[CESG] CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic File Transfer (Blue Book, Issue 1)
CCSDS Secretariat
thomas.gannett at tgannett.net
Thu Nov 4 19:00:17 UTC 2021
Dear CESG Members,
Conditions for approval of CCSDS 927.1-B-1, Terrestrial Generic File
Transfer (Blue Book, Issue 1) have been disposed to the satisfaction
of the AD(s) who voted to approve with conditions. The Secretariat
will now proceed with CMC polling to authorize publication.
-------------- next part --------------
From: Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>
Sent: Thursday, November 04, 2021 2:17 PM
To: CCSDS Secretariat (thomas.gannett at tgannett.net)
Cc: EXTERNAL-Pietras, John V (US 332C-Affiliate);
Ignacio.Aguilar.Sanchez at esa.int; Colin.Haddow at esa.int
Subject: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-
1, Terrestrial Generic File Transfer (Blue Book, Issue 1) - Revised version
Attachments: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-
... (4.77 MB)
Categories: Poll Condition Closure
Dear Tom,
The PID for poll CESG-P-2021-09-005 has been resolved. Colin forwarded the updated
recommendation and sent that on October 21st. For reference that email is
attached. Please do not hesitate to let me know if you need anything further
information, etc.
Best regards,
-Erik
From: Ignacio.Aguilar.Sanchez at esa.int <Ignacio.Aguilar.Sanchez at esa.int>
Sent: Thursday, October 21, 2021 0:49
To: Colin.Haddow at esa.int
Cc: Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>; EXTERNAL-Pietras, John V (US 332C-Affiliate)
<john.pietras at gst.com>
Subject: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic
File Transfer (Blue Book, Issue 1) - Revised version
Fine with me, Colin.
Thank you,
Ignacio
Ignacio Aguilar Sánchez
Communication Systems Engineer
Electrical Engineering Department
European Space Research and Technology Centre
Keplerlaan 1, PO Box 299, 2200 AG Noordwijk, The Netherlands
Tel. (31) 71 565 5695
Fax (31) 71 565 5418
Email: ignacio.aguilar.sanchez at esa.int
www.esa.int
From: Colin Haddow/esoc/ESA
To: Ignacio Aguilar Sanchez/estec/ESA at ESA, erik.j.barkley at jpl.nasa.gov, "John Pietras"
<john.pietras at gst.com>
Date: 20/10/2021 14:51
Subject: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic File Transfer (Blue
Book, Issue 1) - Revised version
Hi Ignacio, Erik and John,
please find attached the revised version of the book with the changes
required for replacing "sensitivity" by "securityClassification". The changes made with respect to the
version I received from Tom are tracked.
John, I've editied the PDF for figure D-2, please check its correct.
Please let me know if you are happy with the updates so that I can send the revised version of the book
and figure D-2 to Tom and get the updated version of the TgftXfduExtensionParameters.xsd schema
uploaded to SANA.
Thanks.
Cheers for now,
Colin
[attachment "TGFT_Figure_D-2-CRH-20211020.pdf" deleted by Ignacio Aguilar Sanchez/estec/ESA]
[attachment "927x1b0_CESG_Approval-CRH-20211020.doc" deleted by Ignacio Aguilar
Sanchez/estec/ESA]
---------------------------------------------------------------------------------------------------------
Dr. Colin R. Haddow,
HSO-GI, European Space Agency,
European Space Operations Centre,
Robert-Bosch-Str 5,
64293 Darmstadt,
Germany.
Phone; +49 6151 90 2896
Fax; +49 6151 90 3010
E-Mail; colin.haddow at esa.int
---------------------------------------------------------------------------------------------------------
From: Colin Haddow/esoc/ESA
To: Ignacio Aguilar Sanchez/estec/ESA at ESA, erik.j.barkley at jpl.nasa.gov
Cc: "CCSDS Secretariat" <thomas.gannett at tgannett.net>, "John Pietras" <john.pietras at gst.com>
Date: 18/10/2021 18:19
Subject: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic
File Transfer (Blue Book, Issue 1)
Hi Erik, Ignacio,
okay for me, however as sensitivity is an XML element we would need to replace it
by securityClassification (rather than security classification) otherwise we'll have problems with the XML
schema.
