[Sis-dtn] BPSec Red Book Annex A - ICS RL RIDs

Fri Mar 21 17:25:52 UTC 2025

Thanks, Lars and Lukas!  

Adding the Book Editor (Jonathan Jackson) and the WG (plus Security WG chair) to distro (and including your attachment).  

I was out of office yesterday and didn’t get to join the DTN WG call.  I have a conflict this coming Thursday, as well, but hope to be able to work something out.  

I gave these a quick look and see nothing that I disagree with (not that that particularly matters…).  The clarifications you offer are most helpful.  Clearly 14 and 15 are the meaty ones – I’m inclined to support your initial alternative on 14 (remove fragmentation-related tests) for now.  I have raised the issue with the IETF WG chairs, and they VERY MUCH do not want us to divert from RFC behavior (and I agree with them).  It seems like the best approaches are to 1) define a security context that establishes the behaviors we want – I believe that this is permitted without violating 9172, and/or 2) assist IETF with drafting an acceptable fix to 9172 (and possibly 9171), which will, of course, require us to issue pink sheets once it comes out.

Best,
Bob

From: Lars Baumgaertner <Lars.Baumgaertner at esa.int> 
Sent: Friday, March 21, 2025 10:15 AM
To: Robert C Durst <durst at mitre.org>
Cc: Lukas Holst <Lukas.Holst at ext.esa.int>
Subject: [EXT] BPSec Red Book Annex A - ICS RL RIDs

Hi Bob, While testing our ESA BP impl against annex A of the BPSec red book – Lukas implemented each and every one as a unit test - we found a few issues with the requirements list ☹ I know it’s a bit late but some of the stuff should be discussed

Hi Bob,

While testing our ESA BP impl against annex A of the BPSec red book – Lukas implemented each and every one as a unit test - we found a few issues with the requirements list ☹

I know it’s a bit late but some of the stuff should be discussed (and fixed) before publishing the book.

There are some editorial issues but also technical problems, bpsec and fragmentation the never-ending story, and duplicate tests.

I attached the findings as a txt file with all the RIDs.

We initially wanted to bring this up at the dtn wg meeting a few weeks ago when we discussed the other bpsec issues but the session was just too short..

We also have a nice spreadsheet for the ICS RL which I could share if others want to test their implementation but since the tests and their number will (have to) change, I will delay that. We are all delay-tolerant, aren’t we? 😉

Have a nice weekend,

Lars

-- 

Lars Baumgaertner

Internal Research Fellow (OPS-GAE)

European Space Agency ESA/ESOC

Robert-Bosch-Str. 5, D-64293 Darmstadt

This message is intended only for the recipient(s) named above. It may contain proprietary information and/or protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int <mailto:dpo at esa.int> ). 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20250321/2c474309/attachment-0001.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: BPSec_RB-AnnexA-ESA-LB-RIDs.txt
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20250321/2c474309/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7596 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20250321/2c474309/attachment-0001.bin>