--- 1/draft-ietf-dtn-tcpclv4-21.txt 2020-10-26 21:13:14.088082449 -0700
+++ 2/draft-ietf-dtn-tcpclv4-22.txt 2020-10-26 21:13:14.252086607 -0700
@@ -1,22 +1,22 @@
Delay-Tolerant Networking B. Sipos
Internet-Draft RKF Engineering
Intended status: Standards Track M. Demmer
-Expires: December 11, 2020 UC Berkeley
+Expires: April 29, 2021 UC Berkeley
J. Ott
Aalto University
S. Perreault
- June 9, 2020
+ October 26, 2020
Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4
- draft-ietf-dtn-tcpclv4-21
+ draft-ietf-dtn-tcpclv4-22
Abstract
This document describes a TCP-based convergence layer (TCPCL) for
Delay-Tolerant Networking (DTN). This version of the TCPCL protocol
resolves implementation issues in the earlier TCPCL Version 3 of
RFC7242 and updates to the Bundle Protocol (BP) contents, encodings,
and convergence layer requirements in BP Version 7. Specifically,
the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit
being transported and provides a reliable transport of such bundles.
@@ -31,21 +31,21 @@
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
- This Internet-Draft will expire on December 11, 2020.
+ This Internet-Draft will expire on April 29, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
@@ -70,68 +70,68 @@
3.6. Transfer Segmentation Policies . . . . . . . . . . . . . 21
3.7. Example Message Exchange . . . . . . . . . . . . . . . . 22
4. Session Establishment . . . . . . . . . . . . . . . . . . . . 23
4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 24
4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 25
4.3. Contact Validation and Negotiation . . . . . . . . . . . 26
4.4. Session Security . . . . . . . . . . . . . . . . . . . . 27
4.4.1. Entity Identification . . . . . . . . . . . . . . . . 28
4.4.2. TLS Handshake . . . . . . . . . . . . . . . . . . . . 29
4.4.3. TLS Authentication . . . . . . . . . . . . . . . . . 30
- 4.4.4. Example TLS Initiation . . . . . . . . . . . . . . . 31
- 4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 32
+ 4.4.4. Example TLS Initiation . . . . . . . . . . . . . . . 32
+ 4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 33
4.6. Session Initialization Message (SESS_INIT) . . . . . . . 34
- 4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 35
- 4.8. Session Extension Items . . . . . . . . . . . . . . . . . 36
- 5. Established Session Operation . . . . . . . . . . . . . . . . 37
- 5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 37
- 5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 37
- 5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 38
- 5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 39
- 5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 40
- 5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 40
- 5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 42
- 5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 43
- 5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 46
- 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 48
- 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 48
- 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 51
- 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 51
- 8. Security Considerations . . . . . . . . . . . . . . . . . . . 51
- 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 52
- 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 52
- 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 52
- 8.4. Threat: Transport Security Stripping . . . . . . . . . . 52
- 8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 53
- 8.6. Threat: Certificate Validation Vulnerabilities . . . . . 53
- 8.7. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 53
- 8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 53
- 8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 54
- 8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 55
- 8.10.1. TLS Without Authentication . . . . . . . . . . . . . 55
- 8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 55
- 8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 55
- 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56
- 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 56
- 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 56
- 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 57
- 9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 58
- 9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 59
- 9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 60
- 9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 61
- 9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 62
- 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 63
- 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 63
- 11.1. Normative References . . . . . . . . . . . . . . . . . . 63
- 11.2. Informative References . . . . . . . . . . . . . . . . . 65
- Appendix A. Significant changes from RFC7242 . . . . . . . . . . 66
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 68
+ 4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 36
+ 4.8. Session Extension Items . . . . . . . . . . . . . . . . . 37
+ 5. Established Session Operation . . . . . . . . . . . . . . . . 38
+ 5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 38
+ 5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 38
+ 5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 39
+ 5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 40
+ 5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 41
+ 5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 41
+ 5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 43
+ 5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 44
+ 5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 47
+ 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 49
+ 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 49
+ 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 52
+ 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 52
+ 8. Security Considerations . . . . . . . . . . . . . . . . . . . 52
+ 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 53
+ 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 53
+ 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 53
+ 8.4. Threat: Transport Security Stripping . . . . . . . . . . 53
+ 8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 54
+ 8.6. Threat: Certificate Validation Vulnerabilities . . . . . 54
+ 8.7. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 54
+ 8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 54
+ 8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 55
+ 8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 56
+ 8.10.1. TLS Without Authentication . . . . . . . . . . . . . 56
+ 8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 56
+ 8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 56
+ 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57
+ 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 57
+ 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 57
+ 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 58
+ 9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 59
+ 9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 60
+ 9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 61
+ 9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 62
+ 9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 63
+ 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 64
+ 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 64
+ 11.1. Normative References . . . . . . . . . . . . . . . . . . 64
+ 11.2. Informative References . . . . . . . . . . . . . . . . . 66
+ Appendix A. Significant changes from RFC7242 . . . . . . . . . . 67
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69
1. Introduction
This document describes the TCP-based convergence-layer protocol for
Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to-
end architecture providing communications in and/or through highly
stressed environments, including those with intermittent
connectivity, long and/or variable delays, and high bit error rates.
