draft-ietf-dtn-tcpclv4-21.txt   draft-ietf-dtn-tcpclv4-22.txt 
Delay-Tolerant Networking B. Sipos Delay-Tolerant Networking B. Sipos
Internet-Draft RKF Engineering Internet-Draft RKF Engineering
Intended status: Standards Track M. Demmer Intended status: Standards Track M. Demmer
Expires: December 11, 2020 UC Berkeley Expires: April 29, 2021 UC Berkeley
J. Ott J. Ott
Aalto University Aalto University
S. Perreault S. Perreault
June 9, 2020 October 26, 2020
Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4 Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4
draft-ietf-dtn-tcpclv4-21 draft-ietf-dtn-tcpclv4-22
Abstract Abstract
This document describes a TCP-based convergence layer (TCPCL) for This document describes a TCP-based convergence layer (TCPCL) for
Delay-Tolerant Networking (DTN). This version of the TCPCL protocol Delay-Tolerant Networking (DTN). This version of the TCPCL protocol
resolves implementation issues in the earlier TCPCL Version 3 of resolves implementation issues in the earlier TCPCL Version 3 of
RFC7242 and updates to the Bundle Protocol (BP) contents, encodings, RFC7242 and updates to the Bundle Protocol (BP) contents, encodings,
and convergence layer requirements in BP Version 7. Specifically, and convergence layer requirements in BP Version 7. Specifically,
the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit
being transported and provides a reliable transport of such bundles. being transported and provides a reliable transport of such bundles.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 11, 2020. This Internet-Draft will expire on April 29, 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 37 skipping to change at page 2, line 37
3.6. Transfer Segmentation Policies . . . . . . . . . . . . . 21 3.6. Transfer Segmentation Policies . . . . . . . . . . . . . 21
3.7. Example Message Exchange . . . . . . . . . . . . . . . . 22 3.7. Example Message Exchange . . . . . . . . . . . . . . . . 22
4. Session Establishment . . . . . . . . . . . . . . . . . . . . 23 4. Session Establishment . . . . . . . . . . . . . . . . . . . . 23
4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 24 4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 24
4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 25 4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 25
4.3. Contact Validation and Negotiation . . . . . . . . . . . 26 4.3. Contact Validation and Negotiation . . . . . . . . . . . 26
4.4. Session Security . . . . . . . . . . . . . . . . . . . . 27 4.4. Session Security . . . . . . . . . . . . . . . . . . . . 27
4.4.1. Entity Identification . . . . . . . . . . . . . . . . 28 4.4.1. Entity Identification . . . . . . . . . . . . . . . . 28
4.4.2. TLS Handshake . . . . . . . . . . . . . . . . . . . . 29 4.4.2. TLS Handshake . . . . . . . . . . . . . . . . . . . . 29
4.4.3. TLS Authentication . . . . . . . . . . . . . . . . . 30 4.4.3. TLS Authentication . . . . . . . . . . . . . . . . . 30
4.4.4. Example TLS Initiation . . . . . . . . . . . . . . . 31 4.4.4. Example TLS Initiation . . . . . . . . . . . . . . . 32
4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 32 4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 33
4.6. Session Initialization Message (SESS_INIT) . . . . . . . 34 4.6. Session Initialization Message (SESS_INIT) . . . . . . . 34
4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 35 4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 36
4.8. Session Extension Items . . . . . . . . . . . . . . . . . 36 4.8. Session Extension Items . . . . . . . . . . . . . . . . . 37
5. Established Session Operation . . . . . . . . . . . . . . . . 37 5. Established Session Operation . . . . . . . . . . . . . . . . 38
5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 37 5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 38
5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 37 5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 38
5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 38 5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 39
5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 39 5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 40
5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 40 5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 41
5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 40 5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 41
5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 42 5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 43
5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 43 5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 44
5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 46 5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 47
6. Session Termination . . . . . . . . . . . . . . . . . . . . . 48 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 49
6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 48 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 49
6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 51 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 52
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 51 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 52
8. Security Considerations . . . . . . . . . . . . . . . . . . . 51 8. Security Considerations . . . . . . . . . . . . . . . . . . . 52
8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 52 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 53
8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 52 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 53
8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 52 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 53
8.4. Threat: Transport Security Stripping . . . . . . . . . . 52 8.4. Threat: Transport Security Stripping . . . . . . . . . . 53
8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 53 8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 54
8.6. Threat: Certificate Validation Vulnerabilities . . . . . 53 8.6. Threat: Certificate Validation Vulnerabilities . . . . . 54
8.7. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 53 8.7. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 54
8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 53 8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 54
8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 54 8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 55
8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 55 8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 56
8.10.1. TLS Without Authentication . . . . . . . . . . . . . 55 8.10.1. TLS Without Authentication . . . . . . . . . . . . . 56
8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 55 8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 56
8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 55 8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 56
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57
9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 56 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 57
9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 56 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 57
9.3. Session Extension Types . . . . . . . . . . . . . . . . . 57 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 58
9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 58 9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 59
9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 59 9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 60
9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 60 9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 61
9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 61 9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 62
9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 62 9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 63
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 63 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 64
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 63 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 64
11.1. Normative References . . . . . . . . . . . . . . . . . . 63 11.1. Normative References . . . . . . . . . . . . . . . . . . 64
11.2. Informative References . . . . . . . . . . . . . . . . . 65 11.2. Informative References . . . . . . . . . . . . . . . . . 66
Appendix A. Significant changes from RFC7242 . . . . . . . . . . 66 Appendix A. Significant changes from RFC7242 . . . . . . . . . . 67
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 68 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69
1. Introduction 1. Introduction
This document describes the TCP-based convergence-layer protocol for This document describes the TCP-based convergence-layer protocol for
Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to- Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to-
end architecture providing communications in and/or through highly end architecture providing communications in and/or through highly
stressed environments, including those with intermittent stressed environments, including those with intermittent
connectivity, long and/or variable delays, and high bit error rates. connectivity, long and/or variable delays, and high bit error rates.
