draft-ietf-dtn-bpsec-default-sc-05.txt   draft-ietf-dtn-bpsec-default-sc-06.txt 
Delay-Tolerant Networking E. Birrane Delay-Tolerant Networking E. Birrane
Internet-Draft A. White Internet-Draft A. White
Intended status: Standards Track S. Heiner Intended status: Standards Track S. Heiner
Expires: October 28, 2021 JHU/APL Expires: November 4, 2021 JHU/APL
April 26, 2021 May 3, 2021
BPSec Default Security Contexts BPSec Default Security Contexts
draft-ietf-dtn-bpsec-default-sc-05 draft-ietf-dtn-bpsec-default-sc-06
Abstract Abstract
This document defines default integrity and confidentiality security This document defines default integrity and confidentiality security
contexts that may be used with the Bundle Protocol Security Protocol contexts that may be used with the Bundle Protocol Security Protocol
(BPSec) implementations. These security contexts are intended to be (BPSec) implementations. These security contexts are intended to be
used for both testing the interoperability of BPSec implementations used for both testing the interoperability of BPSec implementations
and for providing basic security operations when no other security and for providing basic security operations when no other security
contexts are defined or otherwise required for a network. contexts are defined or otherwise required for a network.
skipping to change at page 1, line 36 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 28, 2021. This Internet-Draft will expire on November 4, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 23 skipping to change at page 3, line 23
A.2.1. Original Bundle . . . . . . . . . . . . . . . . . . . 33 A.2.1. Original Bundle . . . . . . . . . . . . . . . . . . . 33
A.2.2. Security Operation Overview . . . . . . . . . . . . . 34 A.2.2. Security Operation Overview . . . . . . . . . . . . . 34
A.2.3. Bundle Confidentiality Block . . . . . . . . . . . . 34 A.2.3. Bundle Confidentiality Block . . . . . . . . . . . . 34
A.2.4. Final Bundle . . . . . . . . . . . . . . . . . . . . 36 A.2.4. Final Bundle . . . . . . . . . . . . . . . . . . . . 36
A.3. Example 3: Security Blocks from Multiple Sources . . . . 36 A.3. Example 3: Security Blocks from Multiple Sources . . . . 36
A.3.1. Original Bundle . . . . . . . . . . . . . . . . . . . 36 A.3.1. Original Bundle . . . . . . . . . . . . . . . . . . . 36
A.3.2. Security Operation Overview . . . . . . . . . . . . . 38 A.3.2. Security Operation Overview . . . . . . . . . . . . . 38
A.3.3. Bundle Integrity Block . . . . . . . . . . . . . . . 39 A.3.3. Bundle Integrity Block . . . . . . . . . . . . . . . 39
A.3.4. Bundle Confidentiality Block . . . . . . . . . . . . 41 A.3.4. Bundle Confidentiality Block . . . . . . . . . . . . 41
A.3.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 42 A.3.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 42
A.4. Example 4: Security Blocks with Full Scope . . . . . . . 42 A.4. Example 4: Security Blocks with Full Scope . . . . . . . 43
A.4.1. Original Bundle . . . . . . . . . . . . . . . . . . . 42 A.4.1. Original Bundle . . . . . . . . . . . . . . . . . . . 43
A.4.2. Security Operation Overview . . . . . . . . . . . . . 43 A.4.2. Security Operation Overview . . . . . . . . . . . . . 44
A.4.3. Bundle Integrity Block . . . . . . . . . . . . . . . 44 A.4.3. Bundle Integrity Block . . . . . . . . . . . . . . . 44
A.4.4. Bundle Confidentiality Block . . . . . . . . . . . . 46 A.4.4. Bundle Confidentiality Block . . . . . . . . . . . . 46
A.4.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 47 A.4.5. Final Bundle . . . . . . . . . . . . . . . . . . . . 48
Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 48 Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 48
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48
1. Introduction 1. Introduction
The Bundle Protocol Security Protocol (BPSec) [I-D.ietf-dtn-bpsec] The Bundle Protocol Security Protocol (BPSec) [I-D.ietf-dtn-bpsec]
specification provides inter-bundle integrity and confidentiality specification provides inter-bundle integrity and confidentiality
operations for networks deploying the Bundle Protocol (BP) operations for networks deploying the Bundle Protocol (BP)
[I-D.ietf-dtn-bpbis]. BPSec defines BP extension blocks to carry [I-D.ietf-dtn-bpbis]. BPSec defines BP extension blocks to carry
security information produced under the auspices of some security security information produced under the auspices of some security
skipping to change at page 27, line 45 skipping to change at page 27, line 45
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)",
RFC 8152, DOI 10.17487/RFC8152, July 2017, RFC 8152, DOI 10.17487/RFC8152, July 2017,
<https://www.rfc-editor.org/info/rfc8152>. <https://www.rfc-editor.org/info/rfc8152>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data
Definition Language (CDDL): A Notational Convention to
Express Concise Binary Object Representation (CBOR) and
JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610,
June 2019, <https://www.rfc-editor.org/info/rfc8610>.
[RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", STD 94, RFC 8949, Representation (CBOR)", STD 94, RFC 8949,
DOI 10.17487/RFC8949, December 2020, DOI 10.17487/RFC8949, December 2020,
<https://www.rfc-editor.org/info/rfc8949>. <https://www.rfc-editor.org/info/rfc8949>.
[SHS] US NIST, "Secure Hash Standard (SHS).", FIPS- [SHS] US NIST, "Secure Hash Standard (SHS).", FIPS-
180-4, Gaithersburg, MD, USA, August 2015. 180-4, Gaithersburg, MD, USA, August 2015.
https://csrc.nist.gov/publications/detail/fips/180/4/final https://csrc.nist.gov/publications/detail/fips/180/4/final
skipping to change at page 28, line 31 skipping to change at page 28, line 23
document) and adding those blocks to a sample bundle. document) and adding those blocks to a sample bundle.
The examples presented in this appendix represent valid constructions The examples presented in this appendix represent valid constructions
of bundles, security blocks, and the encoding of security context of bundles, security blocks, and the encoding of security context
parameters and results. For this reason, they may inform unit test parameters and results. For this reason, they may inform unit test
suites for individual implementations as well as interoperability suites for individual implementations as well as interoperability
test suites amongst implementations. However, these examples do not test suites amongst implementations. However, these examples do not
cover every permutation of security parameters, security results, or cover every permutation of security parameters, security results, or
use of security blocks in a bundle. use of security blocks in a bundle.
NOTE: Figures in this section identified as "(CDDL)" are represented NOTE: Figures in this section identified as "(CBOR Diagnostic
using the Concise Data Definition Language (CDDL) [RFC8610]. The Notation)" are represented using the CBOR diagnostic notation defined
CDDL is used to express CBOR data structures and its representation in [RFC8949]. This notation is used to express CBOR data structures
is used here as bundles, security blocks, and contents within in a manner that enables visual inspection. The bundles, security
security blocks are all represented using CBOR structures. blocks, and security context contents in these figures are
represented using CBOR structures.
NOTE: Examples in this section use the "ipn" URI scheme for NOTE: Examples in this section use the "ipn" URI scheme for
EndpointID naming, as defined in [I-D.ietf-dtn-bpbis]. EndpointID naming, as defined in [I-D.ietf-dtn-bpbis].
NOTE: The bundle source is presumed to be the security source for all NOTE: The bundle source is presumed to be the security source for all
security blocks in this section, unless otherwise noted. security blocks in this section, unless otherwise noted.
A.1. Example 1: Simple Integrity A.1. Example 1: Simple Integrity
This example shows the addition of a BIB to a sample bundle to This example shows the addition of a BIB to a sample bundle to
skipping to change at page 29, line 40 skipping to change at page 29, line 40
7, / BP version / 7, / BP version /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
[2, [1,2]], / destination (ipn:1.2) / [2, [1,2]], / destination (ipn:1.2) /
[2, [2,1]], / source (ipn:2.1) / [2, [2,1]], / source (ipn:2.1) /
[2, [2,1]], / report-to (ipn:2.1) / [2, [2,1]], / report-to (ipn:2.1) /
[0, 40], / timestamp / [0, 40], / timestamp /
1000000 / lifetime / 1000000 / lifetime /
] ]
Figure 2: Primary Block (CDDL) Figure 2: Primary Block (CBOR Diagnostic Notation)
The CBOR encoding of the primary block is The CBOR encoding of the primary block is
0x88070000820282010282028202018202820201820018281a000f4240. 0x88070000820282010282028202018202820201820018281a000f4240.