More detailed descriptions of the rationale and capabilities of these
networks can be found in "Delay-Tolerant Network Architecture"
@@ -883,23 +883,23 @@
Many other policies can be established in a TCPCL network between the
two extremes of single persistent sessions and only ephemeral
sessions. Different policies can be applied to each peer entity and
to each bundle as it needs to be transferred (e.g for quality of
service). Additionally, future session extension types can apply
further nuance to session policies and policy negotiation.
3.6. Transfer Segmentation Policies
- Each TCPCL session allows a negotiated transfer segmentation polcy to
- be applied in each transfer direction. A receiving node can set the
- Segment MRU in its SESS_INIT message to determine the largest
+ Each TCPCL session allows a negotiated transfer segmentation policy
+ to be applied in each transfer direction. A receiving node can set
+ the Segment MRU in its SESS_INIT message to determine the largest
acceptable segment size, and a transmitting node can segment a
transfer into any sizes smaller than the receiver's Segment MRU. It
is a network administration matter to determine an appropriate
segmentation policy for entities operating TCPCL, but guidance given
here can be used to steer policy toward performance goals. It is
also advised to consider the Segment MRU in relation to chunking/
packetization performed by TLS, TCP, and any intermediate network-
layer nodes.
Minimum Overhead: For a simple network expected to exchange
@@ -1067,21 +1067,22 @@
4.2. Contact Header
This section describes the format of the Contact Header and the
meaning of its fields.
If an entity is capable of exchanging messages according to TLS 1.3
[RFC8446] or any successors which are compatible with that TLS
ClientHello, the the CAN_TLS flag within its Contact Header SHALL be
set to 1. This behavior prefers the use of TLS when possible, even
if security policy does not allow or require authentication. This
- follows the opportunistic security model of [RFC7435].
+ follows the opportunistic security model of [RFC7435], though an
+ active attacker could interfere with the exchange in such cases.
Upon receipt of the Contact Header, both entities perform the
validation and negotiation procedures defined in Section 4.3. After
receiving the Contact Header from the other entity, either entity MAY
refuse the session by sending a SESS_TERM message with an appropriate
reason code.
The format for the Contact Header is as follows:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
@@ -1110,21 +1111,21 @@
to the descriptions in Table 1. All reserved header flag bits
SHALL be set to 0 by the sender. All reserved header flag bits
SHALL be ignored by the receiver.
+----------+--------+-----------------------------------------------+
| Name | Code | Description |
+----------+--------+-----------------------------------------------+
| CAN_TLS | 0x01 | If bit is set, indicates that the sending |
| | | peer is capable of TLS security. |
| | | |
- | Reserved | others |
+ | Reserved | others | |
+----------+--------+-----------------------------------------------+
Table 1: Contact Header Flags
4.3. Contact Validation and Negotiation
Upon reception of the Contact Header, each node follows the following
procedures to ensure the validity of the TCPCL session and to
negotiate values for the session parameters.
@@ -1223,54 +1224,54 @@
defines a prioritized list of what a certificate can identify about a
TCPCL entity:
Node ID: The ideal certificate identity is the Node ID of the entity
using the NODE-ID definition below. When the Node ID is
identified, there is no need for any lower-level identification to
take place.
DNS Name: If CA policy forbids a certificate to contain an arbitrary
NODE-ID but allows a DNS-ID to be identified then one or more
- stable host names can be identified in the certificate. The use
- of wildcard DNS-ID is discouraged due to the complex rules for
+ stable DNS names can be identified in the certificate. The use of
+ wildcard DNS-ID is discouraged due to the complex rules for
matching and dependence on implementation support for wildcard
matching (see Section 6.4.3 of [RFC6125]).