More detailed descriptions of the rationale and capabilities of these More detailed descriptions of the rationale and capabilities of these
networks can be found in "Delay-Tolerant Network Architecture" networks can be found in "Delay-Tolerant Network Architecture"
skipping to change at page 21, line 23 skipping to change at page 21, line 23
Many other policies can be established in a TCPCL network between the Many other policies can be established in a TCPCL network between the
two extremes of single persistent sessions and only ephemeral two extremes of single persistent sessions and only ephemeral
sessions. Different policies can be applied to each peer entity and sessions. Different policies can be applied to each peer entity and
to each bundle as it needs to be transferred (e.g for quality of to each bundle as it needs to be transferred (e.g for quality of
service). Additionally, future session extension types can apply service). Additionally, future session extension types can apply
further nuance to session policies and policy negotiation. further nuance to session policies and policy negotiation.
3.6. Transfer Segmentation Policies 3.6. Transfer Segmentation Policies
Each TCPCL session allows a negotiated transfer segmentation polcy to Each TCPCL session allows a negotiated transfer segmentation policy
be applied in each transfer direction. A receiving node can set the to be applied in each transfer direction. A receiving node can set
Segment MRU in its SESS_INIT message to determine the largest the Segment MRU in its SESS_INIT message to determine the largest
acceptable segment size, and a transmitting node can segment a acceptable segment size, and a transmitting node can segment a
transfer into any sizes smaller than the receiver's Segment MRU. It transfer into any sizes smaller than the receiver's Segment MRU. It
is a network administration matter to determine an appropriate is a network administration matter to determine an appropriate
segmentation policy for entities operating TCPCL, but guidance given segmentation policy for entities operating TCPCL, but guidance given
here can be used to steer policy toward performance goals. It is here can be used to steer policy toward performance goals. It is
also advised to consider the Segment MRU in relation to chunking/ also advised to consider the Segment MRU in relation to chunking/
packetization performed by TLS, TCP, and any intermediate network- packetization performed by TLS, TCP, and any intermediate network-
layer nodes. layer nodes.
Minimum Overhead: For a simple network expected to exchange Minimum Overhead: For a simple network expected to exchange
skipping to change at page 25, line 15 skipping to change at page 25, line 15
4.2. Contact Header 4.2. Contact Header
This section describes the format of the Contact Header and the This section describes the format of the Contact Header and the
meaning of its fields. meaning of its fields.
If an entity is capable of exchanging messages according to TLS 1.3 If an entity is capable of exchanging messages according to TLS 1.3
[RFC8446] or any successors which are compatible with that TLS [RFC8446] or any successors which are compatible with that TLS
ClientHello, the the CAN_TLS flag within its Contact Header SHALL be ClientHello, the the CAN_TLS flag within its Contact Header SHALL be
set to 1. This behavior prefers the use of TLS when possible, even set to 1. This behavior prefers the use of TLS when possible, even
if security policy does not allow or require authentication. This if security policy does not allow or require authentication. This
follows the opportunistic security model of [RFC7435]. follows the opportunistic security model of [RFC7435], though an
active attacker could interfere with the exchange in such cases.
Upon receipt of the Contact Header, both entities perform the Upon receipt of the Contact Header, both entities perform the
validation and negotiation procedures defined in Section 4.3. After validation and negotiation procedures defined in Section 4.3. After
receiving the Contact Header from the other entity, either entity MAY receiving the Contact Header from the other entity, either entity MAY
refuse the session by sending a SESS_TERM message with an appropriate refuse the session by sending a SESS_TERM message with an appropriate
reason code. reason code.
The format for the Contact Header is as follows: The format for the Contact Header is as follows:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
skipping to change at page 26, line 11 skipping to change at page 26, line 11
to the descriptions in Table 1. All reserved header flag bits to the descriptions in Table 1. All reserved header flag bits
SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header flag bits
SHALL be ignored by the receiver. SHALL be ignored by the receiver.
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| CAN_TLS | 0x01 | If bit is set, indicates that the sending | | CAN_TLS | 0x01 | If bit is set, indicates that the sending |
| | | peer is capable of TLS security. | | | | peer is capable of TLS security. |
| | | | | | | |
| Reserved | others | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
Table 1: Contact Header Flags Table 1: Contact Header Flags
4.3. Contact Validation and Negotiation 4.3. Contact Validation and Negotiation
Upon reception of the Contact Header, each node follows the following Upon reception of the Contact Header, each node follows the following
procedures to ensure the validity of the TCPCL session and to procedures to ensure the validity of the TCPCL session and to
negotiate values for the session parameters. negotiate values for the session parameters.
skipping to change at page 28, line 28 skipping to change at page 28, line 28
defines a prioritized list of what a certificate can identify about a defines a prioritized list of what a certificate can identify about a
TCPCL entity: TCPCL entity:
Node ID: The ideal certificate identity is the Node ID of the entity Node ID: The ideal certificate identity is the Node ID of the entity
using the NODE-ID definition below. When the Node ID is using the NODE-ID definition below. When the Node ID is
identified, there is no need for any lower-level identification to identified, there is no need for any lower-level identification to
take place. take place.
DNS Name: If CA policy forbids a certificate to contain an arbitrary DNS Name: If CA policy forbids a certificate to contain an arbitrary
NODE-ID but allows a DNS-ID to be identified then one or more NODE-ID but allows a DNS-ID to be identified then one or more
stable host names can be identified in the certificate. The use stable DNS names can be identified in the certificate. The use of
of wildcard DNS-ID is discouraged due to the complex rules for wildcard DNS-ID is discouraged due to the complex rules for
matching and dependence on implementation support for wildcard matching and dependence on implementation support for wildcard
matching (see Section 6.4.3 of [RFC6125]). matching (see Section 6.4.3 of [RFC6125]).
Network Address: If no stable host name is available but a stable Network Address: If no stable DNS name is available but a stable
network address is available and CA policy allows a certificate to network address is available and CA policy allows a certificate to
contain a NETWORK-ID (as defined below) then one or more network contain a IPADDR-ID (as defined below) then one or more network
addresses can be identified in the certificate. addresses can be identified in the certificate.
