draft-ietf-dtn-tcpclv4-22.txt   draft-ietf-dtn-tcpclv4-23.txt 
Delay-Tolerant Networking B. Sipos Delay-Tolerant Networking B. Sipos
Internet-Draft RKF Engineering Internet-Draft RKF Engineering
Intended status: Standards Track M. Demmer Intended status: Standards Track M. Demmer
Expires: April 29, 2021 UC Berkeley Expires: 18 May 2021 UC Berkeley
J. Ott J. Ott
Aalto University Aalto University
S. Perreault S. Perreault
October 26, 2020 14 November 2020
Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4 Delay-Tolerant Networking TCP Convergence Layer Protocol Version 4
draft-ietf-dtn-tcpclv4-22 draft-ietf-dtn-tcpclv4-23
Abstract Abstract
This document describes a TCP-based convergence layer (TCPCL) for This document describes a TCP-based convergence layer (TCPCL) for
Delay-Tolerant Networking (DTN). This version of the TCPCL protocol Delay-Tolerant Networking (DTN). This version of the TCPCL protocol
resolves implementation issues in the earlier TCPCL Version 3 of resolves implementation issues in the earlier TCPCL Version 3 of
RFC7242 and updates to the Bundle Protocol (BP) contents, encodings, RFC7242 and updates to the Bundle Protocol (BP) contents, encodings,
and convergence layer requirements in BP Version 7. Specifically, and convergence layer requirements in BP Version 7. Specifically,
the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit the TCPCLv4 uses CBOR-encoded BPv7 bundles as its service data unit
being transported and provides a reliable transport of such bundles. being transported and provides a reliable transport of such bundles.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 29, 2021. This Internet-Draft will expire on 18 May 2021.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Simplified BSD License text
include Simplified BSD License text as described in Section 4.e of as described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Simplified BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5
2.1. Definitions Specific to the TCPCL Protocol . . . . . . . 5 2.1. Definitions Specific to the TCPCL Protocol . . . . . . . 5
3. General Protocol Description . . . . . . . . . . . . . . . . 9 3. General Protocol Description . . . . . . . . . . . . . . . . 9
3.1. Convergence Layer Services . . . . . . . . . . . . . . . 9 3.1. Convergence Layer Services . . . . . . . . . . . . . . . 9
3.2. TCPCL Session Overview . . . . . . . . . . . . . . . . . 11 3.2. TCPCL Session Overview . . . . . . . . . . . . . . . . . 11
3.3. TCPCL States and Transitions . . . . . . . . . . . . . . 13 3.3. TCPCL States and Transitions . . . . . . . . . . . . . . 13
3.4. PKIX Environments and CA Policy . . . . . . . . . . . . . 19 3.4. PKIX Environments and CA Policy . . . . . . . . . . . . . 19
3.5. Session Keeping Policies . . . . . . . . . . . . . . . . 20 3.5. Session Keeping Policies . . . . . . . . . . . . . . . . 20
3.6. Transfer Segmentation Policies . . . . . . . . . . . . . 21 3.6. Transfer Segmentation Policies . . . . . . . . . . . . . 21
3.7. Example Message Exchange . . . . . . . . . . . . . . . . 22 3.7. Example Message Exchange . . . . . . . . . . . . . . . . 22
4. Session Establishment . . . . . . . . . . . . . . . . . . . . 23 4. Session Establishment . . . . . . . . . . . . . . . . . . . . 24
4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 24 4.1. TCP Connection . . . . . . . . . . . . . . . . . . . . . 24
4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 25 4.2. Contact Header . . . . . . . . . . . . . . . . . . . . . 25
4.3. Contact Validation and Negotiation . . . . . . . . . . . 26 4.3. Contact Validation and Negotiation . . . . . . . . . . . 26
4.4. Session Security . . . . . . . . . . . . . . . . . . . . 27 4.4. Session Security . . . . . . . . . . . . . . . . . . . . 28
4.4.1. Entity Identification . . . . . . . . . . . . . . . . 28 4.4.1. Entity Identification . . . . . . . . . . . . . . . . 28
4.4.2. TLS Handshake . . . . . . . . . . . . . . . . . . . . 29 4.4.2. TLS Handshake . . . . . . . . . . . . . . . . . . . . 29
4.4.3. TLS Authentication . . . . . . . . . . . . . . . . . 30 4.4.3. TLS Authentication . . . . . . . . . . . . . . . . . 31
4.4.4. Example TLS Initiation . . . . . . . . . . . . . . . 32 4.4.4. Example TLS Initiation . . . . . . . . . . . . . . . 32
4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 33 4.5. Message Header . . . . . . . . . . . . . . . . . . . . . 34
4.6. Session Initialization Message (SESS_INIT) . . . . . . . 34 4.6. Session Initialization Message (SESS_INIT) . . . . . . . 35
4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 36 4.7. Session Parameter Negotiation . . . . . . . . . . . . . . 37
4.8. Session Extension Items . . . . . . . . . . . . . . . . . 37 4.8. Session Extension Items . . . . . . . . . . . . . . . . . 38
5. Established Session Operation . . . . . . . . . . . . . . . . 38 5. Established Session Operation . . . . . . . . . . . . . . . . 39
5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 38 5.1. Upkeep and Status Messages . . . . . . . . . . . . . . . 39
5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 38 5.1.1. Session Upkeep (KEEPALIVE) . . . . . . . . . . . . . 39
5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 39 5.1.2. Message Rejection (MSG_REJECT) . . . . . . . . . . . 40
5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 40 5.2. Bundle Transfer . . . . . . . . . . . . . . . . . . . . . 42
5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 41 5.2.1. Bundle Transfer ID . . . . . . . . . . . . . . . . . 43
5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 41 5.2.2. Data Transmission (XFER_SEGMENT) . . . . . . . . . . 43
5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 43 5.2.3. Data Acknowledgments (XFER_ACK) . . . . . . . . . . . 45
5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 44 5.2.4. Transfer Refusal (XFER_REFUSE) . . . . . . . . . . . 47
5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 47 5.2.5. Transfer Extension Items . . . . . . . . . . . . . . 49
6. Session Termination . . . . . . . . . . . . . . . . . . . . . 49 6. Session Termination . . . . . . . . . . . . . . . . . . . . . 51
6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 49 6.1. Session Termination Message (SESS_TERM) . . . . . . . . . 51
6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 52 6.2. Idle Session Shutdown . . . . . . . . . . . . . . . . . . 54
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 52 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 54
8. Security Considerations . . . . . . . . . . . . . . . . . . . 52 8. Security Considerations . . . . . . . . . . . . . . . . . . . 54
8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 53 8.1. Threat: Passive Leak of Node Data . . . . . . . . . . . . 55
8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 53 8.2. Threat: Passive Leak of Bundle Data . . . . . . . . . . . 55
8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 53 8.3. Threat: TCPCL Version Downgrade . . . . . . . . . . . . . 55
8.4. Threat: Transport Security Stripping . . . . . . . . . . 53 8.4. Threat: Transport Security Stripping . . . . . . . . . . 55
8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 54 8.5. Threat: Weak TLS Configurations . . . . . . . . . . . . . 56
8.6. Threat: Certificate Validation Vulnerabilities . . . . . 54 8.6. Threat: Untrusted End-Entity Certificate . . . . . . . . 56
8.7. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 54 8.7. Threat: Certificate Validation Vulnerabilities . . . . . 56
8.8. Threat: BP Node Impersonation . . . . . . . . . . . . . . 54 8.8. Threat: Symmetric Key Limits . . . . . . . . . . . . . . 57
8.9. Threat: Denial of Service . . . . . . . . . . . . . . . . 55 8.9. Threat: BP Node Impersonation . . . . . . . . . . . . . . 57
8.10. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 56 8.10. Threat: Denial of Service . . . . . . . . . . . . . . . . 57
8.10.1. TLS Without Authentication . . . . . . . . . . . . . 56 8.11. Alternate Uses of TLS . . . . . . . . . . . . . . . . . . 58
8.10.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 56 8.11.1. TLS Without Authentication . . . . . . . . . . . . . 59
8.11. Predictability of Transfer IDs . . . . . . . . . . . . . 56 8.11.2. Non-Certificate TLS Use . . . . . . . . . . . . . . 59
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57 8.12. Predictability of Transfer IDs . . . . . . . . . . . . . 59
9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 57 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 59
9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 57 9.1. Port Number . . . . . . . . . . . . . . . . . . . . . . . 60
9.3. Session Extension Types . . . . . . . . . . . . . . . . . 58 9.2. Protocol Versions . . . . . . . . . . . . . . . . . . . . 60
9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 59 9.3. Session Extension Types . . . . . . . . . . . . . . . . . 61
9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 60 9.4. Transfer Extension Types . . . . . . . . . . . . . . . . 62
9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 61 9.5. Message Types . . . . . . . . . . . . . . . . . . . . . . 63
9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 62 9.6. XFER_REFUSE Reason Codes . . . . . . . . . . . . . . . . 64
9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 63 9.7. SESS_TERM Reason Codes . . . . . . . . . . . . . . . . . 65
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 64 9.8. MSG_REJECT Reason Codes . . . . . . . . . . . . . . . . . 66
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 64 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 67
11.1. Normative References . . . . . . . . . . . . . . . . . . 64 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 67
11.2. Informative References . . . . . . . . . . . . . . . . . 66 11.1. Normative References . . . . . . . . . . . . . . . . . . 67
Appendix A. Significant changes from RFC7242 . . . . . . . . . . 67 11.2. Informative References . . . . . . . . . . . . . . . . . 69
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 69 Appendix A. Significant changes from RFC7242 . . . . . . . . . . 71
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 72
1. Introduction 1. Introduction
This document describes the TCP-based convergence-layer protocol for This document describes the TCP-based convergence-layer protocol for
Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to- Delay-Tolerant Networking. Delay-Tolerant Networking is an end-to-
end architecture providing communications in and/or through highly end architecture providing communications in and/or through highly
stressed environments, including those with intermittent stressed environments, including those with intermittent
connectivity, long and/or variable delays, and high bit error rates. connectivity, long and/or variable delays, and high bit error rates.
More detailed descriptions of the rationale and capabilities of these More detailed descriptions of the rationale and capabilities of these
networks can be found in "Delay-Tolerant Network Architecture" networks can be found in "Delay-Tolerant Network Architecture"
skipping to change at page 4, line 21 skipping to change at page 4, line 21
without the version suffix refers to BPv7. For the remainder of this without the version suffix refers to BPv7. For the remainder of this
document, the abbreviation "TCPCL" without the version suffix refers document, the abbreviation "TCPCL" without the version suffix refers
to TCPCLv4. to TCPCLv4.
The locations of the TCPCL and the BP in the Internet model protocol The locations of the TCPCL and the BP in the Internet model protocol
stack (described in [RFC1122]) are shown in Figure 1. In particular, stack (described in [RFC1122]) are shown in Figure 1. In particular,
when BP is using TCP as its bearer with TCPCL as its convergence when BP is using TCP as its bearer with TCPCL as its convergence
layer, both BP and TCPCL reside at the application layer of the layer, both BP and TCPCL reside at the application layer of the
Internet model. Internet model.
+-------------------------+ +-------------------------+
| DTN Application | -\ | DTN Application | -\
+-------------------------| | +-------------------------| |
| Bundle Protocol (BP) | -> Application Layer | Bundle Protocol (BP) | -> Application Layer
+-------------------------+ | +-------------------------+ |
| TCP Conv. Layer (TCPCL) | | | TCP Conv. Layer (TCPCL) | |
+-------------------------+ | +-------------------------+ |
| TLS (optional) | -/ | TLS (optional) | -/
+-------------------------+ +-------------------------+
| TCP | ---> Transport Layer | TCP | ---> Transport Layer
+-------------------------+ +-------------------------+
| IPv4/IPv6 | ---> Network Layer | IPv4/IPv6 | ---> Network Layer
+-------------------------+ +-------------------------+
| Link-Layer Protocol | ---> Link Layer | Link-Layer Protocol | ---> Link Layer
+-------------------------+ +-------------------------+
Figure 1: The Locations of the Bundle Protocol and the TCP Figure 1: The Locations of the Bundle Protocol and the TCP
Convergence-Layer Protocol above the Internet Protocol Stack Convergence-Layer Protocol above the Internet Protocol Stack
1.1. Scope 1.1. Scope
This document describes the format of the protocol data units passed This document describes the format of the protocol data units passed
between entities participating in TCPCL communications. This between entities participating in TCPCL communications. This
document does not address: document does not address:
o The format of protocol data units of the Bundle Protocol, as those * The format of protocol data units of the Bundle Protocol, as those
are defined elsewhere in [I-D.ietf-dtn-bpbis]. This includes the are defined elsewhere in [I-D.ietf-dtn-bpbis]. This includes the
concept of bundle fragmentation or bundle encapsulation. The concept of bundle fragmentation or bundle encapsulation. The
TCPCL transfers bundles as opaque data blocks. TCPCL transfers bundles as opaque data blocks.
o Mechanisms for locating or identifying other bundle entities * Mechanisms for locating or identifying other bundle entities
(peers) within a network or across an internet. The mapping of (peers) within a network or across an internet. The mapping of
Node ID to potential convergence layer (CL) protocol and network Node ID to potential convergence layer (CL) protocol and network
address is left to implementation and configuration of the BP address is left to implementation and configuration of the BP
Agent and its various potential routing strategies. Agent and its various potential routing strategies.
o Logic for routing bundles along a path toward a bundle's endpoint. * Logic for routing bundles along a path toward a bundle's endpoint.