A.1.1.2. Payload Block A.1.1.2. Payload Block
Other than its use as a source of plaintext for security blocks, the Other than its use as a source of plaintext for security blocks, the
payload has no required distinguishing characteristic for the purpose payload has no required distinguishing characteristic for the purpose
of this example. The sample payload is a 32 byte string whose value of this example. The sample payload is a 32 byte string whose value
is "Ready Generate a 32 byte payload". is "Ready Generate a 32 byte payload".
skipping to change at page 30, line 23 skipping to change at page 30, line 23
[ [
1, / type code: Payload block / 1, / type code: Payload block /
1, / block number / 1, / block number /
0, / block processing flags / 0, / block processing flags /
0, / CRC Type / 0, / CRC Type /
h'52656164792047656e65726174652061 / type-specific-data: payload / h'52656164792047656e65726174652061 / type-specific-data: payload /
2033322062797465207061796c6f6164' 2033322062797465207061796c6f6164'
] ]
Payload Block (CDDL) Payload Block (CBOR Diagnostic Notation)
The CBOR encoding of the payload block is 0x8501010000582052656164792 The CBOR encoding of the payload block is 0x8501010000582052656164792
047656e657261746520612033322062797465207061796c6f6164. 047656e657261746520612033322062797465207061796c6f6164.
A.1.1.3. Bundle CBOR Representation A.1.1.3. Bundle CBOR Representation
A BPv7 bundle is represented as an indefinite-length array consisting A BPv7 bundle is represented as an indefinite-length array consisting
of the blocks comprising the bundle, with a terminator character at of the blocks comprising the bundle, with a terminator character at
the end. the end.
skipping to change at page 32, line 19 skipping to change at page 32, line 19
[ / Security Parameters - 2 Parameters / [ / Security Parameters - 2 Parameters /
[1, 7], / SHA Variant - HMAC 512/512 / [1, 7], / SHA Variant - HMAC 512/512 /
[3, 0] / Scope Flags - No Additional Scope / [3, 0] / Scope Flags - No Additional Scope /
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'd8e7c3be29effa8779e7dcb0d3cadf5339df50ebd27b9054f197c8ea9864 [1, h'd8e7c3be29effa8779e7dcb0d3cadf5339df50ebd27b9054f197c8ea9864
b0a335a0636213e5d4a9c95504f261d91a2f22757112c95e3587a76b4228 b0a335a0636213e5d4a9c95504f261d91a2f22757112c95e3587a76b4228
361803e8'] 361803e8']
] ]
Figure 5: Example 1: BIB Abstract Security Block (CDDL) Figure 5: Example 1: BIB Abstract Security Block (CBOR Diagnostic
Notation)
The CBOR encoding of the BIB block-type-specific-data field (the The CBOR encoding of the BIB block-type-specific-data field (the
abstract security block) is 0x810101018202820201828201078203008182015 abstract security block) is 0x810101018202820201828201078203008182015
840d8e7c3be29effa8779e7dcb0d3cadf5339df50ebd27b9054f197c8ea9864b0a335 840d8e7c3be29effa8779e7dcb0d3cadf5339df50ebd27b9054f197c8ea9864b0a335
a0636213e5d4a9c95504f261d91a2f22757112c95e3587a76b4228361803e8. a0636213e5d4a9c95504f261d91a2f22757112c95e3587a76b4228361803e8.
A.1.3.3. Representations A.1.3.3. Representations
The BIB wrapping this abstract security block is as follows. The BIB wrapping this abstract security block is as follows.