- Network Address: If no stable host name is available but a stable
+ Network Address: If no stable DNS name is available but a stable
network address is available and CA policy allows a certificate to
- contain a NETWORK-ID (as defined below) then one or more network
+ contain a IPADDR-ID (as defined below) then one or more network
addresses can be identified in the certificate.
- When only a DNS-ID or NETWORK-ID can be identified by a certificate,
+ When only a DNS-ID or IPADDR-ID can be identified by a certificate,
it is implied that an entity which authenticates using that
certificate is trusted to provide a valid Node ID in its SESS_INIT;
the certificate itself does not actually authenticate that Node ID.
The RECOMMENDED security policy of an entity is to validate a peer
- which authenticates its Node ID regardless of an authenticated host
+ which authenticates its Node ID regardless of an authenticated DNS
name or address, and only consider the host/address authentication in
the absence of an authenticated Node ID.
This specification defines a NODE-ID of a certificate as being the
subjectAltName entry of type uniformResourceIdentifier whose value is
a URI consistent with the requirements of [RFC3986] and the URI
schemes of the IANA "Bundle Protocol URI Scheme Type" registry. This
is similar to the URI-ID of [RFC6125] but does not require any
structure to the scheme-specific-part of the URI. Unless specified
otherwise by the definition of the URI scheme being authenticated,
URI matching of a NODE-ID SHALL use the URI comparison logic of
[RFC3986] and scheme-based normalization of those schemes specified
in [I-D.ietf-dtn-bpbis]. A URI scheme can refine this "exact match"
logic with rules about how Node IDs within that scheme are to be
compared with the certificate-authenticated NODE-ID.
- This specification defines a NETWORK-ID of a certificate as being the
+ This specification defines a IPADDR-ID of a certificate as being the
subjectAltName entry of type iPAddress whose value is encoded
according to [RFC5280].
4.4.2. TLS Handshake
The use of TLS is negotiated using the Contact Header as described in
Section 4.3. After negotiating an Enable TLS parameter of true, and
before any other TCPCL messages are sent within the session, the
session entities SHALL begin a TLS handshake in accordance with
[RFC8446]. By convention, this protocol uses the entity which
@@ -1280,122 +1281,129 @@
The TLS handshake, if it occurs, is considered to be part of the
contact negotiation before the TCPCL session itself is established.
Specifics about sensitive data exposure are discussed in Section 8.
The parameters within each TLS negotiation are implementation
dependent but any TCPCL node SHALL follow all recommended practices
of BCP 195 [RFC7525], or any updates or successors that become part
of BCP 195. Within each TLS handshake, the following requirements
apply (using the rough order in which they occur):
- Client Hello: When a resolved host name was used to establish the
- TCP connection, the TLS ClientHello SHOULD include a Server Name
- Indication (SNI) in accordance with [RFC6066] containing that host
- name (of the passive entity) which was resolved. Note: The SNI
- text is the network-layer name for the passive entity, which is
- not the Node ID of that entity.
+ Client Hello: When a resolved DNS name was used to establish the TCP
+ connection, the TLS ClientHello SHOULD include a Server Name
+ Indication (SNI) in accordance with [RFC6066]. When present, the
+ "server_name" extension SHALL contain a "HostName" value taken
+ from the DNS name (of the passive entity) which was resolved.
+ Note: The 'HostName in the "server_name" extension is the network
+ name for the passive entity, not the Node ID of that entity.
Server Certificate: The passive entity SHALL supply a certificate
within the TLS handshake to allow authentication of its side of
the session. Unless prohibited by CA policy, the passive entity
certificate SHALL contain a NODE-ID which authenticates the Node
- ID of the peer. When assigned a stable host name, the passive
+ ID of the peer. When assigned a stable DNS name, the passive
entity certificate SHOULD contain a DNS-ID which authenticates
that (fully qualified) name. When assigned a stable network
- address, the passive entity certificate MAY contain a NETWORK-ID
+ address, the passive entity certificate MAY contain a IPADDR-ID
which authenticates that address. The passive entity MAY use the
- SNI host name to choose an appropriate server-side certificate
- which authenticates that host name.
+ SNI DNS name to choose an appropriate server-side certificate
+ which authenticates that DNS name.
Certificate Request: During TLS handshake, the passive entity SHALL
request a client-side certificate.
Client Certificate: The active entity SHALL supply a certificate
chain within the TLS handshake to allow authentication of its side
of the session. Unless prohibited by CA policy, the active entity
certificate SHALL contain a NODE-ID which authenticates the Node
- ID of the peer. When assigned a stable host name, the active
+ ID of the peer. When assigned a stable DNS name, the active
entity certificate SHOULD contain a DNS-ID which authenticates
that (fully qualified) name. When assigned a stable network
- address, the active entity certificate MAY contain a NETWORK-ID
+ address, the active entity certificate MAY contain a IPADDR-ID
which authenticates that address.
