision to include security aspects also of other CCSDS
applicatioan services, namely the MO Services.
Bigette Behal (Approve with Conditions): cf. MOIMS AD
Scott Burleigh (Approve with Conditions): I believe this Green Book
is fine as far as it goes. But since its title is "The Application of
CCSDS Protocols to Secure Systems" I think it is now required to
include a discussion of the Bundle Security Protocol, which will be a
CCSDS standard. (Is there a Blue Book for a CCSDS profile of ipsec?
If not, then the discussion of ipsec should be omitted.)
Alternatively, the title could be changed to something like "The
Application of Space Data Link Security Protocol and IPSEC to Secure Systems."
On roughly the same topic, Figure 3.1 doesn't get the layering of the
DTN protocols right; I think more accurate diagrams are available.
Other comments:
Page 2-2: I think insertion of new, counterfeit information is an
additional class of active threat.
Section 4.1.1: I think the distinction between point-to-point and
end-to-end security needs to be made clearer.
Jonathan Wilmot (Approve with Conditions): Comments.
No mention of file level encryption. Is this use case considered
application layer security?
Section 5.4.2 SPACE PACKET PROTOCOL SECURITY as recommended would not
provide protection against replay attacks since the header is not
authenticated. This could be made clear.
Figure 5-8: Combination of Internet and CCSDS Protocols appears to be missing.
Total Respondents: 6
No response was received from the following Area(s):
CSS
SECRETARIAT INTERPRETATION OF RESULTS: Approved with Conditions
PROPOSED SECRETARIAT ACTION: Generate CMC poll after
conditions have been addressed
* * * * * * * * * * * * * * * * * * * * * * * *
CESG E-Poll Identifier: CESG-P-2018-08-002 Approval to release CCSDS
357.0-R-1, CCSDS Authentication Credentials (Red Book, Issue 1) for
CCSDS Agency review
Results of CESG poll beginning 28 August 2018 and ending 11 September 2018:
Abstain: 1 (16.67%) (Calzolari)
Approve Unconditionally: 5 (83.33%) (Merri, Behal, Shames, Burleigh, Wilmot)
Approve with Conditions: 0 (0%)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Scott Burleigh (Approve Unconditionally): Just a comment: I think it
would be helpful to explain the term "one-way function" as used in section 2.3.
Total Respondents: 6
No response was received from the following Area(s):
CSS
SECRETARIAT INTERPRETATION OF RESULTS: Approved Unconditionally
PROPOSED SECRETARIAT ACTION: Generate CMC poll
* * * * * * * * * * * * * * * * * * * * * * * *
CESG E-Poll Identifier: CESG-P-2018-08-003 Approval to publish CCSDS
706.2-G-2, Voice Communications (Green Book, Issue 2)
Results of CESG poll beginning 28 August 2018 and ending 11 September 2018:
Abstain: 0 (0%)
Approve Unconditionally: 3 (50%) (Merri, Behal, Burleigh)
Approve with Conditions: 3 (50%) (Shames, Calzolari, Wilmot)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Peter Shames (Approve with Conditions): The definitions section
contains a lot of long explanatory paragraphs instead of concise
definitions. These should be moved into the body of the text in the
appropriate sections.
The headset examples in Table 2-1 appear to be specific vendor
products, but no vendor is identified which makes it a bit of a guessing game.
Table 3-1 a major Technical Constraint for long haul voice comms is
the RTLT imposed latency. This should, IMHO, be first in that list.
Table 3-3, Mars or Lunar "local" segment. This approach of using
commercial, TCP/IP based, technologies is convenient unless and until
you need to communicate via relays or to Earth. At that point only a
delay tolerant approach will work. This table should reflect that.
This kind of hybrid architecture must be carefully designed and this
present approach seems too simplistic. Also, what does "ham radio"
have to do with this? What does it even mean in this context?
Table 3-5, Long Haul. Please remove IP from the option list. It will
not work in a long haul environment. IMHO the only viable approach is
to properly engineer a DTN based solution set.
Gian Paolo Calzolari (Approve with Conditions): CONDITIONS
Since AOS, CCSDS Encapsulation Service, Proximity-1 are mentioned,
the relevant references shall be added and correctly used in the document.
AOS, CFDP, DTN acronyms shall be added
Should VOIP (and sending of IP data in general) reference IP over
CCSDS Space Links. Blue Book
(.https://public.ccsds.org/Pubs/702x1b1c1.pdf ) instead of calling
CCSDS Encapsulation Service? It may be sufficient to clarify this
once forever in the document
QUESTION
Would it be worth mentioning the emerging Unified Space Link Protocol (USLP)?
Jonathan Wilmot (Approve with Conditions): Align terms with recently
published CCSDS 766.2-B-1 VOICE AND AUDIO COMMUNICATIONS Blue book.
Should 766.2-B-1 be referenced?
Total Respondents: 6
No response was received from the following Area(s):
CSS
SECRETARIAT INTERPRETATION OF RESULTS: Approved with Conditions
PROPOSED SECRETARIAT ACTION: Generate CMC poll after
conditions have been addressed
* * * * * * * * * * * * * * * * * * * * * * * *
More information about the CESG-All
mailing list