[Sls-sea-dls] SDLS EP Minor Issues
Moury Gilles
Gilles.Moury at cnes.fr
Fri Jul 5 14:56:32 UTC 2019
Hello David,
Thank you for those remarks/issues on the EP draft. Please find hereafter my proposals/remarks on the points you raised:
- The Rekey SA has two possible PDUs under the same Tag (TC case and TM case): This makes processing ambiguous without looking up the SPI as well as its assigned channels OR implying from the length field. Further, it is not clear why the TM version still needs two Key-IDs as well as both IV and ARSN (doesn't USLP also work with AES-GCM?).
--> Suggestion: Two PDUs with the same structure, e.g., TC: SPI, Auth-Key, ARSN (96 Bit with padding) and TM: SPI, Encr-Key, IV.(OR all four fields for both)
I agree that for TM, AOS and USLP we need only one key and an IV since the associated SDLS baseline mode is AES-GCM which requires only one key for authenticated encryption and an IV (96-bit). We could simplify the format of the "Rekey SA Command PDU for TM, AOS, and USLP" to reflect that. As for merging the 2 PDUs (TC, TM/AOS/USLP) into one single format, I would prefer staying with two so that the TC PDU remains as short as possible.
- The Read ARSN also has two possible PDUs under the same Tag.
--> Suggestion: Making the ARSN field 96 Bits (with padding).
Same remark as for the Rekey SA procedure, I would prefer staying with two so that the TC PDU remains as short as possible.
- The Start SA PDU only shows one Tag: The third Tag field can be either '01' or '10', depending on up- or downlink. (also, there can be no mix between both types of GVCIDs)
--> Suggestion: State that the Tag changes when addressing downlink.
I support your suggestion. We could add a sentence/note in §5.5.1.1. Overview (of SA Management Procedures) and in § D.5 Overview (of SA Management Procedures - baseline mode) stating :
"All PDU format figures in §5.5 (or § D.5) show a Service Group field setting of '01' indicating an SA Management Procedure targeting SAs that handle communication from the Initiator to the Recipient (see §5.3.2.2.2.3). It should be noted that a Service Group field setting of '10' is to be used when the SA Management procedure targets an SA that handle communication from the Recipient to the Initiator.
- The Read ARSN Reply PDU has no SPI: This makes the procedure implicitly stateful, meaning it cannot be interpreted on its own and on multiple requests the order must be considered.
--> Suggestion: Include the SPI as well.
Including the SPI in the response PDU would make it self-standing and unambiguous.
We have scheduled a webex telcon on July 18 16:00 CEST to finalize the EP blue book before sending it to CCSDS Secretariat for further publication. We will have to take a decision wrt those modifications before or at the telcon.
Best regards,
Gilles
Gilles MOURY
CNES Toulouse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20190705/9af71f60/attachment.html>
More information about the SLS-SEA-DLS
mailing list