All certificates supplied during TLS handshake SHALL conform to
[RFC5280], or any updates or successors to that profile. When a
certificate is supplied during TLS handshake, the full certification
chain SHOULD be included unless security policy indicates that is
unnecessary.
If a TLS handshake cannot negotiate a TLS connection, both entities
of the TCPCL session SHALL close the TCP connection. At this point
the TCPCL session has not yet been established so there is no TCPCL
session to terminate.
After a TLS connection is successfully established, the active entity
SHALL send a SESS_INIT message to begin session negotiation. This
session negotiation and all subsequent messaging are secured.
4.4.3. TLS Authentication
Using PKIX certificates exchanged during the TLS handshake, each of
- the entities can attempt to authenticate its peer Node ID directly or
- authenticate the peer host name or network address. The Node ID
- exchanged in the Session Initialization is likely to be used by the
- BP agent for making transfer and routing decisions, so attempting
- Node ID validation is required while attempting host name validation
- is optional. The logic for attempting validation is separate from
- the logic for handling the result of validation, which is based on
- local security policy.
+ the entities can authenticate a peer Node ID directly or authenticate
+ the peer DNS name or network address. The logic for attempting
+ authentication is separate from the logic for handling the result of
+ authentication, which is based on local security policy.
- By using the SNI host name (see Section 4.4.2) a single passive
- entity can act as a convergence layer for multiple BP agents with
- distinct Node IDs. When this "virtual host" behavior is used, the
- host name is used as the indication of which BP Node the active
- entity is attempting to communicate with. A virtual host CL entity
- can be authenticated by a certificate containing all of the host
- names and/or Node IDs being hosted or by several certificates each
- authenticating a single host name and/or Node ID, using the SNI value
- from the peer to select which certificate to use.
+ By using the SNI DNS name (see Section 4.4.2) a single passive entity
+ can act as a convergence layer for multiple BP agents with distinct
+ Node IDs. When this "virtual host" behavior is used, the DNS name is
+ used as the indication of which BP Node the active entity is
+ attempting to communicate with. A virtual host CL entity can be
+ authenticated by a certificate containing all of the DNS names and/or
+ Node IDs being hosted or by several certificates each authenticating
+ a single DNS name and/or Node ID, using the SNI value from the peer
+ to select which certificate to use.
Any certificate received during TLS handshake SHALL be validated up
to one or more trusted CA certificates. If certificate validation
fails or if security policy disallows a certificate for any reason,
the entity SHALL terminate the session (with a reason code of
"Contact Failure").
+ The result of authenticating a peer value against a certificate claim
+ is one of:
+
+ Absent: Indicating that the claim type is not present in the
+ certificate and cannot be authenticated.
+
+ Success: Indicating the claim type is present and matches the peer
+ (Node ID / DNS name / address) value.
+
+ Failure: Indicating the claim type is present but did not match the
+ peer value.
+
Either during or immediately after the TLS handshake, the active
- entity SHALL attempt to authenticate the host name (of the passive
- entity) used to initiate the TCP connection using any DNS-ID of the
- peer certificate. If host name validation fails (including failure
- because the certificate does not contain any DNS-ID) and security
- policy disallows an unauthenticated host, the entity SHALL terminate
- the session (with a reason code of "Contact Failure").
+ entity SHALL authenticate the DNS name (of the passive entity) used
+ to initiate the TCP connection using any DNS-ID of the peer
+ certificate. If the DNS name authentication result is Failure or if
+ the result is Absent and security policy requires an authenticated
+ DNS name, the entity SHALL terminate the session (with a reason code
+ of "Contact Failure").
Either during or immediately after the TLS handshake, the active
- entity SHALL attempt to authenticate the IP address of the other side
- of the TCP connection using any NETWORK-ID of the peer certificate.
- Either during or immediately after the TLS handshake, the passive
- entity SHALL attempt to authenticate the IP address of the other side
- of the TCP connection using any NETWORK-ID of the peer certificate.
- If host address validation fails (including failure because the
- certificate does not contain any NETWORK-ID) and security policy
- disallows an unauthenticated host, the entity SHALL terminate the
- session (with a reason code of "Contact Failure").