[ [
11, / type code / 11, / type code /
2, / block number / 2, / block number /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
h'810101018202820201828201078203008182015840d8e7c3be29effa8779e7dcb h'810101018202820201828201078203008182015840d8e7c3be29effa8779e7dcb
0d3cadf5339df50ebd27b9054f197c8ea9864b0a335a0636213e5d4a9c95504f2 0d3cadf5339df50ebd27b9054f197c8ea9864b0a335a0636213e5d4a9c95504f2
61d91a2f22757112c95e3587a76b4228361803e8', 61d91a2f22757112c95e3587a76b4228361803e8',
] ]
Figure 6: Example 1: BIB (CDDL) Figure 6: Example 1: BIB (CBOR Diagnostic Notation)
The CBOR encoding of the BIB block is 0x850b0200005855810101018202820 The CBOR encoding of the BIB block is 0x850b0200005855810101018202820
201828201078203008182015840d8e7c3be29effa8779e7dcb0d3cadf5339df50ebd2 201828201078203008182015840d8e7c3be29effa8779e7dcb0d3cadf5339df50ebd2
7b9054f197c8ea9864b0a335a0636213e5d4a9c95504f261d91a2f22757112c95e358 7b9054f197c8ea9864b0a335a0636213e5d4a9c95504f261d91a2f22757112c95e358
7a76b4228361803e8. 7a76b4228361803e8.
A.1.4. Final Bundle A.1.4. Final Bundle
The CBOR encoding of the full output bundle, with the BIB: 0x9F880700 The CBOR encoding of the full output bundle, with the BIB: 0x9F880700
00820282010282028202018202820201820018281a000f4240850b020000585581010 00820282010282028202018202820201820018281a000f4240850b020000585581010
1018202820201828201078203008182015840d8e7c3be29effa8779e7dcb0d3cadf53 1018202820201828201078203008182015840d8e7c3be29effa8779e7dcb0d3cadf53
39df50ebd27b9054f197c8ea9864b0a335a0636213e5d4a9c95504f261d91a2f22757 39df50ebd27b9054f197c8ea9864b0a335a0636213e5d4a9c95504f261d91a2f22757
112c95e3587a76b4228361803e8. 112c95e3587a76b4228361803e8ff.
A.2. Example 2: Simple Confidentiality with Key Wrap A.2. Example 2: Simple Confidentiality with Key Wrap
This example shows the addition of a BCB to a sample bundle to This example shows the addition of a BCB to a sample bundle to
provide confidentiality for the payload block. AES key wrap is used provide confidentiality for the payload block. AES key wrap is used
to transmit the symmetric key used to generate the security results to transmit the symmetric key used to generate the security results
for this service. for this service.
A.2.1. Original Bundle A.2.1. Original Bundle
skipping to change at page 35, line 41 skipping to change at page 35, line 41
[1, h'5477656c7665313231323132'], / Initialization Vector / [1, h'5477656c7665313231323132'], / Initialization Vector /
[2, 1], / AES Variant - A128GCM / [2, 1], / AES Variant - A128GCM /
[3, h'69c411276fecddc4780df42c8a / AES wrapped key / [3, h'69c411276fecddc4780df42c8a / AES wrapped key /
2af89296fabf34d7fae700'], 2af89296fabf34d7fae700'],
[4, 0] / Scope Flags - No extra scope/ [4, 0] / Scope Flags - No extra scope/
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'689b98e649ae3b554e98aa2ae8f801eb'] / Payload Auth. Tag / [1, h'689b98e649ae3b554e98aa2ae8f801eb'] / Payload Auth. Tag /
] ]
Figure 10: Example 2: BCB Abstract Security Block (CDDL) Figure 10: Example 2: BCB Abstract Security Block (CBOR Diagnostic
Notation)
The CBOR encoding of the BCB block-type-specific-data field (the The CBOR encoding of the BCB block-type-specific-data field (the
abstract security block) is 0x8101020182028202018482014c5477656c76653 abstract security block) is 0x8101020182028202018482014c5477656c76653
132313231328202018203581869c411276fecddc4780df42c8a2af89296fabf34d7fa 132313231328202018203581869c411276fecddc4780df42c8a2af89296fabf34d7fa
e70082040081820150689b98e649ae3b554e98aa2ae8f801eb. e70082040081820150689b98e649ae3b554e98aa2ae8f801eb.
A.2.3.3. Representations A.2.3.3. Representations
The BCB wrapping this abstract security block is as follows. The BCB wrapping this abstract security block is as follows.