When only a DNS-ID or NETWORK-ID can be identified by a certificate, When only a DNS-ID or IPADDR-ID can be identified by a certificate,
it is implied that an entity which authenticates using that it is implied that an entity which authenticates using that
certificate is trusted to provide a valid Node ID in its SESS_INIT; certificate is trusted to provide a valid Node ID in its SESS_INIT;
the certificate itself does not actually authenticate that Node ID. the certificate itself does not actually authenticate that Node ID.
The RECOMMENDED security policy of an entity is to validate a peer The RECOMMENDED security policy of an entity is to validate a peer
which authenticates its Node ID regardless of an authenticated host which authenticates its Node ID regardless of an authenticated DNS
name or address, and only consider the host/address authentication in name or address, and only consider the host/address authentication in
the absence of an authenticated Node ID. the absence of an authenticated Node ID.
This specification defines a NODE-ID of a certificate as being the This specification defines a NODE-ID of a certificate as being the
subjectAltName entry of type uniformResourceIdentifier whose value is subjectAltName entry of type uniformResourceIdentifier whose value is
a URI consistent with the requirements of [RFC3986] and the URI a URI consistent with the requirements of [RFC3986] and the URI
schemes of the IANA "Bundle Protocol URI Scheme Type" registry. This schemes of the IANA "Bundle Protocol URI Scheme Type" registry. This
is similar to the URI-ID of [RFC6125] but does not require any is similar to the URI-ID of [RFC6125] but does not require any
structure to the scheme-specific-part of the URI. Unless specified structure to the scheme-specific-part of the URI. Unless specified
otherwise by the definition of the URI scheme being authenticated, otherwise by the definition of the URI scheme being authenticated,
URI matching of a NODE-ID SHALL use the URI comparison logic of URI matching of a NODE-ID SHALL use the URI comparison logic of
[RFC3986] and scheme-based normalization of those schemes specified [RFC3986] and scheme-based normalization of those schemes specified
in [I-D.ietf-dtn-bpbis]. A URI scheme can refine this "exact match" in [I-D.ietf-dtn-bpbis]. A URI scheme can refine this "exact match"
logic with rules about how Node IDs within that scheme are to be logic with rules about how Node IDs within that scheme are to be
compared with the certificate-authenticated NODE-ID. compared with the certificate-authenticated NODE-ID.
This specification defines a NETWORK-ID of a certificate as being the This specification defines a IPADDR-ID of a certificate as being the
subjectAltName entry of type iPAddress whose value is encoded subjectAltName entry of type iPAddress whose value is encoded
according to [RFC5280]. according to [RFC5280].
4.4.2. TLS Handshake 4.4.2. TLS Handshake
The use of TLS is negotiated using the Contact Header as described in The use of TLS is negotiated using the Contact Header as described in
Section 4.3. After negotiating an Enable TLS parameter of true, and Section 4.3. After negotiating an Enable TLS parameter of true, and
before any other TCPCL messages are sent within the session, the before any other TCPCL messages are sent within the session, the
session entities SHALL begin a TLS handshake in accordance with session entities SHALL begin a TLS handshake in accordance with
[RFC8446]. By convention, this protocol uses the entity which [RFC8446]. By convention, this protocol uses the entity which
skipping to change at page 29, line 37 skipping to change at page 29, line 37
The TLS handshake, if it occurs, is considered to be part of the The TLS handshake, if it occurs, is considered to be part of the
contact negotiation before the TCPCL session itself is established. contact negotiation before the TCPCL session itself is established.
Specifics about sensitive data exposure are discussed in Section 8. Specifics about sensitive data exposure are discussed in Section 8.
The parameters within each TLS negotiation are implementation The parameters within each TLS negotiation are implementation
dependent but any TCPCL node SHALL follow all recommended practices dependent but any TCPCL node SHALL follow all recommended practices
of BCP 195 [RFC7525], or any updates or successors that become part of BCP 195 [RFC7525], or any updates or successors that become part
of BCP 195. Within each TLS handshake, the following requirements of BCP 195. Within each TLS handshake, the following requirements
apply (using the rough order in which they occur): apply (using the rough order in which they occur):
Client Hello: When a resolved host name was used to establish the Client Hello: When a resolved DNS name was used to establish the TCP
TCP connection, the TLS ClientHello SHOULD include a Server Name connection, the TLS ClientHello SHOULD include a Server Name
Indication (SNI) in accordance with [RFC6066] containing that host Indication (SNI) in accordance with [RFC6066]. When present, the
name (of the passive entity) which was resolved. Note: The SNI "server_name" extension SHALL contain a "HostName" value taken
text is the network-layer name for the passive entity, which is from the DNS name (of the passive entity) which was resolved.
not the Node ID of that entity. Note: The 'HostName in the "server_name" extension is the network
name for the passive entity, not the Node ID of that entity.
Server Certificate: The passive entity SHALL supply a certificate Server Certificate: The passive entity SHALL supply a certificate
within the TLS handshake to allow authentication of its side of within the TLS handshake to allow authentication of its side of
the session. Unless prohibited by CA policy, the passive entity the session. Unless prohibited by CA policy, the passive entity
certificate SHALL contain a NODE-ID which authenticates the Node certificate SHALL contain a NODE-ID which authenticates the Node
ID of the peer. When assigned a stable host name, the passive ID of the peer. When assigned a stable DNS name, the passive
entity certificate SHOULD contain a DNS-ID which authenticates entity certificate SHOULD contain a DNS-ID which authenticates
that (fully qualified) name. When assigned a stable network that (fully qualified) name. When assigned a stable network
address, the passive entity certificate MAY contain a NETWORK-ID address, the passive entity certificate MAY contain a IPADDR-ID
which authenticates that address. The passive entity MAY use the which authenticates that address. The passive entity MAY use the
SNI host name to choose an appropriate server-side certificate SNI DNS name to choose an appropriate server-side certificate
which authenticates that host name. which authenticates that DNS name.
Certificate Request: During TLS handshake, the passive entity SHALL Certificate Request: During TLS handshake, the passive entity SHALL
request a client-side certificate. request a client-side certificate.
