Unspecified Management System: [CESG] Re: Results of CESG Polls closing 14 August 2015

Shames, Peter M (312B) peter.m.shames at jpl.nasa.gov
Fri Aug 28 23:38:40 UTC 2015

Ciao Gippo,

The issue I have with how this Management System is specified in these documents is that it is not really specified at all as a system.  It is, instead, described in Sec 6 as a set of managed parameters.   This is useful, since it does provide the implementer with some concrete guidance on what is expected to be managed and a possible range of values, but it does not constitute a Management System.  There is no spec for the system, no defined behavior for the system, and no interfaces for the system, not even in the abstract.

I would recommend, therefore, that you make clear in this section that these are the set of managed parameters that are intended to be included in any system that manages security associations, but that no specification for such a system is provided nor implied.

CCSDS does indeed provide service systems, interface, and behavioral specifications.  The most prominent of these are the SLE and CSTS, but even the MOIMS SM&C is starting to develop system interfaces.  The RASIM also provided a set of abstract system interfaces.  Specs such as CFDP and AMS have defined the service characteristics of a data management service that is intended to do buffer management within the protocol.  I find none of the typical characterizations of a system or service interface in this spec, only a set of data items that consititue managed parameters.

I would not in any way suggest that we list in every spec all the things that they are not.  That would be foolish.  At the same time I think we need to be careful to be clear in describing what it is that we do define and what the limitations are.

Best regards, Peter

From: Gian Paolo Calzolari <Gian.Paolo.Calzolari at esa.int<mailto:Gian.Paolo.Calzolari at esa.int>>
Date: Friday, August 28, 2015 at 12:39 AM
To: Peter Shames <peter.m.shames at jpl.nasa.gov<mailto:peter.m.shames at jpl.nasa.gov>>
Cc: "Biggerstaff, Craig (JSC-CD221)[LOCKHEED MARTIN CORP]" <craig.biggerstaff at nasa.gov<mailto:craig.biggerstaff at nasa.gov>>, "howie.weiss at sparta.com<mailto:howie.weiss at sparta.com>" <howie.weiss at sparta.com<mailto:howie.weiss at sparta.com>>, CCSDS Engineering Steering Group - CESG Exec <cesg at mailman.ccsds.org<mailto:cesg at mailman.ccsds.org>>
Subject: Unspecified Management System: [CESG] Re: Results of CESG Polls closing 14 August 2015

Dear Peter,
        I am extremely reluctant to accept your condition about adding the term "unspecified" in front of "management system".

First of all Craig motivated the non addition of this term in his WinWord comment stating <Using the word 'unspecified' for management in section 6.1 is not consistent with the language used with the SLP BBs.  Each of the four standards (SDLS, TC, TM, AOS) contains a statement in section 1.2 where the absence of specification for the management activities is stated.  Otherwise, the word 'unspecified' does not show up a single time in TC, TM and AOS BBs.
The WG prefers to be consistent with the SLP books, and proposes not to add the word 'unspecified' here.>

Moreover if we accept this trend than each CCSDS document will need to add the term unspecified in front of whatever is not specified in that document or outside.
It is also not fully true that the management is unspecified, actually chapter 6 itself contains a number of requirement (not all requirements, indeed) to be used when specifying the (agency specific) management system.
Last but not l;east, CCSDS never specifies systems but rather provide standards to be used for a subset (sometimes large) of the systems specification to be issued by a given Agency/Company.

So I do recommend keeping consistency within the documents of the SLS Area and not adding the term "unspecified" in front of "management system" and I kindly ask you to withdraw this specific condition.

Best regards

Gian Paolo

From:        "Shames, Peter M (312B)" <peter.m.shames at jpl.nasa.gov<mailto:peter.m.shames at jpl.nasa.gov>>
To:        "Biggerstaff, Craig (JSC-CD221)[LOCKHEED MARTIN CORP]" <craig.biggerstaff at nasa.gov<mailto:craig.biggerstaff at nasa.gov>>, "Scott, Keith L (9730-Affiliate)" <kscott at mitre.org<mailto:kscott at mitre.org>>, "tomaso.decola at dlr.de<mailto:tomaso.decola at dlr.de>" <tomaso.decola at dlr.de<mailto:tomaso.decola at dlr.de>>,
Cc:        "howie.weiss at sparta.com<mailto:howie.weiss at sparta.com>" <howie.weiss at sparta.com<mailto:howie.weiss at sparta.com>>, "cesg at mailman.ccsds.org<mailto:cesg at mailman.ccsds.org>" <cesg at mailman.ccsds.org<mailto:cesg at mailman.ccsds.org>>
Date:        28/08/2015 02:48
Subject:        [CESG] Re: Results of CESG Polls closing 14 August 2015
Sent by:        cesg-bounces at mailman.ccsds.org<mailto:cesg-bounces at mailman.ccsds.org>

Dear Craig, et al,

I have reviewed the proposed changes to the document.  I find all of them acceptable except for one.  I really believe that this document will better represent its functions if a new, simplified, version of "figure 6-1” is included in sec 2.2.2.  This would allow you to introduce in a graphical way exactly what this protocol does relative to the three space data link protocols.   You can then point to the protocol specific versions as you have.

And on pg 6-1, sec 6.1 there was a side note about the "management system” being unspecified.  I propose changing the text to read "Through the use of an out of band and unspecified management system…"

I think that gets the flavor of what you are describing.  Would you agree?