This CL protocol is involved only in transporting bundles between This CL protocol is involved only in transporting bundles between
adjacent nodes in a routing sequence. adjacent entities in a routing sequence.
o Policies or mechanisms for issuing Public Key Infrastructure Using * Policies or mechanisms for issuing Public Key Infrastructure Using
X.509 (PKIX) certificates; provisioning, deploying, or accessing X.509 (PKIX) certificates; provisioning, deploying, or accessing
certificates and private keys; deploying or accessing certificate certificates and private keys; deploying or accessing certificate
revocation lists (CRLs); or configuring security parameters on an revocation lists (CRLs); or configuring security parameters on an
individual entity or across a network. individual entity or across a network.
o Uses of TLS which are not based on PKIX certificate authentication * Uses of TLS which are not based on PKIX certificate authentication
(see Section 8.10.2) or in which authentication of both entities (see Section 8.11.2) or in which authentication of both entities
is not possible (see Section 8.10.1). is not possible (see Section 8.11.1).
Any TCPCL implementation requires a BP agent to perform those above Any TCPCL implementation requires a BP agent to perform those above
listed functions in order to perform end-to-end bundle delivery. listed functions in order to perform end-to-end bundle delivery.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
skipping to change at page 8, line 32 skipping to change at page 8, line 32
| | +---------------------------------+ | | TCPCL Entity's | | | | +---------------------------------+ | | TCPCL Entity's | |
| +--->| Passively Initiated Session #1 +-------->| Active | | | +--->| Passively Initiated Session #1 +-------->| Active | |
| | +---------------------------------+ | | Initiator(s) | | | | +---------------------------------+ | | Initiator(s) | |
| | | | | | | | | | | |
| | +---------------------------------+ | | | | | | +---------------------------------+ | | | |
| +--->| Passively Initiated Session #n +-------->| | | | +--->| Passively Initiated Session #n +-------->| | |
| +---------------------------------+ | +----------------+ | | +---------------------------------+ | +----------------+ |
| | +-----------------+ | | +-----------------+
+--------------------------------------------+ +--------------------------------------------+
Figure 2: The relationships between TCPCL entities Figure 2: The relationships between TCPCL entities
+---------------------------+ +---------------------------+ +---------------------------+ +---------------------------+
| "Own" TCPCL Session | | "Other" TCPCL Session | | "Own" TCPCL Session | | "Other" TCPCL Session |
| | | | | | | |
| +----------------------+ | | +----------------------+ | | +----------------------+ | | +----------------------+ |
| | TCP Connection | | | | TCP Connection | | | | TCP Connection | | | | TCP Connection | |
| | | | | | | | | | | | | | | |
| | +-----------------+ | | Messages | | +-----------------+ | | | | +-----------------+ | | Messages | | +-----------------+ | |
| | | Own Inbound | +--------------------+ | Peer Outbound | | | | | | Own Inbound | +--------------------+ | Peer Outbound | | |
| | | Transfer Stream | | Transfer Stream | | | | | | Transfer Stream | | Transfer Stream | | |
skipping to change at page 9, line 27 skipping to change at page 9, line 27
| | | | | | | |
| | +-----------------+ +-----------------+ | | | | +-----------------+ +-----------------+ | |
| | | Own Outbound |-------[Seg]---[Seg]----->| Peer Inbound | | | | | | Own Outbound |-------[Seg]---[Seg]----->| Peer Inbound | | |
| | | Transfer Stream |<---[Ack]----[Ack]-[Ack]--| Transfer Stream | | | | | | Transfer Stream |<---[Ack]----[Ack]-[Ack]--| Transfer Stream | | |
| | | ----- | | ----- | | | | | | ----- | | ----- | | |
| | | SENDER | +--------------------+ | RECEIVER | | | | | | SENDER | +--------------------+ | RECEIVER | | |
| | +-----------------+ | | | | +-----------------+ | | | | +-----------------+ | | | | +-----------------+ | |
| +-----------------------+ | | +---------------------+ | | +-----------------------+ | | +---------------------+ |
+----------------------------+ +--------------------------+ +----------------------------+ +--------------------------+
Figure 3: The relationship within a TCPCL Session of its two streams Figure 3: The relationship within a TCPCL Session of its two streams
3. General Protocol Description 3. General Protocol Description
The service of this protocol is the transmission of DTN bundles via The service of this protocol is the transmission of DTN bundles via
the Transmission Control Protocol (TCP). This document specifies the the Transmission Control Protocol (TCP). This document specifies the
encapsulation of bundles, procedures for TCP setup and teardown, and encapsulation of bundles, procedures for TCP setup and teardown, and
a set of messages and node requirements. The general operation of a set of messages and entity requirements. The general operation of
the protocol is as follows. the protocol is as follows.
3.1. Convergence Layer Services 3.1. Convergence Layer Services
This version of the TCPCL provides the following services to support This version of the TCPCL provides the following services to support
the overlaying Bundle Protocol agent. In all cases, this is not an the overlaying Bundle Protocol agent. In all cases, this is not an
API definition but a logical description of how the CL can interact API definition but a logical description of how the CL can interact
with the BP agent. Each of these interactions can be associated with with the BP agent. Each of these interactions can be associated with
any number of additional metadata items as necessary to support the any number of additional metadata items as necessary to support the
operation of the CL or BP agent. operation of the CL or BP agent.
skipping to change at page 11, line 45 skipping to change at page 11, line 45
Interruption" capability. Interruption" capability.
Reception Failure: The TCPCL entity indicates to the BP agent on Reception Failure: The TCPCL entity indicates to the BP agent on
certain reasons for reception failure, notably when the local certain reasons for reception failure, notably when the local
entity rejects an attempted transfer for some local policy reason entity rejects an attempted transfer for some local policy reason
or when a TCPCL session ends before transfer success. The TCPCL or when a TCPCL session ends before transfer success. The TCPCL
itself does not have a notion of transfer timeout. itself does not have a notion of transfer timeout.
3.2. TCPCL Session Overview 3.2. TCPCL Session Overview
First, one node establishes a TCPCL session to the other by First, one entity establishes a TCPCL session to the other by
initiating a TCP connection in accordance with [RFC0793]. After initiating a TCP connection in accordance with [RFC0793]. After
setup of the TCP connection is complete, an initial Contact Header is setup of the TCP connection is complete, an initial Contact Header is
exchanged in both directions to establish a shared TCPCL version and exchanged in both directions to establish a shared TCPCL version and
negotiate the use of TLS security (as described in Section 4). Once negotiate the use of TLS security (as described in Section 4). Once
contact negotiation is complete, TCPCL messaging is available and the contact negotiation is complete, TCPCL messaging is available and the
session negotiation is used to set parameters of the TCPCL session. session negotiation is used to set parameters of the TCPCL session.
One of these parameters is a Node ID that each TCPCL Entity is acting One of these parameters is a Node ID that each TCPCL Entity is acting
as. This is used to assist in routing and forwarding messages by the as. This is used to assist in routing and forwarding messages by the
BP Agent and is part of the authentication capability provided by BP Agent and is part of the authentication capability provided by
TLS. TLS.
skipping to change at page 12, line 24 skipping to change at page 12, line 24
Once the TCPCL session is established and configured in this way, Once the TCPCL session is established and configured in this way,
bundles can be transferred in either direction. Each transfer is bundles can be transferred in either direction. Each transfer is
performed by segmenting the transfer data into one or more performed by segmenting the transfer data into one or more
XFER_SEGMENT messages. Multiple bundles can be transmitted XFER_SEGMENT messages. Multiple bundles can be transmitted
consecutively in a single direction on a single TCPCL connection. consecutively in a single direction on a single TCPCL connection.
Segments from different bundles are never interleaved. Bundle Segments from different bundles are never interleaved. Bundle
interleaving can be accomplished by fragmentation at the BP layer or interleaving can be accomplished by fragmentation at the BP layer or
by establishing multiple TCPCL sessions between the same peers. by establishing multiple TCPCL sessions between the same peers.
There is no fundamental limit on the number of TCPCL sessions which a There is no fundamental limit on the number of TCPCL sessions which a
single node can establish beyond the limit imposed by the number of single entity can establish beyond the limit imposed by the number of
available (ephemeral) TCP ports of the active entity. available (ephemeral) TCP ports of the active entity.
A feature of this protocol is for the receiving node to send A feature of this protocol is for the receiving entity to send
acknowledgment (XFER_ACK) messages as bundle data segments arrive. acknowledgment (XFER_ACK) messages as bundle data segments arrive.
The rationale behind these acknowledgments is to enable the sender The rationale behind these acknowledgments is to enable the
node to determine how much of the bundle has been received, so that transmitting entity to determine how much of the bundle has been
in case the session is interrupted, it can perform reactive received, so that in case the session is interrupted, it can perform
fragmentation to avoid re-sending the already transmitted part of the reactive fragmentation to avoid re-sending the already transmitted
bundle. In addition, there is no explicit flow control on the TCPCL part of the bundle. In addition, there is no explicit flow control
layer. on the TCPCL layer.
A TCPCL receiver can interrupt the transmission of a bundle at any A TCPCL receiver can interrupt the transmission of a bundle at any
point in time by replying with a XFER_REFUSE message, which causes point in time by replying with a XFER_REFUSE message, which causes
the sender to stop transmission of the associated bundle (if it the sender to stop transmission of the associated bundle (if it
hasn't already finished transmission) Note: This enables a cross- hasn't already finished transmission). Note: This enables a cross-
layer optimization in that it allows a receiver that detects that it layer optimization in that it allows a receiver that detects that it
already has received a certain bundle to interrupt transmission as already has received a certain bundle to interrupt transmission as
early as possible and thus save transmission capacity for other early as possible and thus save transmission capacity for other
bundles. bundles.
For sessions that are idle, a KEEPALIVE message is sent at a For sessions that are idle, a KEEPALIVE message is sent at a
negotiated interval. This is used to convey node live-ness negotiated interval. This is used to convey entity live-ness
information during otherwise message-less time intervals. information during otherwise message-less time intervals.
A SESS_TERM message is used to initiate the ending of a TCPCL session A SESS_TERM message is used to initiate the ending of a TCPCL session
(see Section 6.1). During termination sequencing, in-progress (see Section 6.1). During termination sequencing, in-progress
transfers can be completed but no new transfers can be initiated. A transfers can be completed but no new transfers can be initiated. A
SESS_TERM message can also be used to refuse a session setup by a SESS_TERM message can also be used to refuse a session setup by a
peer (see Section 4.3). Regardless of the reason, session peer (see Section 4.3). Regardless of the reason, session
termination is initiated by one of the entities and responded-to by termination is initiated by one of the entities and responded-to by
the other as illustrated by Figure 13 and Figure 14. Even when there the other as illustrated by Figure 13 and Figure 14. Even when there
are no transfers queued or in-progress, the session termination are no transfers queued or in-progress, the session termination
skipping to change at page 14, line 5 skipping to change at page 14, line 5
other side can start sending data segments on its own. Hence, the other side can start sending data segments on its own. Hence, the
protocol allows for a bi-directional mode of communication. Note protocol allows for a bi-directional mode of communication. Note
that in the case of concurrent bidirectional transmission, that in the case of concurrent bidirectional transmission,
acknowledgment segments MAY be interleaved with data segments. acknowledgment segments MAY be interleaved with data segments.
3.3. TCPCL States and Transitions 3.3. TCPCL States and Transitions
The states of a normal TCPCL session (i.e., without session failures) The states of a normal TCPCL session (i.e., without session failures)
are indicated in Figure 4. are indicated in Figure 4.