Client Certificate: The active entity SHALL supply a certificate Client Certificate: The active entity SHALL supply a certificate
chain within the TLS handshake to allow authentication of its side chain within the TLS handshake to allow authentication of its side
of the session. Unless prohibited by CA policy, the active entity of the session. Unless prohibited by CA policy, the active entity
certificate SHALL contain a NODE-ID which authenticates the Node certificate SHALL contain a NODE-ID which authenticates the Node
ID of the peer. When assigned a stable host name, the active ID of the peer. When assigned a stable DNS name, the active
entity certificate SHOULD contain a DNS-ID which authenticates entity certificate SHOULD contain a DNS-ID which authenticates
that (fully qualified) name. When assigned a stable network that (fully qualified) name. When assigned a stable network
address, the active entity certificate MAY contain a NETWORK-ID address, the active entity certificate MAY contain a IPADDR-ID
which authenticates that address. which authenticates that address.
All certificates supplied during TLS handshake SHALL conform to All certificates supplied during TLS handshake SHALL conform to
[RFC5280], or any updates or successors to that profile. When a [RFC5280], or any updates or successors to that profile. When a
certificate is supplied during TLS handshake, the full certification certificate is supplied during TLS handshake, the full certification
chain SHOULD be included unless security policy indicates that is chain SHOULD be included unless security policy indicates that is
unnecessary. unnecessary.
If a TLS handshake cannot negotiate a TLS connection, both entities If a TLS handshake cannot negotiate a TLS connection, both entities
of the TCPCL session SHALL close the TCP connection. At this point of the TCPCL session SHALL close the TCP connection. At this point
the TCPCL session has not yet been established so there is no TCPCL the TCPCL session has not yet been established so there is no TCPCL
session to terminate. session to terminate.
After a TLS connection is successfully established, the active entity After a TLS connection is successfully established, the active entity
SHALL send a SESS_INIT message to begin session negotiation. This SHALL send a SESS_INIT message to begin session negotiation. This
session negotiation and all subsequent messaging are secured. session negotiation and all subsequent messaging are secured.
4.4.3. TLS Authentication 4.4.3. TLS Authentication
Using PKIX certificates exchanged during the TLS handshake, each of Using PKIX certificates exchanged during the TLS handshake, each of
the entities can attempt to authenticate its peer Node ID directly or the entities can authenticate a peer Node ID directly or authenticate
authenticate the peer host name or network address. The Node ID the peer DNS name or network address. The logic for attempting
exchanged in the Session Initialization is likely to be used by the authentication is separate from the logic for handling the result of
BP agent for making transfer and routing decisions, so attempting authentication, which is based on local security policy.
Node ID validation is required while attempting host name validation
is optional. The logic for attempting validation is separate from
the logic for handling the result of validation, which is based on
local security policy.
By using the SNI host name (see Section 4.4.2) a single passive By using the SNI DNS name (see Section 4.4.2) a single passive entity
entity can act as a convergence layer for multiple BP agents with can act as a convergence layer for multiple BP agents with distinct
distinct Node IDs. When this "virtual host" behavior is used, the Node IDs. When this "virtual host" behavior is used, the DNS name is
host name is used as the indication of which BP Node the active used as the indication of which BP Node the active entity is
entity is attempting to communicate with. A virtual host CL entity attempting to communicate with. A virtual host CL entity can be
can be authenticated by a certificate containing all of the host authenticated by a certificate containing all of the DNS names and/or
names and/or Node IDs being hosted or by several certificates each Node IDs being hosted or by several certificates each authenticating
authenticating a single host name and/or Node ID, using the SNI value a single DNS name and/or Node ID, using the SNI value from the peer
from the peer to select which certificate to use. to select which certificate to use.
Any certificate received during TLS handshake SHALL be validated up Any certificate received during TLS handshake SHALL be validated up
to one or more trusted CA certificates. If certificate validation to one or more trusted CA certificates. If certificate validation
fails or if security policy disallows a certificate for any reason, fails or if security policy disallows a certificate for any reason,
the entity SHALL terminate the session (with a reason code of the entity SHALL terminate the session (with a reason code of
"Contact Failure"). "Contact Failure").
The result of authenticating a peer value against a certificate claim
is one of:
Absent: Indicating that the claim type is not present in the
certificate and cannot be authenticated.
Success: Indicating the claim type is present and matches the peer
(Node ID / DNS name / address) value.
Failure: Indicating the claim type is present but did not match the
peer value.
Either during or immediately after the TLS handshake, the active Either during or immediately after the TLS handshake, the active
entity SHALL attempt to authenticate the host name (of the passive entity SHALL authenticate the DNS name (of the passive entity) used
entity) used to initiate the TCP connection using any DNS-ID of the to initiate the TCP connection using any DNS-ID of the peer
peer certificate. If host name validation fails (including failure certificate. If the DNS name authentication result is Failure or if
because the certificate does not contain any DNS-ID) and security the result is Absent and security policy requires an authenticated
policy disallows an unauthenticated host, the entity SHALL terminate DNS name, the entity SHALL terminate the session (with a reason code
the session (with a reason code of "Contact Failure"). of "Contact Failure").
Either during or immediately after the TLS handshake, the active Either during or immediately after the TLS handshake, the active
entity SHALL attempt to authenticate the IP address of the other side entity SHALL authenticate the IP address of the other side of the TCP
of the TCP connection using any NETWORK-ID of the peer certificate. connection using any IPADDR-ID of the peer certificate. Either
Either during or immediately after the TLS handshake, the passive during or immediately after the TLS handshake, the passive entity
entity SHALL attempt to authenticate the IP address of the other side SHALL authenticate the IP address of the other side of the TCP
of the TCP connection using any NETWORK-ID of the peer certificate. connection using any IPADDR-ID of the peer certificate. If the
If host address validation fails (including failure because the address authentication result is Failure or if the result is Absent
certificate does not contain any NETWORK-ID) and security policy and security policy requires an authenticated network address, the
disallows an unauthenticated host, the entity SHALL terminate the entity SHALL terminate the session (with a reason code of "Contact
session (with a reason code of "Contact Failure"). Failure").