[ [
12, / type code / 12, / type code /
2, / block number / 2, / block number /
1, / flags - block must be replicated in every fragment / 1, / flags - block must be replicated in every fragment /
0, / CRC type / 0, / CRC type /
h'8101020182028202018482014c5477656c766531323132313282020182035818 h'8101020182028202018482014c5477656c766531323132313282020182035818
69c411276fecddc4780df42c8a2af89296fabf34d7fae7008204008182015068 69c411276fecddc4780df42c8a2af89296fabf34d7fae7008204008182015068
9b98e649ae3b554e98aa2ae8f801eb' 9b98e649ae3b554e98aa2ae8f801eb'
] ]
Figure 11: Example 2: BCB (CDDL) Figure 11: Example 2: BCB (CBOR Diagnostic Notation)
The CBOR encoding of the BCB block is 0x850c020100584f810102018202820 The CBOR encoding of the BCB block is 0x850c020100584f810102018202820
2018482014c5477656c76653132313231328202018203581869c411276fecddc4780d 2018482014c5477656c76653132313231328202018203581869c411276fecddc4780d
f42c8a2af89296fabf34d7fae70082040081820150689b98e649ae3b554e98aa2ae8f f42c8a2af89296fabf34d7fae70082040081820150689b98e649ae3b554e98aa2ae8f
801eb. 801eb.
A.2.4. Final Bundle A.2.4. Final Bundle
The CBOR encoding of the full output bundle, with the BCB: 0x9f880700 The CBOR encoding of the full output bundle, with the BCB: 0x9f880700
00820282010282028202018202820201820018281a000f4240850c020100584f81010 00820282010282028202018202820201820018281a000f4240850c020100584f81010
skipping to change at page 37, line 47 skipping to change at page 37, line 47
The bundle age extension block is provided as follows. The bundle age extension block is provided as follows.
[ [
7, / type code: Bundle Age block / 7, / type code: Bundle Age block /
2, / block number / 2, / block number /
0, / block processing flags / 0, / block processing flags /
0, / CRC Type / 0, / CRC Type /
<<300>> / type-specific-data: age / <<300>> / type-specific-data: age /
] ]
Figure 13: Bundle Age Block (CDDL) Figure 13: Bundle Age Block (CBOR Diagnostic Notation)
The CBOR encoding of the bundle age block is 0x85070200004319012c. The CBOR encoding of the bundle age block is 0x85070200004319012c.
A.3.1.3. Payload Block A.3.1.3. Payload Block
The payload block used in this example is identical to the payload The payload block used in this example is identical to the payload
block presented in Example 1 Appendix A.1.1.2. block presented in Example 1 Appendix A.1.1.2.
In summary, the CBOR encoding of the payload block is 0x8501010000582 In summary, the CBOR encoding of the payload block is 0x8501010000582
052656164792047656e657261746520612033322062797465207061796c6f6164. 052656164792047656e657261746520612033322062797465207061796c6f6164.
skipping to change at page 40, line 20 skipping to change at page 40, line 20
[1, 5], / SHA Variant - HMAC 256/256 / [1, 5], / SHA Variant - HMAC 256/256 /
[3, 0] / Scope Flags - No Additional Scope / [3, 0] / Scope Flags - No Additional Scope /
], ],
[ / Security Results: 2 Results / [ / Security Results: 2 Results /
[1, h'2f74b42d88234f0a8a98a6c72775ec6511aff3 / Primary Block / [1, h'2f74b42d88234f0a8a98a6c72775ec6511aff3 / Primary Block /
cb5bfc06aa648f5fc40f31ec0d'], cb5bfc06aa648f5fc40f31ec0d'],
[1, h'e61385353ce2b4cce5319bc33326cdc26f4061 / Bundle Age Block / [1, h'e61385353ce2b4cce5319bc33326cdc26f4061 / Bundle Age Block /
e76cb21b434c89199a36b00de3'] e76cb21b434c89199a36b00de3']
] ]
Figure 16: Example 3: BIB Abstract Security Block (CDDL) Figure 16: Example 3: BIB Abstract Security Block (CBOR Diagnostic
Notation)
The CBOR encoding of the BIB block-type-specific-data field (the The CBOR encoding of the BIB block-type-specific-data field (the
abstract security block) is 0x820002010182028203008282010582030082820 abstract security block) is 0x820002010182028203008282010582030082820
158202f74b42d88234f0a8a98a6c72775ec6511aff3cb5bfc06aa648f5fc40f31ec0d 158202f74b42d88234f0a8a98a6c72775ec6511aff3cb5bfc06aa648f5fc40f31ec0d
82015820e61385353ce2b4cce5319bc33326cdc26f4061e76cb21b434c89199a36b00 82015820e61385353ce2b4cce5319bc33326cdc26f4061e76cb21b434c89199a36b00
de3. de3.
