draft-ietf-dtn-tcpclv4-19.txt   draft-ietf-dtn-tcpclv4-20.txt 
Delay Tolerant Networking B. Sipos Delay Tolerant Networking B. Sipos
Internet-Draft RKF Engineering Internet-Draft RKF Engineering
Intended status: Standards Track M. Demmer Intended status: Standards Track M. Demmer
Expires: September 8, 2020 UC Berkeley Expires: November 14, 2020 UC Berkeley
J. Ott J. Ott
Aalto University Aalto University
S. Perreault S. Perreault
March 7, 2020 May 13, 2020
Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4 Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4
draft-ietf-dtn-tcpclv4-19 draft-ietf-dtn-tcpclv4-20
Abstract Abstract
This document describes a TCP-based convergence layer (TCPCL) for This document describes a TCP-based convergence layer (TCPCL) for
Delay-Tolerant Networking (DTN). This version of the TCPCL protocol Delay-Tolerant Networking (DTN). This version of the TCPCL protocol
resolves implementation issues in the earlier TCPCL Version 3 of resolves implementation issues in the earlier TCPCL Version 3 of
RFC7242 and updates to the Bundle Protocol (BP) contents, encodings, RFC7242 and updates to the Bundle Protocol (BP) contents, encodings,
and convergence layer requirements in BP Version 7. Specifically, and convergence layer requirements in BP Version 7. Specifically,
the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit
being transported and provides a reliable transport of such bundles. being transported and provides a reliable transport of such bundles.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 8, 2020. This Internet-Draft will expire on November 14, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 11 skipping to change at page 3, line 11
6. Session Termination . . . . . . . . . . . . . . . . . . . . . 47 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 47
6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 47 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 47
6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 50 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 50
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 50 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 50
8. Security Considerations . . . . . . . . . . . . . . . . . . . 50 8. Security Considerations . . . . . . . . . . . . . . . . . . . 50
8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 51 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 51
8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 51 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 51
8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 51 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 51
8.4. Threat: Transport Security Stripping . . . . . . . . . . 51 8.4. Threat: Transport Security Stripping . . . . . . . . . . 51
8.5. Threat: Weak Ciphersuite Downgrade . . . . . . . . . . . 52 8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 52
8.6. Threat: Invalid Certificate Use . . . . . . . . . . . . . 52 8.6. Threat: Certificate Validation Vulnerabilities . . . . . 52
8.7. Threat: Symmetric Key Overuse . . . . . . . . . . . . . . 52 8.7. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 52
8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 52 8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 52
8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 53 8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 53
8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 54 8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 54
8.10.1. TLS Without Authentication . . . . . . . . . . . . . 54 8.10.1. TLS Without Authentication . . . . . . . . . . . . . 54
8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 54 8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 54
8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 54 8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 54
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 55
9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 55 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 55
9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 55 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 55
9.3. Session Extension Types . . . . . . . . . . . . . . . . . 56 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 56
skipping to change at page 52, line 5 skipping to change at page 52, line 5
The purpose of the CAN_TLS flag is to allow the use of TCPCL on The purpose of the CAN_TLS flag is to allow the use of TCPCL on
entities which simply do not have a TLS implementation available. entities which simply do not have a TLS implementation available.
When TLS is available on an entity, it is strongly encouraged that When TLS is available on an entity, it is strongly encouraged that
the security policy disallow non-TLS sessions. This requires that the security policy disallow non-TLS sessions. This requires that
the TLS handshake occurs, regardless of the policy-driven parameters the TLS handshake occurs, regardless of the policy-driven parameters
of the handshake and policy-driven handling of the handshake outcome. of the handshake and policy-driven handling of the handshake outcome.
The negotiated use of TLS is identical behavior to STARTTLS use in The negotiated use of TLS is identical behavior to STARTTLS use in
[RFC2595] and [RFC4511]. [RFC2595] and [RFC4511].
8.5. Threat: Weak Ciphersuite Downgrade 8.5. Threat: Weak TLS Configurations
Even when using TLS to secure the TCPCL session, the actual Even when using TLS to secure the TCPCL session, the actual
ciphersuite negotiated between the TLS peers can be insecure. ciphersuite negotiated between the TLS peers can be insecure.
Recommendations for ciphersuite use are included in BCP 195 Recommendations for ciphersuite use are included in BCP 195
[RFC7525]. It is up to security policies within each TCPCL node to [RFC7525]. It is up to security policies within each TCPCL node to
ensure that the negotiated TLS ciphersuite meets transport security ensure that the negotiated TLS ciphersuite meets transport security
requirements. requirements.
8.6. Threat: Invalid Certificate Use 8.6. Threat: Certificate Validation Vulnerabilities
Even when TLS itself is operating properly an attacker can attempt to Even when TLS itself is operating properly an attacker can attempt to
exploit vulnerabilities within certificate check algorithms or exploit vulnerabilities within certificate check algorithms or
configuration to establish a secure TCPCL session using an invalid configuration to establish a secure TCPCL session using an invalid
certificate. A BP agent treats the peer Node ID within a TCPCL certificate. A BP agent treats the peer Node ID within a TCPCL
session as authoritative and an invalid certificate exploit could session as authoritative and an invalid certificate exploit could
lead to bundle data leaking and/or denial of service to the Node ID lead to bundle data leaking and/or denial of service to the Node ID
being impersonated. There are many reasons, described in [RFC5280], being impersonated. There are many reasons, described in [RFC5280],
why a certificate can fail to validate, including using the why a certificate can fail to validate, including using the
certificate outside of its valid time interval, using purposes for certificate outside of its valid time interval, using purposes for
which it was not authorized, or using it after it has been revoked by which it was not authorized, or using it after it has been revoked by
its CA. Validating a certificate is a complex task and can require its CA. Validating a certificate is a complex task and can require
network connectivity outside of the primary TCPCL network path(s) if network connectivity outside of the primary TCPCL network path(s) if
a mechanism such as the Online Certificate Status Protocol (OCSP) is a mechanism such as the Online Certificate Status Protocol (OCSP) is
used by the CA. The configuration and use of particular certificate used by the CA. The configuration and use of particular certificate
validation methods are outside of the scope of this document. validation methods are outside of the scope of this document.