Immediately before Session Parameter Negotiation, each side of the Immediately before Session Parameter Negotiation, each side of the
session SHALL perform Node ID validation of its peer as described session SHALL authenticate the Node ID of the peer's SESS_INIT
below. Node ID validation SHALL succeed if the associated message using any NODE-ID of the peer certificate. If the Node ID
certificate includes a NODE-ID whose value matches the Node ID of the authentication result is Failure or if the result is Absent and
TCPCL entity. If Node ID validation fails (including failure because security policy requires an authenticated Node ID, the entity SHALL
the certificate does not contain any NODE-ID) and security policy terminate the session (with a reason code of "Contact Failure").
disallows an unauthenticated Node ID, the entity SHALL terminate the
session (with a reason code of "Contact Failure").
4.4.4. Example TLS Initiation 4.4.4. Example TLS Initiation
A summary of a typical TLS use is shown in the sequence in Figure 17 A summary of a typical TLS use is shown in the sequence in Figure 17
below. In this example the active peer terminates the session but below. In this example the active peer terminates the session but
termination can be initiated from either peer. termination can be initiated from either peer.
Entity A Entity B Entity A Entity B
active peer passive peer active peer passive peer
skipping to change at page 32, line 22 skipping to change at page 32, line 28
+-------------------------+ +-------------------------+
| Contact Header | -> +-------------------------+ | Contact Header | -> +-------------------------+
+-------------------------+ <- | Contact Header | +-------------------------+ <- | Contact Header |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
| TLS Negotiation | -> <- | TLS Negotiation | | TLS Negotiation | -> <- | TLS Negotiation |
| (as client) | | (as server) | | (as client) | | (as server) |
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
Host name validation occurs. DNS name validation occurs.
Secured TCPCL messaging can begin. Secured TCPCL messaging can begin.
+-------------------------+ +-------------------------+
| SESS_INIT | -> +-------------------------+ | SESS_INIT | -> +-------------------------+
+-------------------------+ <- | SESS_INIT | +-------------------------+ <- | SESS_INIT |
+-------------------------+ +-------------------------+
Node ID validation occurs. Node ID validation occurs.
Session is established, transfers can begin. Session is established, transfers can begin.
skipping to change at page 33, line 20 skipping to change at page 34, line 8
Figure 18: Format of the Message Header Figure 18: Format of the Message Header
The message header fields are as follows: The message header fields are as follows:
Message Type: Indicates the type of the message as per Table 2 Message Type: Indicates the type of the message as per Table 2
below. Encoded values are listed in Section 9.5. below. Encoded values are listed in Section 9.5.
+--------------+------+---------------------------------------------+ +--------------+------+---------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+--------------+------+---------------------------------------------+ +--------------+------+---------------------------------------------+
| SESS_INIT | 0x07 | Contains the session parameter | | SESS_INIT | 0x07 | Contains the session parameter inputs from |
| | | inputs from one of the entities, | | | | one of the entities, as described in |
| | | as described in Section 4.6. | | | | Section 4.6. |
| | | | | | | |
| SESS_TERM | 0x05 | Indicates that one of the | | SESS_TERM | 0x05 | Indicates that one of the entities |
| | | entities participating in the session | | | | participating in the session wishes to |
| | | wishes to cleanly terminate the session, as | | | | cleanly terminate the session, as described |
| | | described in Section 6.1. | | | | in Section 6.1. |
| | | | | | | |
| XFER_SEGMENT | 0x01 | Indicates the transmission of | | XFER_SEGMENT | 0x01 | Indicates the transmission of a segment of |
| | | a segment of bundle data, as described in | | | | bundle data, as described in Section 5.2.2. |
| | | Section 5.2.2. |
| | | | | | | |
| XFER_ACK | 0x02 | Acknowledges reception of a | | XFER_ACK | 0x02 | Acknowledges reception of a data segment, |
| | | data segment, as described in | | | | as described in Section 5.2.3. |
| | | Section 5.2.3. |
| | | | | | | |
| XFER_REFUSE | 0x03 | Indicates that the | | XFER_REFUSE | 0x03 | Indicates that the transmission of the |
| | | transmission of the current bundle SHALL be | | | | current bundle SHALL be stopped, as |
| | | stopped, as described in | | | | described in Section 5.2.4. |
| | | Section 5.2.4. |
| | | | | | | |
| KEEPALIVE | 0x04 | Used to keep TCPCL session | | KEEPALIVE | 0x04 | Used to keep TCPCL session active, as |
| | | active, as described in | | | | described in Section 5.1.1. |
| | | Section 5.1.1. |
| | | | | | | |
| MSG_REJECT | 0x06 | Contains a TCPCL message | | MSG_REJECT | 0x06 | Contains a TCPCL message rejection, as |
| | | rejection, as described in | | | | described in Section 5.1.2. |
| | | Section 5.1.2. |
+--------------+------+---------------------------------------------+ +--------------+------+---------------------------------------------+
Table 2: TCPCL Message Types Table 2: TCPCL Message Types
4.6. Session Initialization Message (SESS_INIT) 4.6. Session Initialization Message (SESS_INIT)
Before a session is established and ready to transfer bundles, the Before a session is established and ready to transfer bundles, the
session parameters are negotiated between the connected entities. session parameters are negotiated between the connected entities.
The SESS_INIT message is used to convey the per-entity parameters The SESS_INIT message is used to convey the per-entity parameters
which are used together to negotiate the per-session parameters as which are used together to negotiate the per-session parameters as
skipping to change at page 34, line 40 skipping to change at page 35, line 30
+-----------------------------+ +-----------------------------+
| Session Extension | | Session Extension |
| Items (var.) | | Items (var.) |
+-----------------------------+ +-----------------------------+
Figure 19: SESS_INIT Format Figure 19: SESS_INIT Format
The fields of the SESS_INIT message are: The fields of the SESS_INIT message are:
Keepalive Interval: A 16-bit unsigned integer indicating the minimum Keepalive Interval: A 16-bit unsigned integer indicating the minimum
interval, in seconds, to negotiate the Session Keepalive using the interval, in seconds, to negotiate as the Session Keepalive using
method of Section 4.7. the method of Section 4.7.
Segment MRU: A 64-bit unsigned integer indicating the largest Segment MRU: A 64-bit unsigned integer indicating the largest
allowable single-segment data payload size to be received in this allowable single-segment data payload size to be received in this
session. Any XFER_SEGMENT sent to this peer SHALL have a data session. Any XFER_SEGMENT sent to this peer SHALL have a data
payload no longer than the peer's Segment MRU. The two entities payload no longer than the peer's Segment MRU. The two entities
of a single session MAY have different Segment MRUs, and no of a single session MAY have different Segment MRUs, and no
relation between the two is required. relation between the two is required.