+ entity SHALL authenticate the IP address of the other side of the TCP
+ connection using any IPADDR-ID of the peer certificate. Either
+ during or immediately after the TLS handshake, the passive entity
+ SHALL authenticate the IP address of the other side of the TCP
+ connection using any IPADDR-ID of the peer certificate. If the
+ address authentication result is Failure or if the result is Absent
+ and security policy requires an authenticated network address, the
+ entity SHALL terminate the session (with a reason code of "Contact
+ Failure").
Immediately before Session Parameter Negotiation, each side of the
- session SHALL perform Node ID validation of its peer as described
- below. Node ID validation SHALL succeed if the associated
- certificate includes a NODE-ID whose value matches the Node ID of the
- TCPCL entity. If Node ID validation fails (including failure because
- the certificate does not contain any NODE-ID) and security policy
- disallows an unauthenticated Node ID, the entity SHALL terminate the
- session (with a reason code of "Contact Failure").
+ session SHALL authenticate the Node ID of the peer's SESS_INIT
+ message using any NODE-ID of the peer certificate. If the Node ID
+ authentication result is Failure or if the result is Absent and
+ security policy requires an authenticated Node ID, the entity SHALL
+ terminate the session (with a reason code of "Contact Failure").
4.4.4. Example TLS Initiation
A summary of a typical TLS use is shown in the sequence in Figure 17
below. In this example the active peer terminates the session but
termination can be initiated from either peer.
Entity A Entity B
active peer passive peer
@@ -1406,21 +1414,21 @@
+-------------------------+
| Contact Header | -> +-------------------------+
+-------------------------+ <- | Contact Header |
+-------------------------+
+-------------------------+ +-------------------------+
| TLS Negotiation | -> <- | TLS Negotiation |
| (as client) | | (as server) |
+-------------------------+ +-------------------------+
- Host name validation occurs.
+ DNS name validation occurs.
Secured TCPCL messaging can begin.
+-------------------------+
| SESS_INIT | -> +-------------------------+
+-------------------------+ <- | SESS_INIT |
+-------------------------+
Node ID validation occurs.
Session is established, transfers can begin.
@@ -1453,49 +1461,44 @@
Figure 18: Format of the Message Header
The message header fields are as follows:
Message Type: Indicates the type of the message as per Table 2
below. Encoded values are listed in Section 9.5.
+--------------+------+---------------------------------------------+
| Name | Code | Description |
+--------------+------+---------------------------------------------+
- | SESS_INIT | 0x07 | Contains the session parameter |
- | | | inputs from one of the entities, |
- | | | as described in Section 4.6. |
+ | SESS_INIT | 0x07 | Contains the session parameter inputs from |
+ | | | one of the entities, as described in |
+ | | | Section 4.6. |
| | | |
- | SESS_TERM | 0x05 | Indicates that one of the |
- | | | entities participating in the session |
- | | | wishes to cleanly terminate the session, as |
- | | | described in Section 6.1. |
+ | SESS_TERM | 0x05 | Indicates that one of the entities |
+ | | | participating in the session wishes to |
+ | | | cleanly terminate the session, as described |
+ | | | in Section 6.1. |
| | | |
- | XFER_SEGMENT | 0x01 | Indicates the transmission of |
- | | | a segment of bundle data, as described in |
- | | | Section 5.2.2. |
+ | XFER_SEGMENT | 0x01 | Indicates the transmission of a segment of |
+ | | | bundle data, as described in Section 5.2.2. |
| | | |
- | XFER_ACK | 0x02 | Acknowledges reception of a |
- | | | data segment, as described in |
- | | | Section 5.2.3. |
+ | XFER_ACK | 0x02 | Acknowledges reception of a data segment, |
+ | | | as described in Section 5.2.3. |
| | | |
- | XFER_REFUSE | 0x03 | Indicates that the |
- | | | transmission of the current bundle SHALL be |
- | | | stopped, as described in |
- | | | Section 5.2.4. |
+ | XFER_REFUSE | 0x03 | Indicates that the transmission of the |
+ | | | current bundle SHALL be stopped, as |
+ | | | described in Section 5.2.4. |
| | | |
- | KEEPALIVE | 0x04 | Used to keep TCPCL session |
- | | | active, as described in |
- | | | Section 5.1.1. |
+ | KEEPALIVE | 0x04 | Used to keep TCPCL session active, as |
+ | | | described in Section 5.1.1. |
| | | |
- | MSG_REJECT | 0x06 | Contains a TCPCL message |
- | | | rejection, as described in |
- | | | Section 5.1.2. |
+ | MSG_REJECT | 0x06 | Contains a TCPCL message rejection, as |
+ | | | described in Section 5.1.2. |
+--------------+------+---------------------------------------------+
Table 2: TCPCL Message Types
4.6. Session Initialization Message (SESS_INIT)
Before a session is established and ready to transfer bundles, the
session parameters are negotiated between the connected entities.