There is this further loose end having to do with the “still in work” CCSDS SDLS Extended Procedures recommendation (reference 355.1-B).  It is mentioned twice in the document in NOTE and overview text.  Since it is not final this is probably appropriate.  Tom Gannett will probably have an opinion about this, but I think you could insert a reference to the Red Book in the non normative references and mark it as [Future}.  We did that on the SCCS-ARD and no one screamed, and it at least gets a clear reference to the “to be published” standard into the document.

Best regards, Peter

From: "Biggerstaff, Craig (JSC-CD221)[LOCKHEED MARTIN CORP]" <craig.biggerstaff at nasa.gov<mailto:craig.biggerstaff at nasa.gov>>
Date: Thursday, August 27, 2015 at 4:16 PM
To: Peter Shames <peter.m.shames at jpl.nasa.gov<mailto:peter.m.shames at jpl.nasa.gov>>, Keith Scott <kscott at mitre.org<mailto:kscott at mitre.org>>, "tomaso.decola at dlr.de<mailto:tomaso.decola at dlr.de>" <tomaso.decola at dlr.de<mailto:tomaso.decola at dlr.de>>
Cc: CCSDS Engineering Steering Group - CESG Exec <cesg at mailman.ccsds.org<mailto:cesg at mailman.ccsds.org>>, Gilles Moury <Gilles.Moury at cnes.fr<mailto:Gilles.Moury at cnes.fr>>, "howie.weiss at sparta.com<mailto:howie.weiss at sparta.com>" <howie.weiss at sparta.com<mailto:howie.weiss at sparta.com>>
Subject: RE: Results of CESG Polls closing 14 August 2015

Dear ADs/DADs,

As the book editor of CCSDS 355.1-B-0 'Space Data Link Security Protocol', I have attached proposed text changes that, the WG believes, will resolve your CESG poll conditions.  Please review these changes and let me know if the changes answer your requirements.  Thank you.

Best regards,

Craig Biggerstaff

At 03:37 PM 8/17/2015, CCSDS Secretariat wrote:
CESG E-Poll Identifier: CESG-P-2015-07-001 Approval to publish CCSDS
355.0-B-1, Space Data Link Security Protocol (Blue Book, Issue 1)
Results of CESG poll beginning 31 July 2015 and ending 14 August 2015:

                  Abstain:  0 (0%)
  Approve Unconditionally:  6 (66.67%) (Merri, Behal, Calzolari,
Moury, Suess, Barton)
  Approve with Conditions:  3 (33.33%) (Shames, Scott, Cola)
  Disapprove with Comment:  0 (0%)


Peter Shames (Approve with Conditions): We need this document to be
published, and soon, but there are still a few inconsistencies that
I believe should be fixed before that happens. There are marked in
the attached text, but I will summarize them here:

1) The document is missing a really good overview description and
figure showing the relationship of the user provided transfer frame
data field to the secured field. Such figures are in docs like CCSDS 232x0b.

What you are asking for was originally in the SDLS Red Book but was moved to the TC/TM/AOS Pink Books.  The WG would prefer to reference those books instead of duplicating the overview information.

2) related to 1), the term "payload" is defined in sec 1.6, but it
is then not used in any consistent way within the rest of the
document. And the definition of the word "payload" is disjoint from
other CCSDS usage. The word "package" or "user provided data" might be better.

The use of "Payload" in this document follows its common use within cryptography.  Its meaning within the context of this document has been defined in 1.8, and it is now capitalized as a proper name throughout.  The WG believes this will clear up any confusion.

3) The Security Association Management Service, sec 3.4, reads like
Green Book material, not Blue Book. There is not even an abstract
service spec provided and as such it appears to be non-normative
content. The related "Primitives" are not even sketched out, which
makes this section look even more "unfinished".

The WG's consensus was that specifying only the required Security Association managed parameters was sufficient for 355.0, which the WG wanted to keep 'lightweight'.  The WG did originally consider a set of service primitives covering SA management, but decided that including them in the 355.0 core protocol would unduly constrain operations centers to a particular state model for operational key changes and recovery from spacecraft failures, where is not now any consensus to reverse agency-specific approaches.  Those subjects were deemed material for the Green Book or else for the SDLS Extended Procedures Blue Book.

4) There is a repeated description of "Rollover of the sequence
number could be used to signal the end of the acceptable lifetime of
a cryptographic key", which sounds like specific guidance, but
always appears in a NOTE. This might be better expressed in a real
requirement as a "may".

The NOTEs have been modified to eliminate any guidance and to refer to the GB.

Keith Scott (Approve with Conditions): I concur with Tomaso that a
note stating the non-applicability of this specification to
Proximity-2 communications would be quite helpful.

Tomaso de Cola (Approve with Conditions): As the book relates to
security implemented in the data link layer of CCSDS protocol stack,
I would expect a note or comment in Section 1 to state that the
scope of the book is limited to AOS, TM, and TC and does not address
Proximity. Finding no mention of proximity leaves some uncertainty
on the overall security implementation in SDLP.

A statement to this effect has been added to paragraph 2.1.

Note for future book amendments, the green book CCSDS 350.0-G-2 (THE
TO SECURE SYSTEMS ) will probably require some minor revision to
reflect the changes provided in this blue book, once published.

Total Respondents: 9
No response was received from the following Area(s):


PROPOSED SECRETARIAT ACTION:            Generate CMC poll after
conditions have been addressed
CESG mailing list
CESG at mailman.ccsds.org<mailto:CESG at mailman.ccsds.org>

This message and any attachments are intended for the use of the addressee or addressees only.
The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its
content is not permitted.
If you received this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.

Please consider the environment before printing this email.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20150828/7c90fbbc/attachment.html>

More information about the CESG mailing list