Transfer MRU: A 64-bit unsigned integer indicating the largest Transfer MRU: A 64-bit unsigned integer indicating the largest
allowable total-bundle data size to be received in this session. allowable total-bundle data size to be received in this session.
skipping to change at page 35, line 37 skipping to change at page 36, line 27
Extension Item is within a consistent data container as described Extension Item is within a consistent data container as described
in Section 4.8. The full set of Session Extension Items apply for in Section 4.8. The full set of Session Extension Items apply for
the duration of the TCPCL session to follow. The order and the duration of the TCPCL session to follow. The order and
multiplicity of these Session Extension Items is significant, as multiplicity of these Session Extension Items is significant, as
defined in the associated type specification(s). If the content defined in the associated type specification(s). If the content
of the Session Extension Items data disagrees with the Session of the Session Extension Items data disagrees with the Session
Extension Length (e.g., the last Item claims to use more octets Extension Length (e.g., the last Item claims to use more octets
than are present in the Session Extension Length), the reception than are present in the Session Extension Length), the reception
of the SESS_INIT is considered to have failed. of the SESS_INIT is considered to have failed.
When the active entity initiates a TCPCL session, it is likely based
on routing information which binds a Node ID to CL parameters. If
the active entity receives a SESS_INIT with different Node ID than
was intended for the TCPCL session, the session MAY be allowed to be
established. If allowed, such a session SHALL be associated with the
Node ID provided in the SESS_INIT message rather than any intended
value.
4.7. Session Parameter Negotiation 4.7. Session Parameter Negotiation
An entity calculates the parameters for a TCPCL session by An entity calculates the parameters for a TCPCL session by
negotiating the values from its own preferences (conveyed by the negotiating the values from its own preferences (conveyed by the
SESS_INIT it sent to the peer) with the preferences of the peer node SESS_INIT it sent to the peer) with the preferences of the peer node
(expressed in the SESS_INIT that it received from the peer). The (expressed in the SESS_INIT that it received from the peer). The
negotiated parameters defined by this specification are described in negotiated parameters defined by this specification are described in
the following paragraphs. the following paragraphs.
Transfer MTU and Segment MTU: The maximum transmit unit (MTU) for Transfer MTU and Segment MTU: The maximum transmit unit (MTU) for
whole transfers and individual segments are identical to the whole transfers and individual segments are identical to the
Transfer MRU and Segment MRU, respectively, of the received Transfer MRU and Segment MRU, respectively, of the received
Contact Header. A transmitting peer can send individual segments SESS_INIT message. A transmitting peer can send individual
with any size smaller than the Segment MTU, depending on local segments with any size smaller than the Segment MTU, depending on
policy, dynamic network conditions, etc. Determining the size of local policy, dynamic network conditions, etc. Determining the
each transmitted segment is an implementation matter. If either size of each transmitted segment is an implementation matter. If
the Transfer MRU or Segment MRU is unacceptable, the entity SHALL either the Transfer MRU or Segment MRU is unacceptable, the entity
terminate the session with a reason code of "Contact Failure". SHALL terminate the session with a reason code of "Contact
Failure".
Session Keepalive: Negotiation of the Session Keepalive parameter is Session Keepalive: Negotiation of the Session Keepalive parameter is
performed by taking the minimum of the two Contact Headers' performed by taking the minimum of the two Keepalive Interval
Keepalive Interval values. The Session Keepalive interval is a values from the two SESS_INIT messages. The Session Keepalive
parameter for the behavior described in Section 5.1.1. If the interval is a parameter for the behavior described in
Session Keepalive interval is unacceptable, the entity SHALL Section 5.1.1. If the Session Keepalive interval is unacceptable,
terminate the session with a reason code of "Contact Failure". the entity SHALL terminate the session with a reason code of
Note: a negotiated Session Keepalive of zero indicates that "Contact Failure". Note: a negotiated Session Keepalive of zero
KEEPALIVEs are disabled. indicates that KEEPALIVEs are disabled.
Once this process of parameter negotiation is completed (which Once this process of parameter negotiation is completed (which
includes a possible completed TLS handshake of the connection to use includes a possible completed TLS handshake of the connection to use
TLS), this protocol defines no additional mechanism to change the TLS), this protocol defines no additional mechanism to change the
parameters of an established session; to effect such a change, the parameters of an established session; to effect such a change, the
TCPCL session MUST be terminated and a new session established. TCPCL session MUST be terminated and a new session established.
4.8. Session Extension Items 4.8. Session Extension Items
Each of the Session Extension Items SHALL be encoded in an identical Each of the Session Extension Items SHALL be encoded in an identical
skipping to change at page 37, line 23 skipping to change at page 38, line 23
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
Figure 20: Session Extension Item Format Figure 20: Session Extension Item Format
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| CRITICAL | 0x01 | If bit is set, indicates that the receiving | | CRITICAL | 0x01 | If bit is set, indicates that the receiving |
| | | peer must handle the extension item. | | | | peer must handle the extension item. |
| | | | | | | |
| Reserved | others | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
Table 3: Session Extension Item Flags Table 3: Session Extension Item Flags
5. Established Session Operation 5. Established Session Operation
This section describes the protocol operation for the duration of an This section describes the protocol operation for the duration of an
established session, including the mechanism for transmitting bundles established session, including the mechanism for transmitting bundles
over the session. over the session.
