[Sis-ipo] RE: Draft Security Section for IP over Everything CCSDS

Weiss, Howard Howard.Weiss at sparta.com
Mon Mar 17 08:58:43 EST 2008


Placement: I always envisioned that the security section was a
stand-alone akin to the way it is in IETF internet drafts and RFCs.  In
the IETF docs, security is always the last section.  But I sent a note
to Tom Gannett asking for his opinion and also cc'd him on this message.

As for the content of the section:  Since you are addressing IP over
CCSDS, I would think that what you should say is that IP is not
concerned with security services and they are handled by a security
layer above IP and below transport (e.g., IPsec, RFC 4301, 4302, 4303).
It can also be handled at the application layer by the use of SSL/TLS
(RFC 4346).

Personally, I don't see why you would reference SLE given that it has no
bearing on IP over CCSDS.  CCSDS link layer security really doesn't
exist other than in the security green book examples (no standard exists


> -----Original Message-----
> From: Greg Kazz [mailto:greg.j.kazz at jpl.nasa.gov]
> Sent: Friday, March 14, 2008 9:04 AM
> To: Weiss, Howard
> Cc: sis-ipo at mailman.ccsds.org; Peter.M.Shames at jpl.nasa.gov;
> Adrian.J.Hooke at jpl.nasa.gov; Loren.P.Clare at jpl.nasa.gov;
> durst at mitre.org; alan at jetsi.com
> Subject: Draft Security Section for IP over Everything CCSDS
> Howie and others,
> Please comment on this draft security section that the IP over CCSDS
> drafted on Tue. based upon the security template.
> In particular, can you give me references to the specifications I'd
> like to site in the text.
> Another thing to consider is where in the Magenta book should I place
> this security text considering we should put our security sections
> consistently in the same place in all of our CCSDS specifications. I
> put this one in Section 2 because it seems to go best in an overview
> section.
> Once this is done, it's bombs away with the document onto the CCSDS
> and onward to final WG review, then to the Secretariat for preeminent
> posting to the website for agency review.
> thanks,
> Greg

More information about the Sis-ipo mailing list