[Smwg] FW: TGFT certificats mangement prototype and recommandations
Barkley, Erik J (3970)
erik.j.barkley at jpl.nasa.gov
Fri Feb 23 22:53:25 UTC 2018
I hope this email finds you doing well.
You may be aware that one of the projects in the Cross Support Services area is Terrestrial Generic File Transfer (TGFT) which is essentially scoped to utilize the CCSDS XFDU standard for packaging one or more files and then a very simple protocol such as HTTP put to send the file or files from one agency to another. As you can see from the email forwarded below, the question of certificate management has come up. My take is that we really should not deal with this in the TGFT recommendation itself but rather rely on security measures and practices recommended by CCSDS (which in this case would of course be emanating from the security working group).
So along these lines I'm curious if the security working group has addressed this kind of thing already (which books should be look at) or is planning to do so in the foreseeable future. Any other thoughts etc. you have to offer will be much appreciated.
From: Ciocirlan Claudia [mailto:Claudia.Ciocirlan at cnes.fr]
Sent: Friday, February 23, 2018 5:36 AM
To: Colin Haddow/esoc/ESA <Colin.Haddow at esa.int>; lihu at nssc.ac.cn; liuyurong at nssc.ac.cn; weizhang at nssc.ac.cn; CCSDS SMWG ML (smwg at mailman.ccsds.org) <smwg at mailman.ccsds.org>
Cc: Barkley, Erik J (3970) <erik.j.barkley at jpl.nasa.gov>; karen.l.tuttle at nasa.gov
Subject: TGFT certificats mangement prototype and recommandations
We have decided upon a connectivity test for the end of March between the CNES and the CAS.
In order to prepare the testing we need to agree on the protocol (which will be https) and on the certificates.
For the end of march we propose that each entity generates auto signed certificates and send them to the other party in order to establish the connection and each entity will then be able to make a "https put" of a file or archive. Is that ok for everyone?
That also raises the question of how the certificates will be managed by TGFT. Do we intend to make recommendations in the TGFT or we leave that an open subject? (how the certificates are going to be managed, generates, by user, by group...).
For the yellow book regarding the test reports we have identified a section where we will mark down all the inputs used beyond the requirements and the recommendations of the TGFT.
I excuse myself if this question was already discussed and I am not aware of.
More information about the SMWG