I've had a quick look at the last version of the red book that I have and the term sensitivity occurs in 8
places, 2 of which are in the XML example, also, as far as I can tell (John will need to confirm) the term
sensitivity only occurs once in the
TgftXfduExtensionParameters.xsd
schema.
Updates should therefore be relatively straightforward once I get the latest version of the red book from
Tom.
Cheers for now,
Colin
PS. John's list of names to be bolded will also need to be updated to replace sensitivity by
securityClassification.
---------------------------------------------------------------------------------------------------------
Dr. Colin R. Haddow,
HSO-GI, European Space Agency,
European Space Operations Centre,
Robert-Bosch-Str 5,
64293 Darmstadt,
Germany.
Phone; +49 6151 90 2896
Fax; +49 6151 90 3010
E-Mail; colin.haddow at esa.int
---------------------------------------------------------------------------------------------------------
From: Ignacio Aguilar Sanchez/estec/ESA
To: "Barkley, Erik J (US 3970)" <erik.j.barkley at jpl.nasa.gov>
Cc: "Colin.Haddow at esa.int" <Colin.Haddow at esa.int>, "CCSDS Secretariat" <thomas.gannett at tgannett.net>
Date: 08/10/2021 10:05
Subject: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic
File Transfer (Blue Book, Issue 1)
Fine with me, Erik.
Let's see what Colin says once he is back.
Kind regards,
Ignacio
Ignacio Aguilar Sánchez
Communication Systems Engineer
Electrical Engineering Department
European Space Research and Technology Centre
Keplerlaan 1, PO Box 299, 2200 AG Noordwijk, The Netherlands
Tel. (31) 71 565 5695
Fax (31) 71 565 5418
Email: ignacio.aguilar.sanchez at esa.int
www.esa.int
From: "Barkley, Erik J (US 3970)" <erik.j.barkley at jpl.nasa.gov>
To: "Ignacio.Aguilar.Sanchez at esa.int" <Ignacio.Aguilar.Sanchez at esa.int>
Cc: "CCSDS Secretariat" <thomas.gannett at tgannett.net>, "Colin.Haddow at esa.int" <Colin.Haddow at esa.int>
Date: 08/10/2021 02:32
Subject: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic
File Transfer (Blue Book, Issue 1)
Dear Ignacio,
I have had an email exchange with the author of the RID and he has indicated that
replacing sensitivity with security classification is fine. I believe Colin will be back
next week so I would like hear from him, but to let you know in the meantime, I also
concur with this change.
Best regards,
-Erik
From: Ignacio.Aguilar.Sanchez at esa.int <Ignacio.Aguilar.Sanchez at esa.int>
Sent: Monday, October 4, 2021 4:54
To: Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>
Cc: CCSDS Secretariat <thomas.gannett at tgannett.net>; Colin.Haddow at esa.int
Subject: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1,
Terrestrial Generic File Transfer (Blue Book, Issue 1)
Dear Erik,
Thank you for your e-mail.
Although wary of the practical limits and misunderstandings of electronic discussion, I will try to address
the key points I believe you are raising in your answer to my PID.
1. I fully agree on waiting for Colin for his concurrence.
2. In my PID I did not mention 'cybersecurity', just security.
The term is introduced in your e-mail below.
Both the clarification and the distinction between the two terms are important for me.
I believe the raised PID is not about the 'cyber' component of security.
In ESA (at least at ESTEC and ESOC) I have promoted the 'cybersecurity' definition and scope provided
by ITU-T in 2008 (see attached document).
You will see that nowhere in such document information classification is mentioned.
3. In my view the author of the RID was wrongly assuming that information classification is not related to
security.
Furthermore, I thought that perhaps the author may have other examples and/or needs that were not
expressed and simply did not choose a good example.
4. Your understanding of the marking language and the motivation for such marking in NASA JPL is
understood and very much agreed.
At ESA we have similar needs.
Any document that we write and distribute has a specific field that reflects a classification.
The classification field is titled 'ESA Security Marking'.
For UNCLASSIFIED documents it can adopt the following values:
- ESA UNCLASSIFIED - for Official Use only,
- ESA UNCLASSIFIED - Releasable to the Public,
- ESA UNCLASSIFIED - Limited Distribution,
- ESA UNCLASSIFIED - Sensitive Personal Data
I do not think we need to share about CLASSIFIED markings, although they are generally well-known
from sources like NATO.