skipping to change at page 42, line 19 skipping to change at page 43, line 19
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| END | 0x01 | If bit is set, indicates that this is the | | END | 0x01 | If bit is set, indicates that this is the |
| | | last segment of the transfer. | | | | last segment of the transfer. |
| | | | | | | |
| START | 0x02 | If bit is set, indicates that this is the | | START | 0x02 | If bit is set, indicates that this is the |
| | | first segment of the transfer. | | | | first segment of the transfer. |
| | | | | | | |
| Reserved | others | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
Table 5: XFER_SEGMENT Flags Table 5: XFER_SEGMENT Flags
The flags portion of the message contains two flag values in the two The flags portion of the message contains two flag values in the two
low-order bits, denoted 'START' and 'END' in Table 5. The 'START' low-order bits, denoted 'START' and 'END' in Table 5. The 'START'
flag SHALL be set to 1 when transmitting the first segment of a flag SHALL be set to 1 when transmitting the first segment of a
transfer. The 'END' flag SHALL be set to 1 when transmitting the transfer. The 'END' flag SHALL be set to 1 when transmitting the
last segment of a transfer. In the case where an entire transfer is last segment of a transfer. In the case where an entire transfer is
accomplished in a single segment, both the 'START' and 'END' flags accomplished in a single segment, both the 'START' and 'END' flags
skipping to change at page 47, line 11 skipping to change at page 48, line 11
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
Figure 25: Transfer Extension Item Format Figure 25: Transfer Extension Item Format
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| CRITICAL | 0x01 | If bit is set, indicates that the receiving | | CRITICAL | 0x01 | If bit is set, indicates that the receiving |
| | | peer must handle the extension item. | | | | peer must handle the extension item. |
| | | | | | | |
| Reserved | others | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
Table 7: Transfer Extension Item Flags Table 7: Transfer Extension Item Flags
5.2.5.1. Transfer Length Extension 5.2.5.1. Transfer Length Extension
The purpose of the Transfer Length extension is to allow entities to The purpose of the Transfer Length extension is to allow entities to
preemptively refuse bundles that would exceed their resources or to preemptively refuse bundles that would exceed their resources or to
prepare storage on the receiving node for the upcoming bundle data. prepare storage on the receiving node for the upcoming bundle data.
skipping to change at page 49, line 38 skipping to change at page 50, line 38
Reason Code: A one-octet refusal reason code interpreted according Reason Code: A one-octet refusal reason code interpreted according
to the descriptions in Table 9. to the descriptions in Table 9.
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
| REPLY | 0x01 | If bit is set, indicates that this message is | | REPLY | 0x01 | If bit is set, indicates that this message is |
| | | an acknowledgement of an earlier SESS_TERM | | | | an acknowledgement of an earlier SESS_TERM |
| | | message. | | | | message. |
| | | | | | | |
| Reserved | others | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+-----------------------------------------------+
Table 8: SESS_TERM Flags Table 8: SESS_TERM Flags
+--------------+------+---------------------------------------------+ +--------------+------+---------------------------------------------+
| Name | Code | Description | | Name | Code | Description |
+--------------+------+---------------------------------------------+ +--------------+------+---------------------------------------------+
| Unknown | 0x00 | A termination reason is not available. | | Unknown | 0x00 | A termination reason is not available. |
| | | | | | | |
| Idle timeout | 0x01 | The session is being closed due to | | Idle timeout | 0x01 | The session is being closed due to |
skipping to change at page 53, line 39 skipping to change at page 54, line 39
used by the CA. The configuration and use of particular certificate used by the CA. The configuration and use of particular certificate
validation methods are outside of the scope of this document. validation methods are outside of the scope of this document.
8.7. Threat: Symmetric Key Limits 8.7. Threat: Symmetric Key Limits
Even with a secure block cipher and securely-established session Even with a secure block cipher and securely-established session
keys, there are limits to the amount of plaintext which can be safely keys, there are limits to the amount of plaintext which can be safely
encrypted with a given set of keys as described in [AEAD-LIMITS]. encrypted with a given set of keys as described in [AEAD-LIMITS].
When permitted by the negotiated TLS version (see [RFC8446]), it is When permitted by the negotiated TLS version (see [RFC8446]), it is
advisable to take advantage of session key updates to avoid those advisable to take advantage of session key updates to avoid those
limits. When key updates are not possible, renegotiation of the TLS limits.
connection or establishing new TCPCL/TLS session are alternatives to
limit session key use.
8.8. Threat: BP Node Impersonation 8.8. Threat: BP Node Impersonation
The certificates exchanged by TLS enable authentication of peer host The certificates exchanged by TLS enable authentication of peer DNS
name and Node ID, but it is possible that a peer either not provide a name and Node ID, but it is possible that a peer either not provide a
valid certificate or that the certificate does not validate either valid certificate or that the certificate does not validate either
the host name or Node ID of the peer (see Section 3.4). Having a CA- the DNS name or Node ID of the peer (see Section 3.4). Having a CA-
validated certificate does not alone guarantee the identity of the validated certificate does not alone guarantee the identity of the
network host or BP node from which the certificate is provided; network host or BP node from which the certificate is provided;
additional validation procedures in Section 4.4.2 bind the host name additional validation procedures in Section 4.4.2 bind the DNS name
or node ID based on the contents of the certificate. or node ID based on the contents of the certificate.
The host name validation is a weaker form of authentication, because The DNS name validation is a weaker form of authentication, because
even if a peer is operating on an authenticated network host name it even if a peer is operating on an authenticated network DNS name it
can provide an invalid Node ID and cause bundles to be "leaked" to an can provide an invalid Node ID and cause bundles to be "leaked" to an
invalid node. Especially in DTN environments, network names and invalid node. Especially in DTN environments, network names and
addresses of nodes can be time-variable so binding a certificate to a addresses of nodes can be time-variable so binding a certificate to a
Node ID is a more stable identity. Node ID is a more stable identity.
Node ID validation ensures that the peer to which a bundle is Node ID validation ensures that the peer to which a bundle is
transferred is in fact the node which the BP Agent expects it to be. transferred is in fact the node which the BP Agent expects it to be.
It is a reasonable policy to skip host name validation if It is a reasonable policy to skip DNS name validation if certificates
certificates can be guaranteed to validate the peer's Node ID. In can be guaranteed to validate the peer's Node ID. In circumstances
circumstances where certificates can only be issued to network host where certificates can only be issued to DNS names, Node ID
names, Node ID validation is not possible but it could be reasonable validation is not possible but it could be reasonable to assume that
to assume that a trusted host is not going to present an invalid Node a trusted host is not going to present an invalid Node ID.
ID. Determining of when a host name authentication can be trusted to Determining of when a DNS name authentication can be trusted to
validate a Node ID is also a policy matter outside the scope of this validate a Node ID is also a policy matter outside the scope of this
document. document.