+-------+ +-------+
| START | | START |
+-------+ +-------+
| |
TCP Establishment TCP Establishment
| |
V V
+-----------+ +---------------------+ +-----------+ +---------------------+
| TCP |----------->| Contact / Session | | TCP |----------->| Contact / Session |
| Connected | | Negotiation | | Connected | | Negotiation |
+-----------+ +---------------------+ +-----------+ +---------------------+
| |
+-----Session Parameters-----+ +-----Session Parameters-----+
| Negotiated | Negotiated
V V
+-------------+ +-------------+ +-------------+ +-------------+
| Established |----New Transfer---->| Established | | Established |----New Transfer---->| Established |
| Session | | Session | | Session | | Session |
| Idle |<---Transfers Done---| Live | | Idle |<---Transfers Done---| Live |
+-------------+ +-------------+ +-------------+ +-------------+
| | | |
+------------------------------------+ +------------------------------------+
| |
V V
+-------------+ +-------------+
| Established | +-------------+ | Established | +-------------+
| Session |----Transfers------>| TCP | | Session |----Transfers------>| TCP |
| Ending | Done | Terminating | | Ending | Done | Terminating |
+-------------+ +-------------+ +-------------+ +-------------+
| |
+----------TCP Close Message----------+ +----------TCP Close Message----------+
| |
V V
+-------+ +-------+
| END | | END |
+-------+ +-------+
Figure 4: Top-level states of a TCPCL session Figure 4: Top-level states of a TCPCL session
Notes on Established Session states: Notes on Established Session states:
Session "Live" means transmitting or receiving over a transfer Session "Live" means transmitting or receiving over a transfer
stream. stream.
Session "Idle" means no transmission/reception over a transfer Session "Idle" means no transmission/reception over a transfer
stream. stream.
skipping to change at page 15, line 17 skipping to change at page 15, line 17
contact negotiation sequencing is performed either as the active or contact negotiation sequencing is performed either as the active or
passive entity, and is illustrated in Figure 5 and Figure 6 passive entity, and is illustrated in Figure 5 and Figure 6
respectively which both share the data validation and negotiation of respectively which both share the data validation and negotiation of
the Processing of Contact Header "[PCH]" activity of Figure 7 and the the Processing of Contact Header "[PCH]" activity of Figure 7 and the
"[TCPCLOSE]" activity which indicates TCP connection close. "[TCPCLOSE]" activity which indicates TCP connection close.
Successful negotiation results in one of the Session Initiation Successful negotiation results in one of the Session Initiation
"[SI]" activities being performed. To avoid data loss, a Session "[SI]" activities being performed. To avoid data loss, a Session
Termination "[ST]" exchange allows cleanly finishing transfers before Termination "[ST]" exchange allows cleanly finishing transfers before
a session is ended. a session is ended.
+-------+ +-------+
| START | | START |
+-------+ +-------+
| |
TCP Connecting TCP Connecting
V V
+-----------+ +-----------+
| TCP | +---------+ | TCP | +---------+
| Connected |--Send CH-->| Waiting |--Timeout-->[TCPCLOSE] | Connected |--Send CH-->| Waiting |--Timeout-->[TCPCLOSE]
+-----------+ +---------+ +-----------+ +---------+
| |
Received CH Received CH
V V
[PCH] [PCH]
Figure 5: Contact Initiation as Active Entity Figure 5: Contact Initiation as Active Entity
+-----------+ +---------+ +-----------+ +---------+
| TCP |--Wait for-->| Waiting |--Timeout-->[TCPCLOSE] | TCP |--Wait for-->| Waiting |--Timeout-->[TCPCLOSE]
| Connected | CH +---------+ | Connected | CH +---------+
+-----------+ | +-----------+ |
Received CH Received CH
V V
+-----------------+ +-----------------+
| Preparing reply |--Send CH-->[PCH] | Preparing reply |--Send CH-->[PCH]
+-----------------+ +-----------------+
Figure 6: Contact Initiation as Passive Entity
+-----------+ Figure 6: Contact Initiation as Passive Entity
| Peer CH | +-----------+
| available | | Peer CH |
+-----------+ | available |
| +-----------+
Validate and |
Negotiate Validate and
V Negotiate
+------------+ V
| Negotiated |----Failure---->[TCPCLOSE] +------------+
+------------+ ^ | Negotiated |--Failure-->[TCPCLOSE]
| | | +------------+
No TLS +----Negotiate---+ | | |
V TLS | Failure No TLS +----Negotiate---+ [ST]
+-----------+ V | | TLS | ^
| TCPCL | +---------------+ V | Failure
| Messaging |<--Success--| TLS Finished | +-----------+ V |
| Available | +---------------+ | TCPCL | +---------------+
+-----------+ | Messaging |<--Success--| TLS Handshake |
| Available | +---------------+
+-----------+
Figure 7: Processing of Contact Header [PCH] Figure 7: Processing of Contact Header [PCH]
Session negotiation involves exchanging a session initialization Session negotiation involves exchanging a session initialization
(SESS_INIT) message in both directions and deriving a negotiated (SESS_INIT) message in both directions and deriving a negotiated
state from the two messages. The session negotiation sequencing is state from the two messages. The session negotiation sequencing is
performed either as the active or passive entity, and is illustrated performed either as the active or passive entity, and is illustrated
in Figure 8 and Figure 9 respectively which both share the data in Figure 8 and Figure 9 respectively which both share the data
validation and negotiation of Figure 10. The validation here validation and negotiation of Figure 10. The validation here
includes certificate validation and authentication when TLS is used includes certificate validation and authentication when TLS is used
for the session. for the session.
+-----------+ +-----------+
| TCPCL | +---------+ | TCPCL | +---------+
| Messaging |--Send SESS_INIT-->| Waiting |--Timeout-->[ST] | Messaging |--Send SESS_INIT-->| Waiting |--Timeout-->[ST]
| Available | +---------+ | Available | +---------+
+-----------+ | +-----------+ |
Received SESS_INIT Received SESS_INIT
| |
V V
[PSI] [PSI]
Figure 8: Session Initiation [SI] as Active Entity Figure 8: Session Initiation [SI] as Active Entity
+-----------+ +-----------+
| TCPCL | +---------+ | TCPCL | +---------+
| Messaging |----Wait for ---->| Waiting |--Timeout-->[ST] | Messaging |----Wait for ---->| Waiting |--Timeout-->[ST]
| Available | SESS_INIT +---------+ | Available | SESS_INIT +---------+
+-----------+ | +-----------+ |
Received SESS_INIT Received SESS_INIT
| |
+-----------------+ +-----------------+
| Preparing reply |--Send SESS_INIT-->[PSI] | Preparing reply |--Send SESS_INIT-->[PSI]
+-----------------+ +-----------------+
Figure 9: Session Initiation [SI] as Passive Entity Figure 9: Session Initiation [SI] as Passive Entity
+----------------+ +----------------+
| Peer SESS_INIT | | Peer SESS_INIT |
| available | | available |
+----------------+ +----------------+
| |
Validate and Validate and
Negotiate Negotiate
V V
+------------+ +------------+
| Negotiated |---Failure--->[ST] | Negotiated |---Failure--->[ST]
+------------+ +------------+
| |
Success Success
V V
+--------------+ +--------------+
| Established | | Established |
| Session Idle | | Session Idle |
+--------------+ +--------------+
Figure 10: Processing of Session Initiation [PSI] Figure 10: Processing of Session Initiation [PSI]
Transfers can occur after a session is established and it's not in Transfers can occur after a session is established and it's not in
the Ending state. Each transfer occurs within a single logical the Ending state. Each transfer occurs within a single logical
transfer stream between a sender and a receiver, as illustrated in transfer stream between a sender and a receiver, as illustrated in
Figure 11 and Figure 12 respectively. Figure 11 and Figure 12 respectively.
+--Send XFER_SEGMENT--+ +--Send XFER_SEGMENT--+
+--------+ | | +--------+ | |
| Stream | +-------------+ | | Stream | +-------------+ |
| Idle |---Send XFER_SEGMENT-->| In Progress |<------------+ | Idle |---Send XFER_SEGMENT-->| In Progress |<------------+
+--------+ +-------------+ +--------+ +-------------+
| |
+---------All segments sent-------+ +---------All segments sent-------+
| |
V V
+---------+ +--------+ +---------+ +--------+
| Waiting |---- Receive Final---->| Stream | | Waiting |---- Receive Final---->| Stream |
| for Ack | XFER_ACK | IDLE | | for Ack | XFER_ACK | IDLE |
+---------+ +--------+ +---------+ +--------+
Figure 11: Transfer sender states Figure 11: Transfer sender states
Notes on transfer sending: Notes on transfer sending:
Pipelining of transfers can occur when the sending entity begins a Pipelining of transfers can occur when the sending entity begins a
new transfer while in the "Waiting for Ack" state. new transfer while in the "Waiting for Ack" state.
+-Receive XFER_SEGMENT-+ +-Receive XFER_SEGMENT-+
+--------+ | Send XFER_ACK | +--------+ | Send XFER_ACK |
| Stream | +-------------+ | | Stream | +-------------+ |
| Idle |--Receive XFER_SEGMENT-->| In Progress |<-------------+ | Idle |--Receive XFER_SEGMENT-->| In Progress |<-------------+
+--------+ +-------------+ +--------+ +-------------+
| |
+--------Sent Final XFER_ACK--------+ +--------Sent Final XFER_ACK--------+
| |
V V
+--------+ +--------+
| Stream | | Stream |
| Idle | | Idle |
+--------+ +--------+
Figure 12: Transfer receiver states Figure 12: Transfer receiver states
Session termination involves one entity initiating the termination of Session termination involves one entity initiating the termination of
the session and the other entity acknowledging the termination. For the session and the other entity acknowledging the termination. For
either entity, it is the sending of the SESS_TERM message which either entity, it is the sending of the SESS_TERM message which
transitions the session to the Ending substate. While a session is transitions the session to the Ending substate. While a session is
in the Ending state only in-progress transfers can be completed and in the Ending state only in-progress transfers can be completed and
no new transfers can be started. no new transfers can be started.
+-----------+ +---------+ +-----------+ +---------+
| Session |--Send SESS_TERM-->| Session | | Session |--Send SESS_TERM-->| Session |
| Live/Idle | | Ending | | Live/Idle | | Ending |
+-----------+ +---------+ +-----------+ +---------+
Figure 13: Session Termination [ST] from the Initiator Figure 13: Session Termination [ST] from the Initiator
+-----------+ +---------+ +-----------+ +---------+
| Session |--Send SESS_TERM-->| Session | | Session |--Send SESS_TERM-->| Session |
| Live/Idle | | Ending | | Live/Idle | | Ending |
+-----------+<------+ +---------+ +-----------+<------+ +---------+
| | | |
Receive SESS_TERM | Receive SESS_TERM |
| | | |
+-------------+ +-------------+
Figure 14: Session Termination [ST] from the Responder Figure 14: Session Termination [ST] from the Responder
3.4. PKIX Environments and CA Policy 3.4. PKIX Environments and CA Policy
This specification gives requirements about how to use PKIX This specification gives requirements about how to use PKIX
certificates issued by a Certificate Authority (CA), but does not certificates issued by a Certificate Authority (CA), but does not
define any mechanisms for how those certificates come to be. The define any mechanisms for how those certificates come to be. The
requirements about TCPCL certificate use are broad to support two requirements about TCPCL certificate use are broad to support two
quite different PKIX environments: quite different PKIX environments:
DTN-Aware CAs: In the ideal case, the CA(s) issuing certificates for DTN-Aware CAs: In the ideal case, the CA(s) issuing certificates for
skipping to change at page 19, line 50 skipping to change at page 19, line 45
DTN-Ignorant CAs: It is expected that Internet-scale "public" CAs DTN-Ignorant CAs: It is expected that Internet-scale "public" CAs
will continue to focus on DNS names as the preferred PKIX will continue to focus on DNS names as the preferred PKIX
identifier. There are large infrastructures already in-place for identifier. There are large infrastructures already in-place for
managing network-level authentication and protocols to manage managing network-level authentication and protocols to manage
identity verification in those environments [RFC8555]. The TCPCL identity verification in those environments [RFC8555]. The TCPCL
allows for this type of environment by authenticating a lower- allows for this type of environment by authenticating a lower-
level identifier for a peer and requiring the entity to trust that level identifier for a peer and requiring the entity to trust that
the Node ID given by the peer (during session initialization) is the Node ID given by the peer (during session initialization) is
valid. This situation not ideal, as it allows vulnerabilities valid. This situation not ideal, as it allows vulnerabilities
described in Section 8.8, but still provides some amount of mutual described in Section 8.9, but still provides some amount of mutual
authentication to take place for a TCPCL session. authentication to take place for a TCPCL session.
Even within a single TCPCL session, each entity may operate within Even within a single TCPCL session, each entity may operate within
different PKI environments and with different identifier limitations. different PKI environments and with different identifier limitations.
The requirements related to identifiers in in a PKIX certificate are The requirements related to identifiers in in a PKIX certificate are
in Section 4.4.1. in Section 4.4.1.
It is important for interoperability that a TCPCL entity have its own It is important for interoperability that a TCPCL entity have its own
security policy tailored to accommodate the peers with which it is security policy tailored to accommodate the peers with which it is
expected to operate. A strict TLS security policy is appropriate for expected to operate. A strict TLS security policy is appropriate for
skipping to change at page 21, line 24 skipping to change at page 21, line 19
Many other policies can be established in a TCPCL network between the Many other policies can be established in a TCPCL network between the
two extremes of single persistent sessions and only ephemeral two extremes of single persistent sessions and only ephemeral
sessions. Different policies can be applied to each peer entity and sessions. Different policies can be applied to each peer entity and
to each bundle as it needs to be transferred (e.g for quality of to each bundle as it needs to be transferred (e.g for quality of
service). Additionally, future session extension types can apply service). Additionally, future session extension types can apply
further nuance to session policies and policy negotiation. further nuance to session policies and policy negotiation.