Obviously, the ESA Security Marking reflects the sensitivity of the document in connection with its
distribution.
5. Who to engage for the solution of the issue raised by the PID?
Apart from the RID Author, the WG and you, when looking at CCSDS the SEA SEC WG looked to me as
the closest, although not the only one, to the kind of issue raised.
I believe the membership of the SEA SEC WG have most of them experienced and worked under
information classification rules and procedures both for CLASSIFIED and UNCLASSIFIED projects.
To be absolutely clear, for me CCSDS is only about UNCLASSIFIED.
6. I am afraid that the note you are proposing is not an adequate solution to the underlined issue.
On my side I could be happy if the term 'sensitivity' is replaced by 'security classification', if this is really
what the RID author meant and the WG understood.
After all, we know each Agency will have their own information security classification rules and
corresponding markings.
Hence, no need to discuss or agree on possible values for the field and their definition.
However, although I have a solid communications security background I I strongly believe it would be
better to check with our CCSDS 'security' experts to make sure we have a good solution.
Your thoughts?
7. About the CESG discussion, please count me in.
Even though I believe CCSDS should stay away from the standardisation of information classification, it
would be good to talk about it and reach a commonly agreed position on the subject.
Finally, please let me know if I missed or misunderstood any of the key points in your e-mail and/or if
further clarification is required.
Kind regards,
Ignacio
Ignacio Aguilar Sánchez
Communication Systems Engineer
Electrical Engineering Department
European Space Research and Technology Centre
Keplerlaan 1, PO Box 299, 2200 AG Noordwijk, The Netherlands
Tel. (31) 71 565 5695
Fax (31) 71 565 5418
Email: ignacio.aguilar.sanchez at esa.int
www.esa.int
From: "Barkley, Erik J (US 3970)" <erik.j.barkley at jpl.nasa.gov>
To: "Ignacio.Aguilar.Sanchez at esa.int" <Ignacio.Aguilar.Sanchez at esa.int>
Cc: "CCSDS Secretariat" <thomas.gannett at tgannett.net>, "Colin.Haddow at esa.int" <Colin.Haddow at esa.int>
Date: 01/10/2021 18:40
Subject: RE: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial Generic
File Transfer (Blue Book, Issue 1)
Dear Ignacio,
I see from a recent email notice that Colin Haddow will be out of the office until October
10. As he is the "book captain" for the TGFT recommendation I think it best to have his
concurrence on a suggested resolution. Nonetheless, to help in moving toward a
resolution here are my thoughts with regard to the condition.
The supporting analysis for the RID states (emphasis added on my part):
It is likely the missions and/or service providers will need to indicate
the sensitivity of the data being transferred. This is marking data in
addition to security considerations. For example, a mission, particularly
a mission transporting humans may wish to make trajectory data available
on a need to know basis only. At a minimum, adding some metadata to
allow for caring user-defined sensitivity will help for this kind of
operational scenario. Ultimately, some sort of definition as the
classifications of sensitivity would also be appreciated.
I happen to know the author of the RID and Im quite certain this was never intended as
addressing cybersecurity please note the phrase in addition to security
considerations (and not as part of security considerations). I tend to view this as
request to allow the equivalent of marking language to be included with the XFDU
package (files) for transfer. For NASA and JPL we have rules that indicate various
documents are subject to export control regulations and/or other sensitivities. Marking
the document with such language does in fact nothing to secure them. But it does notify
someone who has access to the information that the information is in fact controlled. I
view the sensitivity field as being analogous to this situation.
We can certainly engage the parties as you have indicated. But, I fear that as this is
really about arbitrary marking language, and not really cybersecurity, this will be
unlikely to produce any tangible result.
From my perspective (perfect being the enemy of good) the WG made the correct
decision to include the metadata field, deferring contents to implementation needs that
the WG cannot really foresee. It is unfortunate the author included an example that
touches upon cybersecurity considerations in the analysis. To help provide a more clear
rational, I propose amending the disposition for RID 41. It currently reads:
Accepted: Optional sensitivity field will be added and documented. The use and
meaning of the sensitivity (sic) field will not be defined in the recommendation and is
therefore subject to agreeemtn (sic) between the involved parties.