8.9. Threat: Denial of Service 8.9. Threat: Denial of Service
The behaviors described in this section all amount to a potential The behaviors described in this section all amount to a potential
denial-of-service to a TCPCL entity. The denial-of-service could be denial-of-service to a TCPCL entity. The denial-of-service could be
limited to an individual TCPCL session, could affect other well- limited to an individual TCPCL session, could affect other well-
behaving sessions on an entity, or could affect all sessions on a behaving sessions on an entity, or could affect all sessions on a
host. host.
skipping to change at page 55, line 30 skipping to change at page 56, line 30
specification, but are outside of the scope of this document. The specification, but are outside of the scope of this document. The
following subsections give examples of alternate TLS uses. following subsections give examples of alternate TLS uses.
8.10.1. TLS Without Authentication 8.10.1. TLS Without Authentication
In environments where PKI is available but there are restrictions on In environments where PKI is available but there are restrictions on
the issuance of certificates (including the contents of the issuance of certificates (including the contents of
certificates), it may be possible to make use of TLS in a way which certificates), it may be possible to make use of TLS in a way which
authenticates only the passive entity of a TCPCL session or which authenticates only the passive entity of a TCPCL session or which
does not authenticate either entity. Using TLS in a way which does does not authenticate either entity. Using TLS in a way which does
not authenticate both peer entities of each TCPCL session is outside not successfully authenticate some claim of both peer entities of a
of the scope of this document but does have similar properties to the TCPCL session is outside of the scope of this document but does have
opportunistic security model of [RFC7435]. similar properties to the opportunistic security model of [RFC7435].
8.10.2. Non-Certificate TLS Use 8.10.2. Non-Certificate TLS Use
In environments where PKI is unavailable, alternate uses of TLS which In environments where PKI is unavailable, alternate uses of TLS which
do not require certificates such as pre-shared key (PSK) do not require certificates such as pre-shared key (PSK)
authentication [RFC5489] and the use of raw public keys [RFC7250] are authentication [RFC5489] and the use of raw public keys [RFC7250] are
available and can be used to ensure confidentiality within TCPCL. available and can be used to ensure confidentiality within TCPCL.
Using non-PKI node authentication methods is outside of the scope of Using non-PKI node authentication methods is outside of the scope of
this document. this document.
skipping to change at page 57, line 18 skipping to change at page 58, line 18
| 0 | Reserved | [RFC7242] | | 0 | Reserved | [RFC7242] |
| | | | | | | |
| 1 | Reserved | [RFC7242] | | 1 | Reserved | [RFC7242] |
| | | | | | | |
| 2 | Reserved | [RFC7242] | | 2 | Reserved | [RFC7242] |
| | | | | | | |
| 3 | TCPCL | [RFC7242] | | 3 | TCPCL | [RFC7242] |
| | | | | | | |
| 4 | TCPCLv4 | This specification. | | 4 | TCPCLv4 | This specification. |
| | | | | | | |
| 5-255 | Unassigned | | 5-255 | Unassigned | |
+-------+-------------+-----------------------------------+ +-------+-------------+-----------------------------------+
9.3. Session Extension Types 9.3. Session Extension Types
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 Session Extension Types" and initialize it with the contents of 4 Session Extension Types" and initialize it with the contents of
skipping to change at page 63, line 34 skipping to change at page 64, line 34
This specification is based on comments on implementation of This specification is based on comments on implementation of
[RFC7242] provided from Scott Burleigh. [RFC7242] provided from Scott Burleigh.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-dtn-bpbis] [I-D.ietf-dtn-bpbis]
Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol
Version 7", draft-ietf-dtn-bpbis-25 (work in progress), Version 7", draft-ietf-dtn-bpbis-26 (work in progress),
May 2020. July 2020.
[IANA-BUNDLE] [IANA-BUNDLE]
IANA, "Bundle Protocol", IANA, "Bundle Protocol",
<https://www.iana.org/assignments/bundle/>. <https://www.iana.org/assignments/bundle/>.
[IANA-PORTS] [IANA-PORTS]
IANA, "Service Name and Transport Protocol Port Number IANA, "Service Name and Transport Protocol Port Number
Registry", <https://www.iana.org/assignments/service- Registry", <https://www.iana.org/assignments/service-
names-port-numbers/>. names-port-numbers/>.
skipping to change at page 65, line 26 skipping to change at page 66, line 26
[github-dtn-bpbis-tcpcl] [github-dtn-bpbis-tcpcl]
Sipos, B., "TCPCL Example Implementation", Sipos, B., "TCPCL Example Implementation",
<https://github.com/BSipos-RKF/dtn-bpbis-tcpcl/>. <https://github.com/BSipos-RKF/dtn-bpbis-tcpcl/>.
[I-D.ietf-dtn-bibect] [I-D.ietf-dtn-bibect]
Burleigh, S., "Bundle-in-Bundle Encapsulation", draft- Burleigh, S., "Bundle-in-Bundle Encapsulation", draft-
ietf-dtn-bibect-03 (work in progress), February 2020. ietf-dtn-bibect-03 (work in progress), February 2020.
[I-D.ietf-dtn-bpsec] [I-D.ietf-dtn-bpsec]
Birrane, E. and K. McKeever, "Bundle Protocol Security Birrane, E. and K. McKeever, "Bundle Protocol Security
Specification", draft-ietf-dtn-bpsec-22 (work in Specification", draft-ietf-dtn-bpsec-23 (work in
progress), March 2020. progress), October 2020.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, DOI 10.17487/RFC2595, June 1999, RFC 2595, DOI 10.17487/RFC2595, June 1999,
<https://www.rfc-editor.org/info/rfc2595>. <https://www.rfc-editor.org/info/rfc2595>.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552, Text on Security Considerations", BCP 72, RFC 3552,
DOI 10.17487/RFC3552, July 2003, DOI 10.17487/RFC3552, July 2003,
<https://www.rfc-editor.org/info/rfc3552>. <https://www.rfc-editor.org/info/rfc3552>.
 End of changes. 53 change blocks. 
179 lines changed or deleted 189 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/