3.6. Transfer Segmentation Policies 3.6. Transfer Segmentation Policies
Each TCPCL session allows a negotiated transfer segmentation policy Each TCPCL session allows a negotiated transfer segmentation policy
to be applied in each transfer direction. A receiving node can set to be applied in each transfer direction. A receiving entity can set
the Segment MRU in its SESS_INIT message to determine the largest the Segment MRU in its SESS_INIT message to determine the largest
acceptable segment size, and a transmitting node can segment a acceptable segment size, and a transmitting entity can segment a
transfer into any sizes smaller than the receiver's Segment MRU. It transfer into any sizes smaller than the receiver's Segment MRU. It
is a network administration matter to determine an appropriate is a network administration matter to determine an appropriate
segmentation policy for entities operating TCPCL, but guidance given segmentation policy for entities operating TCPCL, but guidance given
here can be used to steer policy toward performance goals. It is here can be used to steer policy toward performance goals. It is
also advised to consider the Segment MRU in relation to chunking/ also advised to consider the Segment MRU in relation to chunking/
packetization performed by TLS, TCP, and any intermediate network- packetization performed by TLS, TCP, and any intermediate network-
layer nodes. layer nodes.
Minimum Overhead: For a simple network expected to exchange Minimum Overhead: For a simple network expected to exchange
relatively small bundles, the Segment MRU can be set to be relatively small bundles, the Segment MRU can be set to be
identical to the Transfer MRU which indicates that all transfers identical to the Transfer MRU which indicates that all transfers
can be sent with a single data segment (i.e., no actual can be sent with a single data segment (i.e., no actual
segmentation). If the network is closed and all transmitters are segmentation). If the network is closed and all transmitters are
known to follow a single-segment transfer policy, then receivers known to follow a single-segment transfer policy, then receivers
can avoid the necessity of segment reassembly. Because this CL can avoid the necessity of segment reassembly. Because this CL
operates over a TCP stream, which suffers from a form of head-of- operates over a TCP stream, which suffers from a form of head-of-
queue blocking between messages, while one node is transmitting a queue blocking between messages, while one entity is transmitting
single XFER_SEGMENT message it is not able to transmit any a single XFER_SEGMENT message it is not able to transmit any
XFER_ACK or XFER_REFUSE for any associated received transfers. XFER_ACK or XFER_REFUSE for any associated received transfers.
Predictable Message Sizing: In situations where the maximum message Predictable Message Sizing: In situations where the maximum message
size is desired to be well-controlled, the Segment MRU can be set size is desired to be well-controlled, the Segment MRU can be set
to the largest acceptable size (the message size less XFER_SEGMENT to the largest acceptable size (the message size less XFER_SEGMENT
header size) and transmitters can always segment a transfer into header size) and transmitters can always segment a transfer into
maximum-size chunks no larger than the Segment MRU. This maximum-size chunks no larger than the Segment MRU. This
guarantees that any single XFER_SEGMENT will not monopolize the guarantees that any single XFER_SEGMENT will not monopolize the
TCP stream for too long, which would prevent outgoing XFER_ACK and TCP stream for too long, which would prevent outgoing XFER_ACK and
XFER_REFUSE associated with received transfers. XFER_REFUSE associated with received transfers.
Dynamic Segmentation: Even after negotiation of a Segment MRU for Dynamic Segmentation: Even after negotiation of a Segment MRU for
each receiving node, the actual transfer segmentation only needs each receiving entity, the actual transfer segmentation only needs
to guarantee than any individual segment is no larger than that to guarantee than any individual segment is no larger than that
MRU. In a situation where TCP throughput is dynamic, the transfer MRU. In a situation where TCP throughput is dynamic, the transfer
segmentation size can also be dynamic in order to control message segmentation size can also be dynamic in order to control message
transmission duration. transmission duration.
Many other policies can be established in a TCPCL network between the Many other policies can be established in a TCPCL network between the
two extremes of minimum overhead (large MRU, single-segment) and two extremes of minimum overhead (large MRU, single-segment) and
predictable message sizing (small MRU, highly segmented). Different predictable message sizing (small MRU, highly segmented). Different
policies can be applied to each transfer stream to and from any policies can be applied to each transfer stream to and from any
particular node. Additionally, future session extension and transfer particular entity. Additionally, future session extension and
extension types can apply further nuance to transfer policies and transfer extension types can apply further nuance to transfer
policy negotiation. policies and policy negotiation.
3.7. Example Message Exchange 3.7. Example Message Exchange
The following figure depicts the protocol exchange for a simple The following figure depicts the protocol exchange for a simple
session, showing the session establishment and the transmission of a session, showing the session establishment and the transmission of a
single bundle split into three data segments (of lengths "L1", "L2", single bundle split into three data segments (of lengths "L1", "L2",
and "L3") from Entity A to Entity B. and "L3") from Entity A to Entity B.
Note that the sending node can transmit multiple XFER_SEGMENT Note that the sending entity can transmit multiple XFER_SEGMENT
messages without waiting for the corresponding XFER_ACK responses. messages without waiting for the corresponding XFER_ACK responses.
This enables pipelining of messages on a transfer stream. Although This enables pipelining of messages on a transfer stream. Although
this example only demonstrates a single bundle transmission, it is this example only demonstrates a single bundle transmission, it is
also possible to pipeline multiple XFER_SEGMENT messages for also possible to pipeline multiple XFER_SEGMENT messages for
different bundles without necessarily waiting for XFER_ACK messages different bundles without necessarily waiting for XFER_ACK messages
to be returned for each one. However, interleaving data segments to be returned for each one. However, interleaving data segments
from different bundles is not allowed. from different bundles is not allowed.
No errors or rejections are shown in this example. No errors or rejections are shown in this example.
Entity A Entity B Entity A Entity B
======== ======== ======== ========
+-------------------------+ +-------------------------+
| Open TCP Connection | -> +-------------------------+ | Open TCP Connection | -> +-------------------------+
+-------------------------+ <- | Accept Connection | +-------------------------+ <- | Accept Connection |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+
| Contact Header | -> +-------------------------+ | Contact Header | -> +-------------------------+
+-------------------------+ <- | Contact Header | +-------------------------+ <- | Contact Header |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+
| SESS_INIT | -> +-------------------------+ | SESS_INIT | -> +-------------------------+
+-------------------------+ <- | SESS_INIT | +-------------------------+ <- | SESS_INIT |
+-------------------------+ +-------------------------+
+-------------------------+
| XFER_SEGMENT (start) | ->
| Transfer ID [I1] |
| Length [L1] |
| Bundle Data 0..(L1-1) |
+-------------------------+
+-------------------------+ +-------------------------+
| XFER_SEGMENT | -> <- | XFER_ACK (start) |
| Transfer ID [I1] | | Transfer ID [I1] |
| Length [L2] | | Length [L1] |
|Bundle Data L1..(L1+L2-1)| +-------------------------+
+-------------------------+
+-------------------------+ +-------------------------+
| XFER_SEGMENT (end) | -> <- | XFER_ACK |
| Transfer ID [I1] | | Transfer ID [I1] |
| Length [L3] | | Length [L1+L2] |
|Bundle Data | +-------------------------+
| (L1+L2)..(L1+L2+L3-1)|
+-------------------------+
+-------------------------+
<- | XFER_ACK (end) |
| Transfer ID [I1] |
| Length [L1+L2+L3] |
+-------------------------+
+-------------------------+ +-------------------------+
| SESS_TERM | -> +-------------------------+ | XFER_SEGMENT (start) | ->
+-------------------------+ <- | SESS_TERM | | Transfer ID [I1] |
+-------------------------+ | Length [L1] |
+-------------------------+ +-------------------------+ | Bundle Data 0..(L1-1) |
| TCP Close | -> <- | TCP Close | +-------------------------+
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
| XFER_SEGMENT | -> <- | XFER_ACK (start) |
| Transfer ID [I1] | | Transfer ID [I1] |
| Length [L2] | | Length [L1] |
|Bundle Data L1..(L1+L2-1)| +-------------------------+
+-------------------------+
+-------------------------+ +-------------------------+
| XFER_SEGMENT (end) | -> <- | XFER_ACK |
| Transfer ID [I1] | | Transfer ID [I1] |
| Length [L3] | | Length [L1+L2] |
|Bundle Data | +-------------------------+
| (L1+L2)..(L1+L2+L3-1)|
+-------------------------+
+-------------------------+
<- | XFER_ACK (end) |
| Transfer ID [I1] |
| Length [L1+L2+L3] |
+-------------------------+
Figure 15: An example of the flow of protocol messages on a single +-------------------------+
TCP Session between two entities | SESS_TERM | -> +-------------------------+
+-------------------------+ <- | SESS_TERM |
+-------------------------+
+-------------------------+ +-------------------------+
| TCP Close | -> <- | TCP Close |
+-------------------------+ +-------------------------+
Figure 15: An example of the flow of protocol messages on a
single TCP Session between two entities
4. Session Establishment 4. Session Establishment
For bundle transmissions to occur using the TCPCL, a TCPCL session For bundle transmissions to occur using the TCPCL, a TCPCL session
MUST first be established between communicating entities. It is up MUST first be established between communicating entities. It is up
to the implementation to decide how and when session setup is to the implementation to decide how and when session setup is
triggered. For example, some sessions can be opened proactively and triggered. For example, some sessions can be opened proactively and
maintained for as long as is possible given the network conditions, maintained for as long as is possible given the network conditions,
while other sessions are be opened only when there is a bundle that while other sessions are be opened only when there is a bundle that
is queued for transmission and the routing algorithm selects a is queued for transmission and the routing algorithm selects a
skipping to change at page 24, line 49 skipping to change at page 25, line 12
than one minute (60 seconds). Upon reception of a Contact Header, than one minute (60 seconds). Upon reception of a Contact Header,
the passive entity SHALL transmit its Contact Header. The ordering the passive entity SHALL transmit its Contact Header. The ordering
of the Contact Header exchange allows the passive entity to avoid of the Contact Header exchange allows the passive entity to avoid
allocating resources to a potential TCPCL session until after a valid allocating resources to a potential TCPCL session until after a valid
Contact Header has been received from the active entity. This Contact Header has been received from the active entity. This
ordering also allows the passive peer to adapt to alternate TCPCL ordering also allows the passive peer to adapt to alternate TCPCL
protocol versions. protocol versions.
The format of the Contact Header is described in Section 4.2. The format of the Contact Header is described in Section 4.2.
Because the TCPCL protocol version in use is part of the initial Because the TCPCL protocol version in use is part of the initial
Contact Header, nodes using TCPCL version 4 can coexist on a network Contact Header, entities using TCPCL version 4 can coexist on a
with nodes using earlier TCPCL versions (with some negotiation needed network with entities using earlier TCPCL versions (with some
for interoperation as described in Section 4.3). negotiation needed for interoperation as described in Section 4.3).
Within this specification when an entity is said to "close" a TCP
connection the entity SHALL use the TCP FIN mechanism and not the RST
mechanism. Either mechanism, however, when received will cause a TCP
connection to become closed.
4.2. Contact Header 4.2. Contact Header
This section describes the format of the Contact Header and the This section describes the format of the Contact Header and the
meaning of its fields. meaning of its fields.
If an entity is capable of exchanging messages according to TLS 1.3 If an entity is capable of exchanging messages according to TLS 1.3
[RFC8446] or any successors which are compatible with that TLS [RFC8446] or any successors which are compatible with that TLS
ClientHello, the the CAN_TLS flag within its Contact Header SHALL be ClientHello, the the CAN_TLS flag within its Contact Header SHALL be
set to 1. This behavior prefers the use of TLS when possible, even set to 1. This behavior prefers the use of TLS when possible, even
skipping to change at page 25, line 34 skipping to change at page 25, line 50
The format for the Contact Header is as follows: The format for the Contact Header is as follows:
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| magic='dtn!' | | magic='dtn!' |
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| Version | Flags | | Version | Flags |
+---------------+---------------+ +---------------+---------------+
Figure 16: Contact Header Format Figure 16: Contact Header Format
See Section 4.3 for details on the use of each of these Contact See Section 4.3 for details on the use of each of these Contact
Header fields. Header fields.
The fields of the Contact Header are: The fields of the Contact Header are:
magic: A four-octet field that always contains the octet sequence magic: A four-octet field that always contains the octet sequence
0x64 0x74 0x6E 0x21, i.e., the text string "dtn!" in US-ASCII (and 0x64 0x74 0x6E 0x21, i.e., the text string "dtn!" in US-ASCII (and
UTF-8). UTF-8).