The SESS_INIT message is used to convey the per-entity parameters
which are used together to negotiate the per-session parameters as
@@ -1521,22 +1524,22 @@
+-----------------------------+
| Session Extension |
| Items (var.) |
+-----------------------------+
Figure 19: SESS_INIT Format
The fields of the SESS_INIT message are:
Keepalive Interval: A 16-bit unsigned integer indicating the minimum
- interval, in seconds, to negotiate the Session Keepalive using the
- method of Section 4.7.
+ interval, in seconds, to negotiate as the Session Keepalive using
+ the method of Section 4.7.
Segment MRU: A 64-bit unsigned integer indicating the largest
allowable single-segment data payload size to be received in this
session. Any XFER_SEGMENT sent to this peer SHALL have a data
payload no longer than the peer's Segment MRU. The two entities
of a single session MAY have different Segment MRUs, and no
relation between the two is required.
Transfer MRU: A 64-bit unsigned integer indicating the largest
allowable total-bundle data size to be received in this session.
@@ -1567,47 +1570,56 @@
Extension Item is within a consistent data container as described
in Section 4.8. The full set of Session Extension Items apply for
the duration of the TCPCL session to follow. The order and
multiplicity of these Session Extension Items is significant, as
defined in the associated type specification(s). If the content
of the Session Extension Items data disagrees with the Session
Extension Length (e.g., the last Item claims to use more octets
than are present in the Session Extension Length), the reception
of the SESS_INIT is considered to have failed.
+ When the active entity initiates a TCPCL session, it is likely based
+ on routing information which binds a Node ID to CL parameters. If
+ the active entity receives a SESS_INIT with different Node ID than
+ was intended for the TCPCL session, the session MAY be allowed to be
+ established. If allowed, such a session SHALL be associated with the
+ Node ID provided in the SESS_INIT message rather than any intended
+ value.
+
4.7. Session Parameter Negotiation
An entity calculates the parameters for a TCPCL session by
negotiating the values from its own preferences (conveyed by the
SESS_INIT it sent to the peer) with the preferences of the peer node
(expressed in the SESS_INIT that it received from the peer). The
negotiated parameters defined by this specification are described in
the following paragraphs.
Transfer MTU and Segment MTU: The maximum transmit unit (MTU) for
whole transfers and individual segments are identical to the
Transfer MRU and Segment MRU, respectively, of the received
- Contact Header. A transmitting peer can send individual segments
- with any size smaller than the Segment MTU, depending on local
- policy, dynamic network conditions, etc. Determining the size of
- each transmitted segment is an implementation matter. If either
- the Transfer MRU or Segment MRU is unacceptable, the entity SHALL
- terminate the session with a reason code of "Contact Failure".
+ SESS_INIT message. A transmitting peer can send individual
+ segments with any size smaller than the Segment MTU, depending on
+ local policy, dynamic network conditions, etc. Determining the
+ size of each transmitted segment is an implementation matter. If
+ either the Transfer MRU or Segment MRU is unacceptable, the entity
+ SHALL terminate the session with a reason code of "Contact
+ Failure".
Session Keepalive: Negotiation of the Session Keepalive parameter is
- performed by taking the minimum of the two Contact Headers'
- Keepalive Interval values. The Session Keepalive interval is a
- parameter for the behavior described in Section 5.1.1. If the
- Session Keepalive interval is unacceptable, the entity SHALL
- terminate the session with a reason code of "Contact Failure".
- Note: a negotiated Session Keepalive of zero indicates that
- KEEPALIVEs are disabled.
+ performed by taking the minimum of the two Keepalive Interval
+ values from the two SESS_INIT messages. The Session Keepalive
+ interval is a parameter for the behavior described in
+ Section 5.1.1. If the Session Keepalive interval is unacceptable,
+ the entity SHALL terminate the session with a reason code of
+ "Contact Failure". Note: a negotiated Session Keepalive of zero
+ indicates that KEEPALIVEs are disabled.
Once this process of parameter negotiation is completed (which
includes a possible completed TLS handshake of the connection to use
TLS), this protocol defines no additional mechanism to change the
parameters of an established session; to effect such a change, the
TCPCL session MUST be terminated and a new session established.