I believe it could read as:
Accepted: Optional sensitivity field will be added and documented. The use and
meaning of the sensitivty field will not be defined in the recommendation and is
therefore subject to agreeemtn between the involved parties. This additional field is for
marking purposes and does not substitute for or offer any cybersecurity measures i.e.,
because something is marked as sensitive does not in fact secure it as such.
The recommendation already states (4.3.4.3) The semantic
definitions of the originator, recipient, and sensitivity elements are outside
the scope of this Recommended Standard, and their use (or non-use) is left to
the application that generates the TGFT XFDUs.
I am open to adding a note in the recommendation along the lines of NOTE the
sensitivity element shall not be considered as offering or conferring security for the
XFDU content, pending concurrence from Colin.
Will this satisfy the condition?
Please note that I am also open to a broader discussion, at CESG level, as to whether or
not CCSDS should consider standardization re typical security consideration for
information classification and its distribution -- as early as the upcoming fall meetings.
I think it would be good have a general, stated CESG position.
Best regards,
-Erik
-----Original Message-----
From: CCSDS Secretariat <thomas.gannett at tgannett.net>
Sent: Friday, October 1, 2021 7:41
To: Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>
Cc: Ignacio.Aguilar.Sanchez at esa.int; jonathan.j.wilmot at nasa.gov
Subject: [EXTERNAL] Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1,
Terrestrial Generic File Transfer (Blue Book, Issue 1)
Dear Document Rapporteur,
The CESG poll to approve publication of CCSDS 927.1-B-1, Terrestrial Generic File
Transfer (Blue Book, Issue 1) concluded with conditions.
Please negotiate disposition of the conditions directly with the
AD(s) who voted to approve with conditions and CC the Secretariat on all related
correspondence.
CESG E-Poll Identifier: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1,
Terrestrial Generic File Transfer (Blue Book, Issue 1) Results of CESG poll beginning 16
September 2021 and ending 30 September 2021:
Abstain: 0 (0%) Approve Unconditionally: 3 (60%) (Barkley, Merri, Duhaze)
Approve with Conditions: 2 (40%) (Aguilar, Wilmot) Disapprove with Comment: 0
(0%)
CONDITIONS/COMMENTS:
Ignacio Aguilar Sanchez (Approve with Conditions): RID-41 of
the Agency Review of this standard introduced 'sensitivity' as additional metadata. The
supporting analysis indicated that this marking was in addition to security
considerations. However, the provided example referred to a need-to-know
consideration, which is a typical security consideration for information classification
and its distribution.
The RID was accepted and the optional 'sensitivity' field was added as part of the
standard. However, the use and meaning of this 'sensitivity' field was purposedly not
defined in the standard. As mentioned, the provided example showed an overlap with
security considerations. Hence, one can wonder whether this additional field is needed
and what it will actually be used for.
To close this condition for approval, it is recommended for CSS/CSSM WG to discuss
this PID with both the SEA Security WG and the RID author and come up with a
conclusion about its need, its name, its definition and its possible use.
Jonathan Wilmot (Approve with Conditions): I would expect
the CFDP references would be updated to the 202x versions .
H7 reference is listed but never used
Total Respondents: 5
No response was received from the following Area(s):
SEA
SIS
SECRETARIAT INTERPRETATION OF RESULTS: Approved with Conditions
PROPOSED SECRETARIAT ACTION: Generate CMC poll after
conditions have been addressed
* * * * * * * * * * * * * * * * * * * * * * * *
This message is intended only for the recipient(s) named above. It may
contain proprietary information and/or
protected content. Any unauthorised disclosure, use, retention or
dissemination is prohibited. If you have received
this e-mail in error, please notify the sender immediately. ESA applies
appropriate organisational measures to protect
personal data, in case of data privacy queries, please contact the ESA Data
Protection Officer (dpo at esa.int).
This message is intended only for the recipient(s) named above. It may
contain proprietary information and/or
protected content. Any unauthorised disclosure, use, retention or
dissemination is prohibited. If you have received
this e-mail in error, please notify the sender immediately. ESA applies
appropriate organisational measures to protect
personal data, in case of data privacy queries, please contact the ESA Data
Protection Officer (dpo at esa.int).