Version: A one-octet field value containing the value 4 (current Version: A one-octet field value containing the value 4 (current
version of the TCPCL). version of the TCPCL).
Flags: A one-octet field of single-bit flags, interpreted according Flags: A one-octet field of single-bit flags, interpreted according
to the descriptions in Table 1. All reserved header flag bits to the descriptions in Table 1. All reserved header flag bits
SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header flag bits
SHALL be ignored by the receiver. SHALL be ignored by the receiver.
+----------+--------+-----------------------------------------------+ +==========+========+==========================================+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +==========+========+==========================================+
| CAN_TLS | 0x01 | If bit is set, indicates that the sending | | CAN_TLS | 0x01 | If bit is set, indicates that the |
| | | peer is capable of TLS security. | | | | sending peer is capable of TLS security. |
| | | | +----------+--------+------------------------------------------+
| Reserved | others | | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+------------------------------------------+
Table 1: Contact Header Flags Table 1: Contact Header Flags
4.3. Contact Validation and Negotiation 4.3. Contact Validation and Negotiation
Upon reception of the Contact Header, each node follows the following Upon reception of the Contact Header, each entity follows the
procedures to ensure the validity of the TCPCL session and to following procedures to ensure the validity of the TCPCL session and
negotiate values for the session parameters. to negotiate values for the session parameters.
If the magic string is not present or is not valid, the connection If the magic string is not present or is not valid, the connection
MUST be terminated. The intent of the magic string is to provide MUST be terminated. The intent of the magic string is to provide
some protection against an inadvertent TCP connection by a different some protection against an inadvertent TCP connection by a different
protocol than the one described in this document. To prevent a flood protocol than the one described in this document. To prevent a flood
of repeated connections from a misconfigured application, a passive of repeated connections from a misconfigured application, a passive
entity MAY deny new TCP connections from a specific peer address for entity MAY deny new TCP connections from a specific peer address for
a period of time after one or more connections fail to provide a a period of time after one or more connections fail to provide a
decodable Contact Header. decodable Contact Header.
The first negotiation is on the TCPCL protocol version to use. The The first negotiation is on the TCPCL protocol version to use. The
active entity always sends its Contact Header first and waits for a active entity always sends its Contact Header first and waits for a
response from the passive entity. During contact initiation, the response from the passive entity. During contact initiation, the
active TCPCL node SHALL send the highest TCPCL protocol version on a active TCPCL entity SHALL send the highest TCPCL protocol version on
first session attempt for a TCPCL peer. If the active entity a first session attempt for a TCPCL peer. If the active entity
receives a Contact Header with a lower protocol version than the one receives a Contact Header with a lower protocol version than the one
sent earlier on the TCP connection, the TCP connection SHALL be sent earlier on the TCP connection, the TCP connection SHALL be
closed. If the active entity receives a SESS_TERM message with closed. If the active entity receives a SESS_TERM message with
reason of "Version Mismatch", that node MAY attempt further TCPCL reason of "Version Mismatch", that entity MAY attempt further TCPCL
sessions with the peer using earlier protocol version numbers in sessions with the peer using earlier protocol version numbers in
decreasing order. Managing multi-TCPCL-session state such as this is decreasing order. Managing multi-TCPCL-session state such as this is
an implementation matter. an implementation matter.
If the passive entity receives a Contact Header containing a version If the passive entity receives a Contact Header containing a version
that is not a version of the TCPCL that the entity implements, then that is not a version of the TCPCL that the entity implements, then
the entity SHALL send its Contact Header and immediately terminate the entity SHALL send its Contact Header and immediately terminate
the session with a reason code of "Version mismatch". If the passive the session with a reason code of "Version mismatch". If the passive
entity receives a Contact Header with a version that is lower than entity receives a Contact Header with a version that is lower than
the latest version of the protocol that the entity implements, the the latest version of the protocol that the entity implements, the
skipping to change at page 28, line 24 skipping to change at page 28, line 45
described in later sections) for the entity which presents it. described in later sections) for the entity which presents it.
Because the PKIX environment of each TCPCL entity are likely not Because the PKIX environment of each TCPCL entity are likely not
controlled by the certificate end users (see Section 3.4), the TCPCL controlled by the certificate end users (see Section 3.4), the TCPCL
defines a prioritized list of what a certificate can identify about a defines a prioritized list of what a certificate can identify about a
TCPCL entity: TCPCL entity:
Node ID: The ideal certificate identity is the Node ID of the entity Node ID: The ideal certificate identity is the Node ID of the entity
using the NODE-ID definition below. When the Node ID is using the NODE-ID definition below. When the Node ID is
identified, there is no need for any lower-level identification to identified, there is no need for any lower-level identification to
take place. be present (though it can still be present, and if so it is also
validated).
DNS Name: If CA policy forbids a certificate to contain an arbitrary DNS Name: If CA policy forbids a certificate to contain an arbitrary
NODE-ID but allows a DNS-ID to be identified then one or more NODE-ID but allows a DNS-ID to be identified then one or more
stable DNS names can be identified in the certificate. The use of stable DNS names can be identified in the certificate. The use of
wildcard DNS-ID is discouraged due to the complex rules for wildcard DNS-ID is discouraged due to the complex rules for
matching and dependence on implementation support for wildcard matching and dependence on implementation support for wildcard
matching (see Section 6.4.3 of [RFC6125]). matching (see Section 6.4.3 of [RFC6125]).
Network Address: If no stable DNS name is available but a stable Network Address: If no stable DNS name is available but a stable
network address is available and CA policy allows a certificate to network address is available and CA policy allows a certificate to
contain a IPADDR-ID (as defined below) then one or more network contain a IPADDR-ID (as defined below) then one or more network
addresses can be identified in the certificate. addresses can be identified in the certificate.
When only a DNS-ID or IPADDR-ID can be identified by a certificate, When only a DNS-ID or IPADDR-ID can be identified by a certificate,
it is implied that an entity which authenticates using that it is implied that an entity which authenticates using that
certificate is trusted to provide a valid Node ID in its SESS_INIT; certificate is trusted to provide a valid Node ID in its SESS_INIT;
the certificate itself does not actually authenticate that Node ID. the certificate itself does not actually authenticate that Node ID.
The RECOMMENDED security policy of an entity is to validate a peer The RECOMMENDED security policy of an entity is to validate a NODE-ID
which authenticates its Node ID regardless of an authenticated DNS when present, and only require DNS-ID/IPADDR-ID authentication in the
name or address, and only consider the host/address authentication in absence of a NODE-ID.
the absence of an authenticated Node ID.
This specification defines a NODE-ID of a certificate as being the This specification defines a NODE-ID of a certificate as being the
subjectAltName entry of type uniformResourceIdentifier whose value is subjectAltName entry of type uniformResourceIdentifier whose value is
a URI consistent with the requirements of [RFC3986] and the URI a URI consistent with the requirements of [RFC3986] and the URI
schemes of the IANA "Bundle Protocol URI Scheme Type" registry. This schemes of the IANA "Bundle Protocol URI Scheme Type" registry
is similar to the URI-ID of [RFC6125] but does not require any [IANA-BUNDLE]. This is similar to the URI-ID of [RFC6125] but does
structure to the scheme-specific-part of the URI. Unless specified not require any structure to the scheme-specific-part of the URI.
otherwise by the definition of the URI scheme being authenticated, Unless specified otherwise by the definition of the URI scheme being
URI matching of a NODE-ID SHALL use the URI comparison logic of authenticated, URI matching of a NODE-ID SHALL use the URI comparison
[RFC3986] and scheme-based normalization of those schemes specified logic of [RFC3986] and scheme-based normalization of those schemes
in [I-D.ietf-dtn-bpbis]. A URI scheme can refine this "exact match" specified in [I-D.ietf-dtn-bpbis]. A URI scheme can refine this
logic with rules about how Node IDs within that scheme are to be "exact match" logic with rules about how Node IDs within that scheme
compared with the certificate-authenticated NODE-ID. are to be compared with the certificate-authenticated NODE-ID.
This specification defines a IPADDR-ID of a certificate as being the This specification defines a IPADDR-ID of a certificate as being the
subjectAltName entry of type iPAddress whose value is encoded subjectAltName entry of type iPAddress whose value is encoded
according to [RFC5280]. according to [RFC5280].
4.4.2. TLS Handshake 4.4.2. TLS Handshake
The use of TLS is negotiated using the Contact Header as described in The use of TLS is negotiated using the Contact Header as described in
Section 4.3. After negotiating an Enable TLS parameter of true, and Section 4.3. After negotiating an Enable TLS parameter of true, and
before any other TCPCL messages are sent within the session, the before any other TCPCL messages are sent within the session, the
session entities SHALL begin a TLS handshake in accordance with session entities SHALL begin a TLS handshake in accordance with
[RFC8446]. By convention, this protocol uses the entity which [RFC8446]. By convention, this protocol uses the entity which
initiated the underlying TCP connection (the active peer) as the initiated the underlying TCP connection (the active peer) as the
"client" role of the TLS handshake request. "client" role of the TLS handshake request.
The TLS handshake, if it occurs, is considered to be part of the The TLS handshake, if it occurs, is considered to be part of the
contact negotiation before the TCPCL session itself is established. contact negotiation before the TCPCL session itself is established.
Specifics about sensitive data exposure are discussed in Section 8. Specifics about sensitive data exposure are discussed in Section 8.
The parameters within each TLS negotiation are implementation The parameters within each TLS negotiation are implementation
dependent but any TCPCL node SHALL follow all recommended practices dependent but any TCPCL entity SHALL follow all recommended practices
of BCP 195 [RFC7525], or any updates or successors that become part of BCP 195 [RFC7525], or any updates or successors that become part
of BCP 195. Within each TLS handshake, the following requirements of BCP 195. Within each TLS handshake, the following requirements
apply (using the rough order in which they occur): apply (using the rough order in which they occur):
Client Hello: When a resolved DNS name was used to establish the TCP Client Hello: When a resolved DNS name was used to establish the TCP
connection, the TLS ClientHello SHOULD include a Server Name connection, the TLS ClientHello SHOULD include a Server Name
Indication (SNI) in accordance with [RFC6066]. When present, the Indication (SNI) in accordance with [RFC6066]. When present, the
"server_name" extension SHALL contain a "HostName" value taken "server_name" extension SHALL contain a "HostName" value taken
from the DNS name (of the passive entity) which was resolved. from the DNS name (of the passive entity) which was resolved.
Note: The 'HostName in the "server_name" extension is the network Note: The 'HostName in the "server_name" extension is the network
skipping to change at page 30, line 41 skipping to change at page 31, line 18
session to terminate. session to terminate.
After a TLS connection is successfully established, the active entity After a TLS connection is successfully established, the active entity
SHALL send a SESS_INIT message to begin session negotiation. This SHALL send a SESS_INIT message to begin session negotiation. This
session negotiation and all subsequent messaging are secured. session negotiation and all subsequent messaging are secured.
4.4.3. TLS Authentication 4.4.3. TLS Authentication
Using PKIX certificates exchanged during the TLS handshake, each of Using PKIX certificates exchanged during the TLS handshake, each of
the entities can authenticate a peer Node ID directly or authenticate the entities can authenticate a peer Node ID directly or authenticate
the peer DNS name or network address. The logic for attempting the peer DNS name or network address. The logic for handling
authentication is separate from the logic for handling the result of certificates and certificate data is separated into three phases:
authentication, which is based on local security policy.
1. Validating the certification path from the end-entity certificate
up to a trusted root CA.
2. Authenticating identities from a valid end-entity certificate.
3. Applying security policy to the result of each identity type
authentication.
By using the SNI DNS name (see Section 4.4.2) a single passive entity By using the SNI DNS name (see Section 4.4.2) a single passive entity
can act as a convergence layer for multiple BP agents with distinct can act as a convergence layer for multiple BP agents with distinct
Node IDs. When this "virtual host" behavior is used, the DNS name is Node IDs. When this "virtual host" behavior is used, the DNS name is
used as the indication of which BP Node the active entity is used as the indication of which BP Node the active entity is
attempting to communicate with. A virtual host CL entity can be attempting to communicate with. A virtual host CL entity can be
authenticated by a certificate containing all of the DNS names and/or authenticated by a certificate containing all of the DNS names and/or
Node IDs being hosted or by several certificates each authenticating Node IDs being hosted or by several certificates each authenticating
a single DNS name and/or Node ID, using the SNI value from the peer a single DNS name and/or Node ID, using the SNI value from the peer
to select which certificate to use. to select which certificate to use.
Any certificate received during TLS handshake SHALL be validated up For any peer certificate received during TLS handshake, the entity
to one or more trusted CA certificates. If certificate validation SHALL perform the certification path validation of [RFC5280] up to
fails or if security policy disallows a certificate for any reason, one of the entity's trusted CA certificates. If certificate
the entity SHALL terminate the session (with a reason code of validation fails or if security policy disallows a certificate for
"Contact Failure"). any reason, the entity SHALL fail the TLS handshake with a bad
certificate error. Leaving out part of the certification chain can
cause the entity to fail to validate a certificate if the left-out
certificates are unknown to the entity (see Section 8.6).