A.3.3.3. Representations A.3.3.3. Representations
The BIB wrapping this abstract security block is as follows. The BIB wrapping this abstract security block is as follows.
skipping to change at page 40, line 42 skipping to change at page 40, line 43
[ [
11, / type code / 11, / type code /
3, / block number / 3, / block number /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
h'820002010182028203008282010582030082820158202f74b42d88234f0a8a98 h'820002010182028203008282010582030082820158202f74b42d88234f0a8a98
a6c72775ec6511aff3cb5bfc06aa648f5fc40f31ec0d82015820e61385353ce2 a6c72775ec6511aff3cb5bfc06aa648f5fc40f31ec0d82015820e61385353ce2
b4cce5319bc33326cdc26f4061e76cb21b434c89199a36b00de3', b4cce5319bc33326cdc26f4061e76cb21b434c89199a36b00de3',
] ]
Figure 17: Example 3: BIB (CDDL) Figure 17: Example 3: BIB (CBOR Diagnostic Notation)
The CBOR encoding of the BIB block is 0x850b030000585a820002010182028 The CBOR encoding of the BIB block is 0x850b030000585a820002010182028
203008282010582030082820158202f74b42d88234f0a8a98a6c72775ec6511aff3cb 203008282010582030082820158202f74b42d88234f0a8a98a6c72775ec6511aff3cb
5bfc06aa648f5fc40f31ec0d82015820e61385353ce2b4cce5319bc33326cdc26f406 5bfc06aa648f5fc40f31ec0d82015820e61385353ce2b4cce5319bc33326cdc26f406
1e76cb21b434c89199a36b00de3. 1e76cb21b434c89199a36b00de3.
A.3.4. Bundle Confidentiality Block A.3.4. Bundle Confidentiality Block
In this example, a BCB is used encrypt the payload block. The BCB is In this example, a BCB is used encrypt the payload block. The BCB is
added by the bundle source node, ipn:2.1. added by the bundle source node, ipn:2.1.
skipping to change at page 41, line 52 skipping to change at page 42, line 18
[2,[2, 1]], / Security Source - ipn:2.1 / [2,[2, 1]], / Security Source - ipn:2.1 /
[ / Security Parameters - 3 Parameters / [ / Security Parameters - 3 Parameters /
[1, b'Twelve121212'] / Initialization Vector /, [1, b'Twelve121212'] / Initialization Vector /,
[2, 1] / AES Variant - AES 128 /, [2, 1] / AES Variant - AES 128 /,
[4, 0] / Scope Flags - No Additional Scope / [4, 0] / Scope Flags - No Additional Scope /
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'689b98e649ae3b554e98aa2ae8f801eb'] / Payload Auth. Tag / [1, h'689b98e649ae3b554e98aa2ae8f801eb'] / Payload Auth. Tag /
] ]
Figure 19: Example 3: BCB Abstract Security Block (CDDL) Figure 19: Example 3: BCB Abstract Security Block (CBOR Diagnostic
Notation)
The CBOR encoding of the BCB block-type-specific-data field (the The CBOR encoding of the BCB block-type-specific-data field (the
abstract security block) is 0x8101020182028202018382014c5477656C76653 abstract security block) is 0x8101020182028202018382014c5477656C76653
1323132313282020182040081820150689b98e649ae3b554e98aa2ae8f801eb. 1323132313282020182040081820150689b98e649ae3b554e98aa2ae8f801eb.
A.3.4.3. Representations A.3.4.3. Representations
The BCB wrapping this abstract security block is as follows. The BCB wrapping this abstract security block is as follows.