4.8. Session Extension Items
Each of the Session Extension Items SHALL be encoded in an identical
@@ -1649,21 +1661,21 @@
+---------------+---------------+---------------+---------------+
Figure 20: Session Extension Item Format
+----------+--------+-----------------------------------------------+
| Name | Code | Description |
+----------+--------+-----------------------------------------------+
| CRITICAL | 0x01 | If bit is set, indicates that the receiving |
| | | peer must handle the extension item. |
| | | |
- | Reserved | others |
+ | Reserved | others | |
+----------+--------+-----------------------------------------------+
Table 3: Session Extension Item Flags
5. Established Session Operation
This section describes the protocol operation for the duration of an
established session, including the mechanism for transmitting bundles
over the session.
@@ -1883,21 +1895,21 @@
+----------+--------+-----------------------------------------------+
| Name | Code | Description |
+----------+--------+-----------------------------------------------+
| END | 0x01 | If bit is set, indicates that this is the |
| | | last segment of the transfer. |
| | | |
| START | 0x02 | If bit is set, indicates that this is the |
| | | first segment of the transfer. |
| | | |
- | Reserved | others |
+ | Reserved | others | |
+----------+--------+-----------------------------------------------+
Table 5: XFER_SEGMENT Flags
The flags portion of the message contains two flag values in the two
low-order bits, denoted 'START' and 'END' in Table 5. The 'START'
flag SHALL be set to 1 when transmitting the first segment of a
transfer. The 'END' flag SHALL be set to 1 when transmitting the
last segment of a transfer. In the case where an entire transfer is
accomplished in a single segment, both the 'START' and 'END' flags
@@ -2107,21 +2119,21 @@
+---------------+---------------+---------------+---------------+
Figure 25: Transfer Extension Item Format
+----------+--------+-----------------------------------------------+
| Name | Code | Description |
+----------+--------+-----------------------------------------------+
| CRITICAL | 0x01 | If bit is set, indicates that the receiving |
| | | peer must handle the extension item. |
| | | |
- | Reserved | others |
+ | Reserved | others | |
+----------+--------+-----------------------------------------------+
Table 7: Transfer Extension Item Flags
5.2.5.1. Transfer Length Extension
The purpose of the Transfer Length extension is to allow entities to
preemptively refuse bundles that would exceed their resources or to
prepare storage on the receiving node for the upcoming bundle data.
@@ -2229,21 +2241,21 @@
Reason Code: A one-octet refusal reason code interpreted according
to the descriptions in Table 9.
+----------+--------+-----------------------------------------------+
| Name | Code | Description |
+----------+--------+-----------------------------------------------+
| REPLY | 0x01 | If bit is set, indicates that this message is |
| | | an acknowledgement of an earlier SESS_TERM |
| | | message. |
| | | |
- | Reserved | others |
+ | Reserved | others | |
+----------+--------+-----------------------------------------------+
Table 8: SESS_TERM Flags
+--------------+------+---------------------------------------------+
| Name | Code | Description |
+--------------+------+---------------------------------------------+
| Unknown | 0x00 | A termination reason is not available. |
| | | |
| Idle timeout | 0x01 | The session is being closed due to |
@@ -2405,50 +2417,48 @@
used by the CA. The configuration and use of particular certificate
validation methods are outside of the scope of this document.
8.7. Threat: Symmetric Key Limits
Even with a secure block cipher and securely-established session
keys, there are limits to the amount of plaintext which can be safely
encrypted with a given set of keys as described in [AEAD-LIMITS].
When permitted by the negotiated TLS version (see [RFC8446]), it is
advisable to take advantage of session key updates to avoid those
- limits. When key updates are not possible, renegotiation of the TLS
- connection or establishing new TCPCL/TLS session are alternatives to
- limit session key use.
+ limits.
8.8. Threat: BP Node Impersonation
- The certificates exchanged by TLS enable authentication of peer host
+ The certificates exchanged by TLS enable authentication of peer DNS
name and Node ID, but it is possible that a peer either not provide a
valid certificate or that the certificate does not validate either
- the host name or Node ID of the peer (see Section 3.4). Having a CA-
+ the DNS name or Node ID of the peer (see Section 3.4). Having a CA-
validated certificate does not alone guarantee the identity of the
network host or BP node from which the certificate is provided;
- additional validation procedures in Section 4.4.2 bind the host name
+ additional validation procedures in Section 4.4.2 bind the DNS name
or node ID based on the contents of the certificate.