The result of authenticating a peer value against a certificate claim The result of authenticating a peer identity (i.e., Node ID, DNS
is one of: name, or IP address) against one type of certificate claim is one of:
Absent: Indicating that the claim type is not present in the Absent: Indicating that no claims of that type are present in the
certificate and cannot be authenticated. certificate and the identity cannot be authenticated.
Success: Indicating the claim type is present and matches the peer Success: Indicating that one or more claims of that type are present
(Node ID / DNS name / address) value. and one matches the peer identity value.
Failure: Indicating the claim type is present but did not match the Failure: Indicating that one or more claims of that type are present
peer value. and none match the peer identity.
Either during or immediately after the TLS handshake, the active Either during or immediately after the TLS handshake if the active
entity SHALL authenticate the DNS name (of the passive entity) used entity resolved a DNS name (of the passive entity) in order to
to initiate the TCP connection using any DNS-ID of the peer initiate the TCP connection, the active entity SHALL authenticate
certificate. If the DNS name authentication result is Failure or if that DNS name using any DNS-ID of the peer certificate. If the DNS
the result is Absent and security policy requires an authenticated name authentication result is Failure or if the result is Absent and
DNS name, the entity SHALL terminate the session (with a reason code security policy requires an authenticated DNS name, the entity SHALL
of "Contact Failure"). terminate the session (with a reason code of "Contact Failure").
Either during or immediately after the TLS handshake, the active Either during or immediately after the TLS handshake, each side of
entity SHALL authenticate the IP address of the other side of the TCP the session SHALL authenticate the IP address of the other side of
connection using any IPADDR-ID of the peer certificate. Either the TCP connection using any IPADDR-ID of the peer certificate. If
during or immediately after the TLS handshake, the passive entity the address authentication result is Failure or if the result is
SHALL authenticate the IP address of the other side of the TCP Absent and security policy requires an authenticated network address,
connection using any IPADDR-ID of the peer certificate. If the the entity SHALL terminate the session (with a reason code of
address authentication result is Failure or if the result is Absent "Contact Failure").
and security policy requires an authenticated network address, the
entity SHALL terminate the session (with a reason code of "Contact
Failure").
Immediately before Session Parameter Negotiation, each side of the Immediately before Session Parameter Negotiation, each side of the
session SHALL authenticate the Node ID of the peer's SESS_INIT session SHALL authenticate the Node ID of the peer's SESS_INIT
message using any NODE-ID of the peer certificate. If the Node ID message using any NODE-ID of the peer certificate. If the Node ID
authentication result is Failure or if the result is Absent and authentication result is Failure or if the result is Absent and
security policy requires an authenticated Node ID, the entity SHALL security policy requires an authenticated Node ID, the entity SHALL
terminate the session (with a reason code of "Contact Failure"). terminate the session (with a reason code of "Contact Failure").
4.4.4. Example TLS Initiation 4.4.4. Example TLS Initiation
A summary of a typical TLS use is shown in the sequence in Figure 17 A summary of a typical TLS use is shown in the sequence in Figure 17
below. In this example the active peer terminates the session but below. In this example the active peer terminates the session but
termination can be initiated from either peer. termination can be initiated from either peer.
Entity A Entity B Entity A Entity B
active peer passive peer active peer passive peer
+-------------------------+ +-------------------------+
| Open TCP Connection | -> +-------------------------+ | Open TCP Connection | -> +-------------------------+
+-------------------------+ <- | Accept Connection | +-------------------------+ <- | Accept Connection |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+
| Contact Header | -> +-------------------------+ | Contact Header | -> +-------------------------+
+-------------------------+ <- | Contact Header | +-------------------------+ <- | Contact Header |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
| TLS Negotiation | -> <- | TLS Negotiation | | TLS Negotiation | -> <- | TLS Negotiation |
| (as client) | | (as server) | | (as client) | | (as server) |
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
DNS name validation occurs. DNS-ID and IPADDR-ID authentication occurs.
Secured TCPCL messaging can begin. Secured TCPCL messaging can begin.
+-------------------------+ +-------------------------+
| SESS_INIT | -> +-------------------------+ | SESS_INIT | -> +-------------------------+
+-------------------------+ <- | SESS_INIT | +-------------------------+ <- | SESS_INIT |
+-------------------------+ +-------------------------+
Node ID validation occurs. NODE-ID authentication occurs.
Session is established, transfers can begin. Session is established, transfers can begin.
+-------------------------+ +-------------------------+
| SESS_TERM | -> +-------------------------+ | SESS_TERM | -> +-------------------------+
+-------------------------+ <- | SESS_TERM | +-------------------------+ <- | SESS_TERM |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+
| TLS Closure Alert | -> +-------------------------+ | TLS Closure Alert | -> +-------------------------+
+-------------------------+ <- | TLS Closure Alert | +-------------------------+ <- | TLS Closure Alert |
+-------------------------+ +-------------------------+
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
| TCP Close | -> <- | TCP Close | | TCP Close | -> <- | TCP Close |
+-------------------------+ +-------------------------+ +-------------------------+ +-------------------------+
Figure 17: A simple visual example of TCPCL TLS Establishment between Figure 17: A simple visual example of TCPCL TLS Establishment
two entities between two entities
4.5. Message Header 4.5. Message Header
After the initial exchange of a Contact Header, all messages After the initial exchange of a Contact Header and (if TLS is
transmitted over the session are identified by a one-octet header negotiated to be used) the TLS handshake, all messages transmitted
with the following structure: over the session are identified by a one-octet header with the
following structure:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
+---------------+ +---------------+
| Message Type | | Message Type |
+---------------+ +---------------+
Figure 18: Format of the Message Header Figure 18: Format of the Message Header
The message header fields are as follows: The message header fields are as follows:
Message Type: Indicates the type of the message as per Table 2 Message Type: Indicates the type of the message as per Table 2
below. Encoded values are listed in Section 9.5. below. Encoded values are listed in Section 9.5.
+--------------+------+---------------------------------------------+ +==============+======+=====================================+
| Name | Code | Description | | Name | Code | Description |
+--------------+------+---------------------------------------------+ +==============+======+=====================================+
| SESS_INIT | 0x07 | Contains the session parameter inputs from | | SESS_INIT | 0x07 | Contains the session parameter |
| | | one of the entities, as described in | | | | inputs from one of the entities, as |
| | | Section 4.6. | | | | described in Section 4.6. |
| | | | +--------------+------+-------------------------------------+
| SESS_TERM | 0x05 | Indicates that one of the entities | | SESS_TERM | 0x05 | Indicates that one of the entities |
| | | participating in the session wishes to | | | | participating in the session wishes |
| | | cleanly terminate the session, as described | | | | to cleanly terminate the session, |
| | | in Section 6.1. | | | | as described in Section 6.1. |
| | | | +--------------+------+-------------------------------------+
| XFER_SEGMENT | 0x01 | Indicates the transmission of a segment of | | XFER_SEGMENT | 0x01 | Indicates the transmission of a |
| | | bundle data, as described in Section 5.2.2. | | | | segment of bundle data, as |
| | | | | | | described in Section 5.2.2. |
| XFER_ACK | 0x02 | Acknowledges reception of a data segment, | +--------------+------+-------------------------------------+
| | | as described in Section 5.2.3. | | XFER_ACK | 0x02 | Acknowledges reception of a data |
| | | | | | | segment, as described in |
| XFER_REFUSE | 0x03 | Indicates that the transmission of the | | | | Section 5.2.3. |
| | | current bundle SHALL be stopped, as | +--------------+------+-------------------------------------+
| | | described in Section 5.2.4. | | XFER_REFUSE | 0x03 | Indicates that the transmission of |
| | | | | | | the current bundle SHALL be |
| KEEPALIVE | 0x04 | Used to keep TCPCL session active, as | | | | stopped, as described in |
| | | described in Section 5.1.1. | | | | Section 5.2.4. |
| | | | +--------------+------+-------------------------------------+
| MSG_REJECT | 0x06 | Contains a TCPCL message rejection, as | | KEEPALIVE | 0x04 | Used to keep TCPCL session active, |
| | | described in Section 5.1.2. | | | | as described in Section 5.1.1. |
+--------------+------+---------------------------------------------+ +--------------+------+-------------------------------------+
| MSG_REJECT | 0x06 | Contains a TCPCL message rejection, |
| | | as described in Section 5.1.2. |
+--------------+------+-------------------------------------+
Table 2: TCPCL Message Types Table 2: TCPCL Message Types
4.6. Session Initialization Message (SESS_INIT) 4.6. Session Initialization Message (SESS_INIT)
Before a session is established and ready to transfer bundles, the Before a session is established and ready to transfer bundles, the
session parameters are negotiated between the connected entities. session parameters are negotiated between the connected entities.
The SESS_INIT message is used to convey the per-entity parameters The SESS_INIT message is used to convey the per-entity parameters
which are used together to negotiate the per-session parameters as which are used together to negotiate the per-session parameters as
described in Section 4.7. described in Section 4.7.
The format of a SESS_INIT message is as follows in Figure 19. The format of a SESS_INIT message is as follows in Figure 19.
skipping to change at page 36, line 9 skipping to change at page 37, line 9
Node ID Length and Node ID Data: Together these fields represent a Node ID Length and Node ID Data: Together these fields represent a
variable-length text string. The Node ID Length is a 16-bit variable-length text string. The Node ID Length is a 16-bit
unsigned integer indicating the number of octets of Node ID Data unsigned integer indicating the number of octets of Node ID Data
to follow. A zero-length Node ID SHALL be used to indicate the to follow. A zero-length Node ID SHALL be used to indicate the
lack of Node ID rather than a truly empty Node ID. This case lack of Node ID rather than a truly empty Node ID. This case
allows an entity to avoid exposing Node ID information on an allows an entity to avoid exposing Node ID information on an
untrusted network. A non-zero-length Node ID Data SHALL contain untrusted network. A non-zero-length Node ID Data SHALL contain
the UTF-8 encoded Node ID of the Entity which sent the SESS_INIT the UTF-8 encoded Node ID of the Entity which sent the SESS_INIT
message. Every Node ID SHALL be a URI consistent with the message. Every Node ID SHALL be a URI consistent with the
requirements of [RFC3986] and the URI schemes of the IANA "Bundle requirements of [RFC3986] and the URI schemes of the IANA "Bundle
Protocol URI Scheme Type" registry. The Node ID itself can be Protocol URI Scheme Type" registry [IANA-BUNDLE]. The Node ID
authenticated as described in Section 4.4.3. itself can be authenticated as described in Section 4.4.3.
Session Extension Length and Session Extension Items: Session Extension Length and Session Extension Items: Together these
Together these fields represent protocol extension data not fields represent protocol extension data not defined by this
defined by this specification. The Session Extension Length is specification. The Session Extension Length is the total number
the total number of octets to follow which are used to encode the of octets to follow which are used to encode the Session Extension
Session Extension Item list. The encoding of each Session Item list. The encoding of each Session Extension Item is within
Extension Item is within a consistent data container as described a consistent data container as described in Section 4.8. The full
in Section 4.8. The full set of Session Extension Items apply for set of Session Extension Items apply for the duration of the TCPCL
the duration of the TCPCL session to follow. The order and session to follow. The order and multiplicity of these Session
multiplicity of these Session Extension Items is significant, as Extension Items is significant, as defined in the associated type
defined in the associated type specification(s). If the content specification(s). If the content of the Session Extension Items
of the Session Extension Items data disagrees with the Session data disagrees with the Session Extension Length (e.g., the last
Extension Length (e.g., the last Item claims to use more octets Item claims to use more octets than are present in the Session
than are present in the Session Extension Length), the reception Extension Length), the reception of the SESS_INIT is considered to
of the SESS_INIT is considered to have failed. have failed.
When the active entity initiates a TCPCL session, it is likely based When the active entity initiates a TCPCL session, it is likely based
on routing information which binds a Node ID to CL parameters. If on routing information which binds a Node ID to CL parameters. If
the active entity receives a SESS_INIT with different Node ID than the active entity receives a SESS_INIT with different Node ID than
was intended for the TCPCL session, the session MAY be allowed to be was intended for the TCPCL session, the session MAY be allowed to be
established. If allowed, such a session SHALL be associated with the established. If allowed, such a session SHALL be associated with the
Node ID provided in the SESS_INIT message rather than any intended Node ID provided in the SESS_INIT message rather than any intended
value. value.
4.7. Session Parameter Negotiation 4.7. Session Parameter Negotiation
An entity calculates the parameters for a TCPCL session by An entity calculates the parameters for a TCPCL session by
negotiating the values from its own preferences (conveyed by the negotiating the values from its own preferences (conveyed by the
SESS_INIT it sent to the peer) with the preferences of the peer node SESS_INIT it sent to the peer) with the preferences of the peer
(expressed in the SESS_INIT that it received from the peer). The entity (expressed in the SESS_INIT that it received from the peer).
negotiated parameters defined by this specification are described in The negotiated parameters defined by this specification are described
the following paragraphs. in the following paragraphs.
