--- 1/draft-ietf-dtn-tcpclv4-16.txt 2020-01-19 09:13:22.711288696 -0800 +++ 2/draft-ietf-dtn-tcpclv4-17.txt 2020-01-19 09:13:22.895293378 -0800 @@ -1,134 +1,138 @@ Delay Tolerant Networking B. Sipos Internet-Draft RKF Engineering Obsoletes: 7242 (if approved) M. Demmer Intended status: Standards Track UC Berkeley -Expires: May 25, 2020 J. Ott +Expires: July 22, 2020 J. Ott Aalto University S. Perreault - November 22, 2019 + January 19, 2020 Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4 - draft-ietf-dtn-tcpclv4-16 + draft-ietf-dtn-tcpclv4-17 Abstract - This document describes a revised protocol for the TCP-based - convergence layer (TCPCL) for Delay-Tolerant Networking (DTN). The - protocol revision is based on implementation issues in the original - TCPCL Version 3 of RFC7242 and updates to the Bundle Protocol - contents, encodings, and convergence layer requirements in Bundle - Protocol Version 7. Specifically, the TCPCLv4 uses CBOR-encoded BPv7 - bundles as its service data unit being transported and provides a - reliable transport of such bundles. Several new IANA registries are - defined for TCPCLv4 which define some behaviors inherited from - TCPCLv3 but with updated encodings and/or semantics. + This document describes a TCP-based convergence layer (TCPCL) for + Delay-Tolerant Networking (DTN). This version of the TCPCL protocol + is based on implementation issues in the earlier TCPCL Version 3 of + RFC7242 and updates to the Bundle Protocol (BP) contents, encodings, + and convergence layer requirements in BP Version 7. Specifically, + the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit + being transported and provides a reliable transport of such bundles. + + This document is an update of the protocol described in RFC7242, + reflecting lessons learned. For this reason it obsoletes RFC7242, an + IRTF-stream document. + + Note to the RFC editor: The Internet Research Task Force is requested + to mark RFC7242 as obsolete. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on May 25, 2020. + This Internet-Draft will expire on July 22, 2020. Copyright Notice - Copyright (c) 2019 IETF Trust and the persons identified as the + Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 2.1. Definitions Specific to the TCPCL Protocol . . . . . . . 5 - 3. General Protocol Description . . . . . . . . . . . . . . . . 8 - 3.1. Convergence Layer Services . . . . . . . . . . . . . . . 8 - 3.2. TCPCL Session Overview . . . . . . . . . . . . . . . . . 10 - 3.3. TCPCL States and Transitions . . . . . . . . . . . . . . 12 - 3.4. Transfer Segmentation Policies . . . . . . . . . . . . . 18 - 3.5. Example Message Exchange . . . . . . . . . . . . . . . . 19 - 4. Session Establishment . . . . . . . . . . . . . . . . . . . . 20 - 4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 21 - 4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 22 - 4.3. Contact Validation and Negotiation . . . . . . . . . . . 23 - 4.4. Session Security . . . . . . . . . . . . . . . . . . . . 24 - 4.4.1. TLS Handshake . . . . . . . . . . . . . . . . . . . . 24 - 4.4.2. TLS Authentication . . . . . . . . . . . . . . . . . 26 - 4.4.3. Example TLS Initiation . . . . . . . . . . . . . . . 27 - 4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 28 - 4.6. Session Initialization Message (SESS_INIT) . . . . . . . 30 - 4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 31 - 4.8. Session Extension Items . . . . . . . . . . . . . . . . . 32 - 5. Established Session Operation . . . . . . . . . . . . . . . . 33 - 5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 33 - 5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 34 - 5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 34 - 5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 35 - 5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 36 - 5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 36 - 5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 38 - 5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 39 - 5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 42 - 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 44 - 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 44 - 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 46 - 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 46 - 8. Security Considerations . . . . . . . . . . . . . . . . . . . 47 - 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 47 - 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 47 - 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 47 - 8.4. Threat: Transport Security Stripping . . . . . . . . . . 47 - 8.5. Threat: Weak Ciphersuite Downgrade . . . . . . . . . . . 48 - 8.6. Threat: Invalid Certificate Use . . . . . . . . . . . . . 48 - 8.7. Threat: Symmetric Key Overuse . . . . . . . . . . . . . . 48 - 8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 48 - 8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 49 - 8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 50 - 8.10.1. TLS Without Authentication . . . . . . . . . . . . . 50 - 8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 50 - 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 50 - 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 51 - 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 51 - 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 52 - 9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 53 - 9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 54 - 9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 55 - 9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 56 - 9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 57 - 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 58 - 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 58 - 11.1. Normative References . . . . . . . . . . . . . . . . . . 58 - 11.2. Informative References . . . . . . . . . . . . . . . . . 60 - Appendix A. Significant changes from RFC7242 . . . . . . . . . . 61 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 62 + 3. General Protocol Description . . . . . . . . . . . . . . . . 9 + 3.1. Convergence Layer Services . . . . . . . . . . . . . . . 9 + 3.2. TCPCL Session Overview . . . . . . . . . . . . . . . . . 11 + 3.3. TCPCL States and Transitions . . . . . . . . . . . . . . 13 + 3.4. Transfer Segmentation Policies . . . . . . . . . . . . . 19 + 3.5. Example Message Exchange . . . . . . . . . . . . . . . . 20 + 4. Session Establishment . . . . . . . . . . . . . . . . . . . . 21 + 4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 22 + 4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 23 + 4.3. Contact Validation and Negotiation . . . . . . . . . . . 24 + 4.4. Session Security . . . . . . . . . . . . . . . . . . . . 25 + 4.4.1. TLS Handshake . . . . . . . . . . . . . . . . . . . . 25 + 4.4.2. TLS Authentication . . . . . . . . . . . . . . . . . 27 + 4.4.3. Example TLS Initiation . . . . . . . . . . . . . . . 