[ [
12, / type code / 12, / type code /
4, / block number / 4, / block number /
1, / flags - block must be replicated in every fragment / 1, / flags - block must be replicated in every fragment /
0, / CRC type / 0, / CRC type /
h'8101020182028202018382014c5477656C766531323132313282020182040081 h'8101020182028202018382014c5477656C766531323132313282020182040081
820150689b98e649ae3b554e98aa2ae8f801eb', 820150689b98e649ae3b554e98aa2ae8f801eb',
] ]
Figure 20: Example 3: BCB (CDDL) Figure 20: Example 3: BCB (CBOR Diagnostic Notation)
The CBOR encoding of the BCB block is 0x850c0401005833810102018202820 The CBOR encoding of the BCB block is 0x850c0401005833810102018202820
2018382014c5477656C766531323132313282020182040081820150689b98e649ae3b 2018382014c5477656C766531323132313282020182040081820150689b98e649ae3b
554e98aa2ae8f801eb. 554e98aa2ae8f801eb.
A.3.5. Final Bundle A.3.5. Final Bundle
The CBOR encoding of the full output bundle, with the BIB and BCB The CBOR encoding of the full output bundle, with the BIB and BCB
added is: 9F88070000820282010282028202018202820201820018281a000f42408 added is: 9F88070000820282010282028202018202820201820018281a000f42408
50b030000585a820002010182028203008282010582030082820158202f74b42d8823 50b030000585a820002010182028203008282010582030082820158202f74b42d8823
skipping to change at page 45, line 23 skipping to change at page 45, line 39
[2,[2, 1]], / Security Source: ipn:2.1 / [2,[2, 1]], / Security Source: ipn:2.1 /
[ / Security Parameters: 2 Parameters / [ / Security Parameters: 2 Parameters /
[1, 6], / SHA Variant - HMAC 384/384 / [1, 6], / SHA Variant - HMAC 384/384 /
[3, 7] / Scope Flags - All additional headers in the SHA Hash / [3, 7] / Scope Flags - All additional headers in the SHA Hash /
], ],
[ / Security Results: 1 Result / [ / Security Results: 1 Result /
[1, h'6f56e0f58ec584df34603c75cc05593900b1a938f23883f119772e123044 [1, h'6f56e0f58ec584df34603c75cc05593900b1a938f23883f119772e123044
1d869bce6ac9559f721260314424ab14b981'] 1d869bce6ac9559f721260314424ab14b981']
] ]
Figure 24: Example 4: BIB Abstract Security Block (CDDL) Figure 24: Example 4: BIB Abstract Security Block (CBOR Diagnostic
Notation)
The CBOR encoding of the BIB block-type-specific-data field (the The CBOR encoding of the BIB block-type-specific-data field (the
abstract security block) is 0x810101018202820201828201068203078182015 abstract security block) is 0x810101018202820201828201068203078182015
8306f56e0f58ec584df34603c75cc05593900b1a938f23883f119772e1230441d869b 8306f56e0f58ec584df34603c75cc05593900b1a938f23883f119772e1230441d869b
ce6ac9559f721260314424ab14b981. ce6ac9559f721260314424ab14b981.
A.4.3.3. Representations A.4.3.3. Representations
The BIB wrapping this abstract security block is as follows. The BIB wrapping this abstract security block is as follows.
[ [
11, / type code / 11, / type code /
3, / block number / 3, / block number /
0, / flags / 0, / flags /
0, / CRC type / 0, / CRC type /
h'8101010182028202018282010682030781820158306f56e0f58ec584df34603c h'8101010182028202018282010682030781820158306f56e0f58ec584df34603c
75cc05593900b1a938f23883f119772e1230441d869bce6ac9559f7212603144 75cc05593900b1a938f23883f119772e1230441d869bce6ac9559f7212603144
24ab14b981', 24ab14b981',
] ]
Figure 25: Example 4: BIB (CDDL) Figure 25: Example 4: BIB (CBOR Diagnostic Notation)
The CBOR encoding of the BIB block is 0x850b0300005845810101018202820 The CBOR encoding of the BIB block is 0x850b0300005845810101018202820
2018282010682030781820158306f56e0f58ec584df34603c75cc05593900b1a938f2 2018282010682030781820158306f56e0f58ec584df34603c75cc05593900b1a938f2
3883f119772e1230441d869bce6ac9559f721260314424ab14b981. 3883f119772e1230441d869bce6ac9559f721260314424ab14b981.