8.7. Threat: Symmetric Key Overuse 8.7. Threat: Symmetric Key Limits
Even with a secure block cipher and securely-established session Even with a secure block cipher and securely-established session
keys, there are limits to the amount of plaintext which can be safely keys, there are limits to the amount of plaintext which can be safely
encrypted with a given set of keys as described in [AEAD-LIMITS]. encrypted with a given set of keys as described in [AEAD-LIMITS].
When permitted by the negotiated TLS version (see [RFC8446]), it is When permitted by the negotiated TLS version (see [RFC8446]), it is
advisable to take advantage of session key updates to avoid those advisable to take advantage of session key updates to avoid those
limits. When key updates are not possible, renegotiation of the TLS limits. When key updates are not possible, renegotiation of the TLS
connection or establishing new TCPCL/TLS session are alternatives to connection or establishing new TCPCL/TLS session are alternatives to
limit session key use. limit session key use.
skipping to change at page 54, line 34 skipping to change at page 54, line 34
following subsections give examples of alternate TLS uses. following subsections give examples of alternate TLS uses.
8.10.1. TLS Without Authentication 8.10.1. TLS Without Authentication
In environments where PKI is available but there are restrictions on In environments where PKI is available but there are restrictions on
the issuance of certificates (including the contents of the issuance of certificates (including the contents of
certificates), it may be possible to make use of TLS in a way which certificates), it may be possible to make use of TLS in a way which
authenticates only the passive entity of a TCPCL session or which authenticates only the passive entity of a TCPCL session or which
does not authenticate either entity. Using TLS in a way which does does not authenticate either entity. Using TLS in a way which does
not authenticate both peer entities of each TCPCL session is outside not authenticate both peer entities of each TCPCL session is outside
of the scope of this document. of the scope of this document but does have similar properties to the
opportunistic security model of [RFC7435].
8.10.2. Non-Certificate TLS Use 8.10.2. Non-Certificate TLS Use
In environments where PKI is unavailable, alternate uses of TLS which In environments where PKI is unavailable, alternate uses of TLS which
do not require certificates such as pre-shared key (PSK) do not require certificates such as pre-shared key (PSK)
authentication [RFC5489] and the use of raw public keys [RFC7250] are authentication [RFC5489] and the use of raw public keys [RFC7250] are
available and can be used to ensure confidentiality within TCPCL. available and can be used to ensure confidentiality within TCPCL.
Using non-PKI node authentication methods is outside of the scope of Using non-PKI node authentication methods is outside of the scope of
this document. this document.
skipping to change at page 62, line 34 skipping to change at page 62, line 34
This specification is based on comments on implementation of This specification is based on comments on implementation of
[RFC7242] provided from Scott Burleigh. [RFC7242] provided from Scott Burleigh.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-dtn-bpbis] [I-D.ietf-dtn-bpbis]
Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol
Version 7", draft-ietf-dtn-bpbis-23 (work in progress), Version 7", draft-ietf-dtn-bpbis-24 (work in progress),
February 2020. March 2020.
[IANA-BUNDLE] [IANA-BUNDLE]
IANA, "Bundle Protocol", IANA, "Bundle Protocol",
<https://www.iana.org/assignments/bundle/>. <https://www.iana.org/assignments/bundle/>.
[IANA-PORTS] [IANA-PORTS]
IANA, "Service Name and Transport Protocol Port Number IANA, "Service Name and Transport Protocol Port Number
Registry", <https://www.iana.org/assignments/service- Registry", <https://www.iana.org/assignments/service-
names-port-numbers/>. names-port-numbers/>.
skipping to change at page 64, line 22 skipping to change at page 64, line 22
Luykx, A. and K. Paterson, "Limits on Authenticated Luykx, A. and K. Paterson, "Limits on Authenticated
Encryption Use in TLS", August 2017, Encryption Use in TLS", August 2017,
<http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf>. <http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf>.
[github-dtn-bpbis-tcpcl] [github-dtn-bpbis-tcpcl]
Sipos, B., "TCPCL Example Implementation", Sipos, B., "TCPCL Example Implementation",
<https://github.com/BSipos-RKF/dtn-bpbis-tcpcl/>. <https://github.com/BSipos-RKF/dtn-bpbis-tcpcl/>.
[I-D.ietf-dtn-bpsec] [I-D.ietf-dtn-bpsec]
Birrane, E. and K. McKeever, "Bundle Protocol Security Birrane, E. and K. McKeever, "Bundle Protocol Security
Specification", draft-ietf-dtn-bpsec-21 (work in Specification", draft-ietf-dtn-bpsec-22 (work in
progress), March 2020. progress), March 2020.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, DOI 10.17487/RFC2595, June 1999, RFC 2595, DOI 10.17487/RFC2595, June 1999,
<https://www.rfc-editor.org/info/rfc2595>. <https://www.rfc-editor.org/info/rfc2595>.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552, Text on Security Considerations", BCP 72, RFC 3552,
DOI 10.17487/RFC3552, July 2003, DOI 10.17487/RFC3552, July 2003,
<https://www.rfc-editor.org/info/rfc3552>. <https://www.rfc-editor.org/info/rfc3552>.
 End of changes. 11 change blocks. 
14 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/