-------------- next part --------------
From: Wilmot, Jonathan J. (GSFC-5800) <jonathan.j.wilmot at nasa.gov>
Sent: Monday, October 04, 2021 7:10 AM
To: CCSDS Secretariat
Cc: Ignacio.Aguilar.Sanchez at esa.int; Erik.Barkley at jpl.nasa.gov
Subject: RE: [EXTERNAL] Re: Re: CESG-P-2021-09-005 Approval to publish CCSDS
927.1-B-1, Terrestrial Generic File Transfer (Blue Book, Issue 1)
Categories: Poll Condition Closure
Tom,
Yes, I agree with the resolutions. Consider this closed.
Kind regards,
Jonathan
Jonathan Wilmot
NASA/GSFC
Code 580 Senior Engineer for Flight Systems cFS Software Architect CCSDS SOIS Area Director Office 301-
286-2623 Cell 301-751-2658
-----Original Message-----
From: CCSDS Secretariat <thomas.gannett at tgannett.net>
Sent: Friday, October 1, 2021 10:51 AM
To: Wilmot, Jonathan J. (GSFC-5800) <jonathan.j.wilmot at nasa.gov>
Cc: Ignacio.Aguilar.Sanchez at esa.int; Erik.Barkley at jpl.nasa.gov
Subject: [EXTERNAL] Re: Re: CESG-P-2021-09-005 Approval to publish CCSDS 927.1-B-1, Terrestrial
Generic File Transfer (Blue Book, Issue 1)
Jonathan:
1) An informative-references annex can serve as an "additonal reading" sort of bibliography, and there is
no requirement that all documents listed in such an annex be referenced in the text. However, if Erik has
no objection, I can delete listed documents that are not referenced in the text (there are actually three).
2) I will update the CFDP references to the current issues prior to publication.
Please indicate via return email whether your conditions are satisfied.
Tom
At 10:41 AM 10/1/2021, CCSDS Secretariat wrote:
>Dear Document Rapporteur,
>
>The CESG poll to approve publication of CCSDS 927.1-B-1, Terrestrial
>Generic File Transfer (Blue Book, Issue 1) concluded with conditions.
>Please negotiate disposition of the conditions directly with the AD(s)
>who voted to approve with conditions and CC the Secretariat on all
>related correspondence.
>
>
>CESG E-Poll Identifier: CESG-P-2021-09-005 Approval to publish CCSDS
>927.1-B-1, Terrestrial Generic File Transfer (Blue Book, Issue 1)
>Results of CESG poll beginning 16 September 2021 and ending 30 September 2021:
>
> Abstain: 0 (0%) Approve Unconditionally: 3 (60%)
>(Barkley, Merri, Duhaze) Approve with Conditions: 2 (40%) (Aguilar,
>Wilmot) Disapprove with Comment: 0 (0%)
>CONDITIONS/COMMENTS:
>
> Ignacio Aguilar Sanchez (Approve with Conditions): RID-41 of
> the Agency Review of this standard introduced 'sensitivity' as
> additional metadata. The supporting analysis indicated that this
> marking was in addition to security considerations. However, the
> provided example referred to a need-to-know consideration, which is a
> typical security consideration for information classification and its
> distribution.
>
>The RID was accepted and the optional 'sensitivity' field was added as
>part of the standard. However, the use and meaning of this
>'sensitivity' field was purposedly not defined in the standard. As
>mentioned, the provided example showed an overlap with security
>considerations. Hence, one can wonder whether this additional field is
>needed and what it will actually be used for.
>
>To close this condition for approval, it is recommended for CSS/CSSM WG
>to discuss this PID with both the SEA Security WG and the RID author
>and come up with a conclusion about its need, its name, its definition
>and its possible use.
>
> Jonathan Wilmot (Approve with Conditions): I would expect
> the CFDP references would be updated to the 202x versions .
>
>H7 reference is listed but never used
>
>
>Total Respondents: 5
>
>No response was received from the following Area(s):
>
> SEA
> SIS
>
>
>
>SECRETARIAT INTERPRETATION OF RESULTS: Approved with Conditions
>PROPOSED SECRETARIAT ACTION: Generate CMC poll after
>conditions have been addressed
>
>* * * * * * * * * * * * * * * * * * * * * * * *
More information about the CESG
mailing list