A.4.4. Bundle Confidentiality Block A.4.4. Bundle Confidentiality Block
In this example, a BCB is used encrypt the payload block and the BIB In this example, a BCB is used encrypt the payload block and the BIB
that provides integrity over the payload. that provides integrity over the payload.
skipping to change at page 47, line 19 skipping to change at page 47, line 48
[ / Security Parameters - 3 Parameters / [ / Security Parameters - 3 Parameters /
[1, h'5477656c7665313231323132'] / Initialization Vector /, [1, h'5477656c7665313231323132'] / Initialization Vector /,
[2, 3] / AES Variant - AES 256 /, [2, 3] / AES Variant - AES 256 /,
[4, 7] / Scope Flags - All headers in SHA hash / [4, 7] / Scope Flags - All headers in SHA hash /
], ],
[ / Security Results: 2 Results / [ / Security Results: 2 Results /
[1, h'865bc14b3910d6c53e95fdc65aa601fd'], / Payload Auth. Tag / [1, h'865bc14b3910d6c53e95fdc65aa601fd'], / Payload Auth. Tag /
[1, h'92bc2665e9f04350c5974f023929dd62'] / BIB Auth. Tag / [1, h'92bc2665e9f04350c5974f023929dd62'] / BIB Auth. Tag /
] ]
Figure 27: Example 4: BCB Abstract Security Block (CDDL) Figure 27: Example 4: BCB Abstract Security Block (CBOR Diagnostic
Notation)
The CBOR encoding of the BCB block-type-specific-data field (the The CBOR encoding of the BCB block-type-specific-data field (the
abstract security block) is 0x820301020182028202018382014c5477656C766 abstract security block) is 0x820301020182028202018382014c5477656C766
531323132313282020382040782820150d0b506cc2e5ede57b36e6c52791457008201 531323132313282020382040782820150d0b506cc2e5ede57b36e6c52791457008201
50865bc14b3910d6c53e95fdc65aa601fd. 50865bc14b3910d6c53e95fdc65aa601fd.
A.4.4.3. Representations A.4.4.3. Representations
The BCB wrapping this abstract security block is as follows. The BCB wrapping this abstract security block is as follows.
[ [
12, / type code / 12, / type code /
2, / block number / 2, / block number /
1, / flags - block must be replicated in every fragment / 1, / flags - block must be replicated in every fragment /
0, / CRC type / 0, / CRC type /
h'820301020182028202018382014c5477656C7665313231323132820203820407 h'820301020182028202018382014c5477656C7665313231323132820203820407
82820150d0b506cc2e5ede57b36e6c5279145700820150865bc14b3910d6c53e 82820150d0b506cc2e5ede57b36e6c5279145700820150865bc14b3910d6c53e
95fdc65aa601fd', 95fdc65aa601fd',
] ]
Figure 28: Example 4: BCB (CDDL) Figure 28: Example 4: BCB (CBOR Diagnostic Notation)
The CBOR encoding of the BCB block is 0x850c0201005847820301020182028 The CBOR encoding of the BCB block is 0x850c0201005847820301020182028
202018382014c5477656C766531323132313282020382040782820150d0b506cc2e5e 202018382014c5477656C766531323132313282020382040782820150d0b506cc2e5e
de57b36e6c5279145700820150865bc14b3910d6c53e95fdc65aa601fd. de57b36e6c5279145700820150865bc14b3910d6c53e95fdc65aa601fd.
A.4.5. Final Bundle A.4.5. Final Bundle
The CBOR encoding of the full output bundle, with the security blocks The CBOR encoding of the full output bundle, with the security blocks
added and payload block and BIB encrypted is: 9F880700008202820102820 added and payload block and BIB encrypted is: 9F880700008202820102820
28202018202820201820018281a000f4240850b0300005845438ed6208eb1c1ffb94d 28202018202820201820018281a000f4240850b0300005845438ed6208eb1c1ffb94d
 End of changes. 23 change blocks. 
35 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/