- The host name validation is a weaker form of authentication, because
- even if a peer is operating on an authenticated network host name it
+ The DNS name validation is a weaker form of authentication, because
+ even if a peer is operating on an authenticated network DNS name it
can provide an invalid Node ID and cause bundles to be "leaked" to an
invalid node. Especially in DTN environments, network names and
addresses of nodes can be time-variable so binding a certificate to a
Node ID is a more stable identity.
Node ID validation ensures that the peer to which a bundle is
transferred is in fact the node which the BP Agent expects it to be.
- It is a reasonable policy to skip host name validation if
- certificates can be guaranteed to validate the peer's Node ID. In
- circumstances where certificates can only be issued to network host
- names, Node ID validation is not possible but it could be reasonable
- to assume that a trusted host is not going to present an invalid Node
- ID. Determining of when a host name authentication can be trusted to
+ It is a reasonable policy to skip DNS name validation if certificates
+ can be guaranteed to validate the peer's Node ID. In circumstances
+ where certificates can only be issued to DNS names, Node ID
+ validation is not possible but it could be reasonable to assume that
+ a trusted host is not going to present an invalid Node ID.
+ Determining of when a DNS name authentication can be trusted to
validate a Node ID is also a policy matter outside the scope of this
document.
8.9. Threat: Denial of Service
The behaviors described in this section all amount to a potential
denial-of-service to a TCPCL entity. The denial-of-service could be
limited to an individual TCPCL session, could affect other well-
behaving sessions on an entity, or could affect all sessions on a
host.
@@ -2494,23 +2504,23 @@
specification, but are outside of the scope of this document. The
following subsections give examples of alternate TLS uses.
8.10.1. TLS Without Authentication
In environments where PKI is available but there are restrictions on
the issuance of certificates (including the contents of
certificates), it may be possible to make use of TLS in a way which
authenticates only the passive entity of a TCPCL session or which
does not authenticate either entity. Using TLS in a way which does
- not authenticate both peer entities of each TCPCL session is outside
- of the scope of this document but does have similar properties to the
- opportunistic security model of [RFC7435].
+ not successfully authenticate some claim of both peer entities of a
+ TCPCL session is outside of the scope of this document but does have
+ similar properties to the opportunistic security model of [RFC7435].
8.10.2. Non-Certificate TLS Use
In environments where PKI is unavailable, alternate uses of TLS which
do not require certificates such as pre-shared key (PSK)
authentication [RFC5489] and the use of raw public keys [RFC7250] are
available and can be used to ensure confidentiality within TCPCL.
Using non-PKI node authentication methods is outside of the scope of
this document.
@@ -2577,21 +2587,21 @@
| 0 | Reserved | [RFC7242] |
| | | |
| 1 | Reserved | [RFC7242] |
| | | |
| 2 | Reserved | [RFC7242] |
| | | |
| 3 | TCPCL | [RFC7242] |
| | | |
| 4 | TCPCLv4 | This specification. |
| | | |
- | 5-255 | Unassigned |
+ | 5-255 | Unassigned | |
+-------+-------------+-----------------------------------+
9.3. Session Extension Types
EDITOR NOTE: sub-registry to-be-created upon publication of this
specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 Session Extension Types" and initialize it with the contents of
@@ -2847,22 +2857,22 @@
This specification is based on comments on implementation of
[RFC7242] provided from Scott Burleigh.
11. References
11.1. Normative References
[I-D.ietf-dtn-bpbis]
Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol
- Version 7", draft-ietf-dtn-bpbis-25 (work in progress),
- May 2020.
+ Version 7", draft-ietf-dtn-bpbis-26 (work in progress),
+ July 2020.
[IANA-BUNDLE]
IANA, "Bundle Protocol",
.
[IANA-PORTS]
IANA, "Service Name and Transport Protocol Port Number
Registry", .
@@ -2932,22 +2942,22 @@
[github-dtn-bpbis-tcpcl]
Sipos, B., "TCPCL Example Implementation",
.
[I-D.ietf-dtn-bibect]
Burleigh, S., "Bundle-in-Bundle Encapsulation", draft-
ietf-dtn-bibect-03 (work in progress), February 2020.
[I-D.ietf-dtn-bpsec]
Birrane, E. and K. McKeever, "Bundle Protocol Security
- Specification", draft-ietf-dtn-bpsec-22 (work in
- progress), March 2020.
+ Specification", draft-ietf-dtn-bpsec-23 (work in
+ progress), October 2020.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, DOI 10.17487/RFC2595, June 1999,
.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552,
DOI 10.17487/RFC3552, July 2003,
.