Transfer MTU and Segment MTU: The maximum transmit unit (MTU) for Transfer MTU and Segment MTU: The maximum transmit unit (MTU) for
whole transfers and individual segments are identical to the whole transfers and individual segments are identical to the
Transfer MRU and Segment MRU, respectively, of the received Transfer MRU and Segment MRU, respectively, of the received
SESS_INIT message. A transmitting peer can send individual SESS_INIT message. A transmitting peer can send individual
segments with any size smaller than the Segment MTU, depending on segments with any size smaller than the Segment MTU, depending on
local policy, dynamic network conditions, etc. Determining the local policy, dynamic network conditions, etc. Determining the
size of each transmitted segment is an implementation matter. If size of each transmitted segment is an implementation matter. If
either the Transfer MRU or Segment MRU is unacceptable, the entity either the Transfer MRU or Segment MRU is unacceptable, the entity
SHALL terminate the session with a reason code of "Contact SHALL terminate the session with a reason code of "Contact
skipping to change at page 37, line 16 skipping to change at page 38, line 23
Session Keepalive: Negotiation of the Session Keepalive parameter is Session Keepalive: Negotiation of the Session Keepalive parameter is
performed by taking the minimum of the two Keepalive Interval performed by taking the minimum of the two Keepalive Interval
values from the two SESS_INIT messages. The Session Keepalive values from the two SESS_INIT messages. The Session Keepalive
interval is a parameter for the behavior described in interval is a parameter for the behavior described in
Section 5.1.1. If the Session Keepalive interval is unacceptable, Section 5.1.1. If the Session Keepalive interval is unacceptable,
the entity SHALL terminate the session with a reason code of the entity SHALL terminate the session with a reason code of
"Contact Failure". Note: a negotiated Session Keepalive of zero "Contact Failure". Note: a negotiated Session Keepalive of zero
indicates that KEEPALIVEs are disabled. indicates that KEEPALIVEs are disabled.
Once this process of parameter negotiation is completed (which Once this process of parameter negotiation is completed, this
includes a possible completed TLS handshake of the connection to use protocol defines no additional mechanism to change the parameters of
TLS), this protocol defines no additional mechanism to change the an established session; to effect such a change, the TCPCL session
parameters of an established session; to effect such a change, the MUST be terminated and a new session established.
TCPCL session MUST be terminated and a new session established.
4.8. Session Extension Items 4.8. Session Extension Items
Each of the Session Extension Items SHALL be encoded in an identical Each of the Session Extension Items SHALL be encoded in an identical
Type-Length-Value (TLV) container form as indicated in Figure 20. Type-Length-Value (TLV) container form as indicated in Figure 20.
The fields of the Session Extension Item are: The fields of the Session Extension Item are:
Item Flags: A one-octet field containing generic bit flags about the Item Flags: A one-octet field containing generic bit flags about the
Item, which are listed in Table 3. All reserved header flag bits Item, which are listed in Table 3. All reserved header flag bits
SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header flag bits
SHALL be ignored by the receiver. If a TCPCL entity receives a SHALL be ignored by the receiver. If a TCPCL entity receives a
Session Extension Item with an unknown Item Type and the CRITICAL Session Extension Item with an unknown Item Type and the CRITICAL
flag of 1, the entity SHALL close the TCPCL session with SESS_TERM flag of 1, the entity SHALL terminate the TCPCL session with
reason code of "Contact Failure". If the CRITICAL flag is 0, an SESS_TERM reason code of "Contact Failure". If the CRITICAL flag
entity SHALL skip over and ignore any item with an unknown Item is 0, an entity SHALL skip over and ignore any item with an
Type. unknown Item Type.
Item Type: A 16-bit unsigned integer field containing the type of Item Type: A 16-bit unsigned integer field containing the type of
the extension item. This specification does not define any the extension item. This specification does not define any
extension types directly, but does create an IANA registry for extension types directly, but does create an IANA registry for
such codes (see Section 9.3). such codes (see Section 9.3).
Item Length: A 16-bit unsigned integer field containing the number Item Length: A 16-bit unsigned integer field containing the number
of Item Value octets to follow. of Item Value octets to follow.
Item Value: A variable-length data field which is interpreted Item Value: A variable-length data field which is interpreted
skipping to change at page 38, line 15 skipping to change at page 39, line 20
data is sent. data is sent.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| Item Flags | Item Type | Item Length...| | Item Flags | Item Type | Item Length...|
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| length contd. | Item Value... | | length contd. | Item Value... |
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
Figure 20: Session Extension Item Format Figure 20: Session Extension Item Format
+----------+--------+-----------------------------------------------+ +==========+========+=============================================+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +==========+========+=============================================+
| CRITICAL | 0x01 | If bit is set, indicates that the receiving | | CRITICAL | 0x01 | If bit is set, indicates that the receiving |
| | | peer must handle the extension item. | | | | peer must handle the extension item. |
| | | | +----------+--------+---------------------------------------------+
| Reserved | others | | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+---------------------------------------------+
Table 3: Session Extension Item Flags Table 3: Session Extension Item Flags
5. Established Session Operation 5. Established Session Operation
This section describes the protocol operation for the duration of an This section describes the protocol operation for the duration of an
established session, including the mechanism for transmitting bundles established session, including the mechanism for transmitting bundles
over the session. over the session.
5.1. Upkeep and Status Messages 5.1. Upkeep and Status Messages
skipping to change at page 40, line 13 skipping to change at page 41, line 30
The format of a MSG_REJECT message is as follows in Figure 21. The format of a MSG_REJECT message is as follows in Figure 21.
+-----------------------------+ +-----------------------------+
| Message Header | | Message Header |
+-----------------------------+ +-----------------------------+
| Reason Code (U8) | | Reason Code (U8) |
+-----------------------------+ +-----------------------------+
| Rejected Message Header | | Rejected Message Header |
+-----------------------------+ +-----------------------------+
Figure 21: Format of MSG_REJECT Messages Figure 21: Format of MSG_REJECT Messages
The fields of the MSG_REJECT message are: The fields of the MSG_REJECT message are:
Reason Code: A one-octet refusal reason code interpreted according Reason Code: A one-octet refusal reason code interpreted according
to the descriptions in Table 4. to the descriptions in Table 4.
Rejected Message Header: The Rejected Message Header is a copy of Rejected Message Header: The Rejected Message Header is a copy of
the Message Header to which the MSG_REJECT message is sent as a the Message Header to which the MSG_REJECT message is sent as a
response. response.
+-------------+------+----------------------------------------------+ +==============+======+=============================================+
| Name | Code | Description | | Name | Code | Description |
+-------------+------+----------------------------------------------+ +==============+======+=============================================+
| Message | 0x01 | A message was received with a | | Message Type | 0x01 | A message was received with a Message |
| Type | | Message Type code unknown to the TCPCL node. | | Unknown | | Type code unknown to the TCPCL entity. |
| Unknown | | | +--------------+------+---------------------------------------------+
| | | | | Message | 0x02 | A message was received but the TCPCL |
| Message | 0x02 | A message was received but the | | Unsupported | | entity cannot comply with the message |
| Unsupported | | TCPCL entity cannot comply with the message | | | | contents. |
| | | contents. | +--------------+------+---------------------------------------------+
| | | | | Message | 0x03 | A message was received while the |
| Message | 0x03 | A message was received while the | | Unexpected | | session is in a state in which the |
| Unexpected | | session is in a state in which the message | | | | message is not expected. |
| | | is not expected. | +--------------+------+---------------------------------------------+
+-------------+------+----------------------------------------------+
Table 4: MSG_REJECT Reason Codes Table 4: MSG_REJECT Reason Codes
5.2. Bundle Transfer 5.2. Bundle Transfer
All of the messages in this section are directly associated with All of the messages in this section are directly associated with
transferring a bundle between TCPCL entities. transferring a bundle between TCPCL entities.
A single TCPCL transfer results in a bundle (handled by the A single TCPCL transfer results in a bundle (handled by the
convergence layer as opaque data) being exchanged from one node to convergence layer as opaque data) being exchanged from one entity to
the other. In TCPCL a transfer is accomplished by dividing a single the other. In TCPCL a transfer is accomplished by dividing a single
bundle up into "segments" based on the receiving-side Segment MRU bundle up into "segments" based on the receiving-side Segment MRU
(see Section 4.2). The choice of the length to use for segments is (see Section 4.2). The choice of the length to use for segments is
an implementation matter, but each segment MUST NOT be larger than an implementation matter, but each segment MUST NOT be larger than
the receiving node's maximum receive unit (MRU) (see the field the receiving entity's maximum receive unit (MRU) (see the field
Segment MRU of Section 4.2). The first segment for a bundle is Segment MRU of Section 4.2). The first segment for a bundle is
indicated by the 'START' flag and the last segment is indicated by indicated by the 'START' flag and the last segment is indicated by
the 'END' flag. the 'END' flag.
A single transfer (and by extension a single segment) SHALL NOT A single transfer (and by extension a single segment) SHALL NOT
contain data of more than a single bundle. This requirement is contain data of more than a single bundle. This requirement is
imposed on the agent using the TCPCL rather than TCPCL itself. imposed on the agent using the TCPCL rather than TCPCL itself.
If multiple bundles are transmitted on a single TCPCL connection, If multiple bundles are transmitted on a single TCPCL connection,
they MUST be transmitted consecutively without interleaving of they MUST be transmitted consecutively without interleaving of
skipping to change at page 41, line 31 skipping to change at page 43, line 19
bundle. A Transfer ID does not attempt to address uniqueness of the bundle. A Transfer ID does not attempt to address uniqueness of the
bundle data itself and has no relation to concepts such as bundle bundle data itself and has no relation to concepts such as bundle
fragmentation. Each invocation of TCPCL by the bundle protocol fragmentation. Each invocation of TCPCL by the bundle protocol
agent, requesting transmission of a bundle (fragmentary or agent, requesting transmission of a bundle (fragmentary or
otherwise), results in the initiation of a single TCPCL transfer. otherwise), results in the initiation of a single TCPCL transfer.
Each transfer entails the sending of a sequence of some number of Each transfer entails the sending of a sequence of some number of
XFER_SEGMENT and XFER_ACK messages; all are correlated by the same XFER_SEGMENT and XFER_ACK messages; all are correlated by the same
Transfer ID. The sending entity originates a transfer ID and the Transfer ID. The sending entity originates a transfer ID and the
receiving entity uses that same Transfer ID in acknowledgements. receiving entity uses that same Transfer ID in acknowledgements.
Transfer IDs from each node SHALL be unique within a single TCPCL Transfer IDs from each entity SHALL be unique within a single TCPCL
session. Upon exhaustion of the entire 64-bit Transfer ID space, the session. Upon exhaustion of the entire 64-bit Transfer ID space, the
sending node SHALL terminate the session with SESS_TERM reason code sending entity SHALL terminate the session with SESS_TERM reason code
"Resource Exhaustion". For bidirectional bundle transfers, a TCPCL "Resource Exhaustion". For bidirectional bundle transfers, a TCPCL
node SHOULD NOT rely on any relation between Transfer IDs originating entity SHOULD NOT rely on any relation between Transfer IDs
from each side of the TCPCL session. originating from each side of the TCPCL session.
Although there is not a strict requirement for Transfer ID initial Although there is not a strict requirement for Transfer ID initial
values or ordering (see Section 8.11), in the absence of any other values or ordering (see Section 8.12), in the absence of any other
mechanism for generating Transfer IDs an entity SHALL use the mechanism for generating Transfer IDs an entity SHALL use the
following algorithm: The initial Transfer ID from each node is zero following algorithm: The initial Transfer ID from each entity is zero
and subsequent Transfer ID values are incremented from the prior and subsequent Transfer ID values are incremented from the prior
Transfer ID value by one. Transfer ID value by one.
5.2.2. Data Transmission (XFER_SEGMENT) 5.2.2. Data Transmission (XFER_SEGMENT)
Each bundle is transmitted in one or more data segments. The format Each bundle is transmitted in one or more data segments. The format
of a XFER_SEGMENT message follows in Figure 22. of a XFER_SEGMENT message follows in Figure 22.
+------------------------------+ +------------------------------+
| Message Header | | Message Header |
skipping to change at page 42, line 25 skipping to change at page 44, line 25
+------------------------------+ +------------------------------+
| Transfer Extension | | Transfer Extension |
| Items (var.) | | Items (var.) |
| (only for START segment) | | (only for START segment) |
+------------------------------+ +------------------------------+
| Data length (U64) | | Data length (U64) |
+------------------------------+ +------------------------------+
| Data contents (octet string) | | Data contents (octet string) |
+------------------------------+ +------------------------------+
Figure 22: Format of XFER_SEGMENT Messages Figure 22: Format of XFER_SEGMENT Messages
The fields of the XFER_SEGMENT message are: The fields of the XFER_SEGMENT message are:
Message Flags: A one-octet field of single-bit flags, interpreted Message Flags: A one-octet field of single-bit flags, interpreted
according to the descriptions in Table 5. All reserved header according to the descriptions in Table 5. All reserved header
flag bits SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header
flag bits SHALL be ignored by the receiver. flag bits SHALL be ignored by the receiver.