28 + 4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 29 + 4.6. Session Initialization Message (SESS_INIT) . . . . . . . 31 + 4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 32 + 4.8. Session Extension Items . . . . . . . . . . . . . . . . . 33 + 5. Established Session Operation . . . . . . . . . . . . . . . . 34 + 5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 34 + 5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 35 + 5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 35 + 5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 36 + 5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 37 + 5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 37 + 5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 39 + 5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 40 + 5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 43 + 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 45 + 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 45 + 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 47 + 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 47 + 8. Security Considerations . . . . . . . . . . . . . . . . . . . 48 + 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 48 + 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 48 + 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 48 + 8.4. Threat: Transport Security Stripping . . . . . . . . . . 48 + 8.5. Threat: Weak Ciphersuite Downgrade . . . . . . . . . . . 49 + 8.6. Threat: Invalid Certificate Use . . . . . . . . . . . . . 49 + 8.7. Threat: Symmetric Key Overuse . . . . . . . . . . . . . . 49 + 8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 49 + 8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 50 + 8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 51 + 8.10.1. TLS Without Authentication . . . . . . . . . . . . . 51 + 8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 51 + 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 51 + 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 52 + 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 52 + 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 53 + 9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 54 + 9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 55 + 9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 56 + 9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 57 + 9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 58 + 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 59 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 59 + 11.2. Informative References . . . . . . . . . . . . . . . . . 61 + Appendix A. Significant changes from RFC7242 . . . . . . . . . . 62 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 63 1. Introduction This document describes the TCP-based convergence-layer protocol for Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to- end architecture providing communications in and/or through highly stressed environments, including those with intermittent connectivity, long and/or variable delays, and high bit error rates. More detailed descriptions of the rationale and capabilities of these networks can be found in "Delay-Tolerant Network Architecture" @@ -148,20 +153,27 @@ without the version suffix refers to BPv7. For the remainder of this document, the abbreviation "TCPCL" without the version suffix refers to TCPCLv4. The locations of the TCPCL and the BP in the Internet model protocol stack (described in [RFC1122]) are shown in Figure 1. In particular, when BP is using TCP as its bearer with TCPCL as its convergence layer, both BP and TCPCL reside at the application layer of the Internet model. + This document is an update of the protocol described in RFC7242, + reflecting lessons learned. For this reason it obsoletes RFC7242, an + IRTF-stream document. + + Note to the RFC editor: The Internet Research Task Force is requested + to mark RFC7242 as obsolete. + +-------------------------+ | DTN Application | -\ +-------------------------| | | Bundle Protocol (BP) | -> Application Layer +-------------------------+ | | TCP Conv. Layer (TCPCL) | | +-------------------------+ | | TLS (optional) | -/ +-------------------------+ | TCP | ---> Transport Layer @@ -2274,37 +2286,37 @@ Within the port registry of [IANA-PORTS], TCP port number 4556 has been previously assigned as the default port for the TCP convergence layer in [RFC7242]. This assignment is unchanged by TCPCL version 4, but the assignment reference is updated to this specification. Each TCPCL entity identifies its TCPCL protocol version in its initial contact (see Section 9.2), so there is no ambiguity about what protocol is being used. The related assignments for UDP and DCCP port 4556 (both registered by [RFC7122]) are unchanged. - +------------------------+----------------------------------+ + +------------------------+----------------------------+ | Parameter | Value | - +------------------------+----------------------------------+ + +------------------------+----------------------------+ | Service Name: | dtn-bundle | | | | | Transport Protocol(s): | TCP | | | | - | Assignee: | Brian Sipos | + | Assignee: | IESG | | | | - | Contact: | Brian Sipos | + | Contact: | IESG | | | | | Description: | DTN Bundle TCP CL Protocol | | | | | Reference: | This specification. | | | | | Port Number: | 4556 | - +------------------------+----------------------------------+ + +------------------------+----------------------------+ 9.2. Protocol Versions IANA has created, under the "Bundle Protocol" registry [IANA-BUNDLE], a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version Numbers". The version number table is updated to include this specification. The registration procedure is RFC Required. +-------+-------------+-----------------------------------+ | Value | Description | Reference | @@ -2579,22 +2591,22 @@ This specification is based on comments on implementation of [RFC7242] provided from Scott Burleigh. 11. References 11.1. Normative References [I-D.ietf-dtn-bpbis] Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol - Version 7", draft-ietf-dtn-bpbis-17 (work in progress), - October 2019. + Version 7", draft-ietf-dtn-bpbis-19 (work in progress), + January 2020. [IANA-BUNDLE] IANA, "Bundle Protocol", . [IANA-PORTS] IANA, "Service Name and Transport Protocol Port Number Registry", . @@ -2665,22 +2677,22 @@ Luykx, A. and K. Paterson, "Limits on Authenticated Encryption Use in TLS", August 2017, . [github-dtn-bpbis-tcpcl] Sipos, B., "TCPCL Example Implementation", . [I-D.ietf-dtn-bpsec] Birrane, E. and K. McKeever, "Bundle Protocol Security - Specification", draft-ietf-dtn-bpsec-12 (work in - progress), September 2019. + Specification", draft-ietf-dtn-bpsec-15 (work in + progress), January 2020. [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, DOI 10.17487/RFC2595, June 1999, . [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003, .