Transfer ID: A 64-bit unsigned integer identifying the transfer Transfer ID: A 64-bit unsigned integer identifying the transfer
being made. being made.
Transfer Extension Length and Transfer Extension Items: Transfer Extension Length and Transfer Extension Items: Together
Together these fields represent protocol extension data for this these fields represent protocol extension data for this
specification. The Transfer Extension Length and Transfer specification. The Transfer Extension Length and Transfer
Extension Item fields SHALL only be present when the 'START' flag Extension Item fields SHALL only be present when the 'START' flag
is set to 1 on the message. The Transfer Extension Length is the is set to 1 on the message. The Transfer Extension Length is the
total number of octets to follow which are used to encode the total number of octets to follow which are used to encode the
Transfer Extension Item list. The encoding of each Transfer Transfer Extension Item list. The encoding of each Transfer
Extension Item is within a consistent data container as described Extension Item is within a consistent data container as described
in Section 5.2.5. The full set of transfer extension items apply in Section 5.2.5. The full set of transfer extension items apply
only to the associated single transfer. The order and only to the associated single transfer. The order and
multiplicity of these transfer extension items is significant, as multiplicity of these transfer extension items is significant, as
defined in the associated type specification(s). If the content defined in the associated type specification(s). If the content
of the Transfer Extension Items data disagrees with the Transfer of the Transfer Extension Items data disagrees with the Transfer
Extension Length (e.g., the last Item claims to use more octets Extension Length (e.g., the last Item claims to use more octets
than are present in the Transfer Extension Length), the reception than are present in the Transfer Extension Length), the reception
of the XFER_SEGMENT is considered to have failed. of the XFER_SEGMENT is considered to have failed.
Data length: A 64-bit unsigned integer indicating the number of Data length: A 64-bit unsigned integer indicating the number of
octets in the Data contents to follow. octets in the Data contents to follow.
Data contents: The variable-length data payload of the message. Data contents: The variable-length data payload of the message.
+----------+--------+-----------------------------------------------+ +==========+========+=======================================+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +==========+========+=======================================+
| END | 0x01 | If bit is set, indicates that this is the | | END | 0x01 | If bit is set, indicates that this is |
| | | last segment of the transfer. | | | | the last segment of the transfer. |
| | | | +----------+--------+---------------------------------------+
| START | 0x02 | If bit is set, indicates that this is the | | START | 0x02 | If bit is set, indicates that this is |
| | | first segment of the transfer. | | | | the first segment of the transfer. |
| | | | +----------+--------+---------------------------------------+
| Reserved | others | | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+---------------------------------------+
Table 5: XFER_SEGMENT Flags Table 5: XFER_SEGMENT Flags
The flags portion of the message contains two flag values in the two The flags portion of the message contains two flag values in the two
low-order bits, denoted 'START' and 'END' in Table 5. The 'START' low-order bits, denoted 'START' and 'END' in Table 5. The 'START'
flag SHALL be set to 1 when transmitting the first segment of a flag SHALL be set to 1 when transmitting the first segment of a
transfer. The 'END' flag SHALL be set to 1 when transmitting the transfer. The 'END' flag SHALL be set to 1 when transmitting the
last segment of a transfer. In the case where an entire transfer is last segment of a transfer. In the case where an entire transfer is
accomplished in a single segment, both the 'START' and 'END' flags accomplished in a single segment, both the 'START' and 'END' flags
SHALL be set to 1. SHALL be set to 1.
Once a transfer of a bundle has commenced, the entity MUST only send Once a transfer of a bundle has commenced, the entity MUST only send
segments containing sequential portions of that bundle until it sends segments containing sequential portions of that bundle until it sends
a segment with the 'END' flag set to 1. No interleaving of multiple a segment with the 'END' flag set to 1. No interleaving of multiple
transfers from the same node is possible within a single TCPCL transfers from the same entity is possible within a single TCPCL
session. Simultaneous transfers between two entities MAY be achieved session. Simultaneous transfers between two entities MAY be achieved
using multiple TCPCL sessions. using multiple TCPCL sessions.
5.2.3. Data Acknowledgments (XFER_ACK) 5.2.3. Data Acknowledgments (XFER_ACK)
Although the TCP transport provides reliable transfer of data between Although the TCP transport provides reliable transfer of data between
transport peers, the typical BSD sockets interface provides no means transport peers, the typical BSD sockets interface provides no means
to inform a sending application of when the receiving application has to inform a sending application of when the receiving application has
processed some amount of transmitted data. Thus, after transmitting processed some amount of transmitted data. Thus, after transmitting
some data, the TCPCL needs an additional mechanism to determine some data, the TCPCL needs an additional mechanism to determine
whether the receiving agent has successfully received and fully whether the receiving agent has successfully received and fully
processed the segment. To this end, the TCPCL protocol provides processed the segment. To this end, the TCPCL protocol provides
feedback messaging whereby a receiving node transmits acknowledgments feedback messaging whereby a receiving entity transmits
of reception of data segments. acknowledgments of reception of data segments.
The format of an XFER_ACK message follows in Figure 23. The format of an XFER_ACK message follows in Figure 23.
+-----------------------------+ +-----------------------------+
| Message Header | | Message Header |
+-----------------------------+ +-----------------------------+
| Message Flags (U8) | | Message Flags (U8) |
+-----------------------------+ +-----------------------------+
| Transfer ID (U64) | | Transfer ID (U64) |
+-----------------------------+ +-----------------------------+
| Acknowledged length (U64) | | Acknowledged length (U64) |
+-----------------------------+ +-----------------------------+
Figure 23: Format of XFER_ACK Messages Figure 23: Format of XFER_ACK Messages
The fields of the XFER_ACK message are: The fields of the XFER_ACK message are:
Message Flags: A one-octet field of single-bit flags, interpreted Message Flags: A one-octet field of single-bit flags, interpreted
according to the descriptions in Table 5. All reserved header according to the descriptions in Table 5. All reserved header
flag bits SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header
flag bits SHALL be ignored by the receiver. flag bits SHALL be ignored by the receiver.
Transfer ID: A 64-bit unsigned integer identifying the transfer Transfer ID: A 64-bit unsigned integer identifying the transfer
being acknowledged. being acknowledged.
Acknowledged length: A 64-bit unsigned integer indicating the total Acknowledged length: A 64-bit unsigned integer indicating the total
number of octets in the transfer which are being acknowledged. number of octets in the transfer which are being acknowledged.
A receiving TCPCL node SHALL send an XFER_ACK message in response to A receiving TCPCL entity SHALL send an XFER_ACK message in response
each received XFER_SEGMENT message after the segment has been fully to each received XFER_SEGMENT message after the segment has been
processed. The flags portion of the XFER_ACK header SHALL be set to fully processed. The flags portion of the XFER_ACK header SHALL be
match the corresponding XFER_SEGMENT message being acknowledged set to match the corresponding XFER_SEGMENT message being
(including flags not decodable to the entity). The acknowledged acknowledged (including flags not decodable to the entity). The
length of each XFER_ACK contains the sum of the data length fields of acknowledged length of each XFER_ACK contains the sum of the data
all XFER_SEGMENT messages received so far in the course of the length fields of all XFER_SEGMENT messages received so far in the
indicated transfer. The sending node SHOULD transmit multiple course of the indicated transfer. The sending entity SHOULD transmit
XFER_SEGMENT messages without waiting for the corresponding XFER_ACK multiple XFER_SEGMENT messages without waiting for the corresponding
responses. This enables pipelining of messages on a transfer stream. XFER_ACK responses. This enables pipelining of messages on a
transfer stream.
For example, suppose the sending node transmits four segments of For example, suppose the sending entity transmits four segments of
bundle data with lengths 100, 200, 500, and 1000, respectively. bundle data with lengths 100, 200, 500, and 1000, respectively.
After receiving the first segment, the entity sends an acknowledgment After receiving the first segment, the entity sends an acknowledgment
of length 100. After the second segment is received, the entity of length 100. After the second segment is received, the entity
sends an acknowledgment of length 300. The third and fourth sends an acknowledgment of length 300. The third and fourth
acknowledgments are of length 800 and 1800, respectively. acknowledgments are of length 800 and 1800, respectively.
5.2.4. Transfer Refusal (XFER_REFUSE) 5.2.4. Transfer Refusal (XFER_REFUSE)
The TCPCL supports a mechanism by which a receiving node can indicate The TCPCL supports a mechanism by which a receiving entity can
to the sender that it does not want to receive the corresponding indicate to the sender that it does not want to receive the
bundle. To do so, upon receiving an XFER_SEGMENT message, the entity corresponding bundle. To do so, upon receiving an XFER_SEGMENT
MAY transmit a XFER_REFUSE message. As data segments and message, the entity MAY transmit a XFER_REFUSE message. As data
acknowledgments can cross on the wire, the bundle that is being segments and acknowledgments can cross on the wire, the bundle that
refused SHALL be identified by the Transfer ID of the refusal. is being refused SHALL be identified by the Transfer ID of the
refusal.
There is no required relation between the Transfer MRU of a TCPCL There is no required relation between the Transfer MRU of a TCPCL
node (which is supposed to represent a firm limitation of what the entity (which is supposed to represent a firm limitation of what the
node will accept) and sending of a XFER_REFUSE message. A entity will accept) and sending of a XFER_REFUSE message. A
XFER_REFUSE can be used in cases where the agent's bundle storage is XFER_REFUSE can be used in cases where the agent's bundle storage is
temporarily depleted or somehow constrained. A XFER_REFUSE can also temporarily depleted or somehow constrained. A XFER_REFUSE can also
be used after the bundle header or any bundle data is inspected by an be used after the bundle header or any bundle data is inspected by an
agent and determined to be unacceptable. agent and determined to be unacceptable.
A transfer receiver MAY send an XFER_REFUSE message as soon as it A transfer receiver MAY send an XFER_REFUSE message as soon as it
receives any XFER_SEGMENT message. The transfer sender MUST be receives any XFER_SEGMENT message. The transfer sender MUST be
prepared for this and MUST associate the refusal with the correct prepared for this and MUST associate the refusal with the correct
bundle via the Transfer ID fields. bundle via the Transfer ID fields.
skipping to change at page 46, line 5 skipping to change at page 48, line 6
Figure 24: Format of XFER_REFUSE Messages Figure 24: Format of XFER_REFUSE Messages
The fields of the XFER_REFUSE message are: The fields of the XFER_REFUSE message are:
Reason Code: A one-octet refusal reason code interpreted according Reason Code: A one-octet refusal reason code interpreted according
to the descriptions in Table 6. to the descriptions in Table 6.
Transfer ID: A 64-bit unsigned integer identifying the transfer Transfer ID: A 64-bit unsigned integer identifying the transfer
being refused. being refused.
+------------+------+-----------------------------------------------+ +=============+======+==========================================+
| Name | Code | Description | | Name | Code | Description |
+------------+------+-----------------------------------------------+ +=============+======+==========================================+
| Unknown | 0x00 | Reason for refusal is unknown or not | | Unknown | 0x00 | Reason for refusal is unknown or not |
| | | specified. | | | | specified. |
| | | | +-------------+------+------------------------------------------+
| Completed | 0x01 | The receiver already has the complete bundle. | | Completed | 0x01 | The receiver already has the complete |
| | | The sender MAY consider the bundle as | | | | bundle. The sender MAY consider the |
| | | completely received. | | | | bundle as completely received. |
| | | | +-------------+------+------------------------------------------+
| No | 0x02 | The receiver's resources are exhausted. The | | No | 0x02 | The receiver's resources are exhausted. |
| Resources | | sender SHOULD apply reactive bundle | | Resources | | The sender SHOULD apply reactive bundle |
| | | fragmentation before retrying. | | | | fragmentation before retrying. |
| | | | +-------------+------+------------------------------------------+
| Retransmit | 0x03 | The receiver has encountered a problem that | | Retransmit | 0x03 | The receiver has encountered a problem |
| | | requires the bundle to be retransmitted in | | | | that requires the bundle to be |
| | | its entirety. | | | | retransmitted in its entirety. |
| | | | +-------------+------+------------------------------------------+
| Not | 0x04 | Some issue with the bundle data or the | | Not | 0x04 | Some issue with the bundle data or the |
| Acceptable | | transfer extension data was encountered. The | | Acceptable | | transfer extension data was encountered. |
| | | sender SHOULD NOT retry the same bundle with | | | | The sender SHOULD NOT retry the same |
| | | the same extensions. | | | | bundle with the same extensions. |
| | | | +-------------+------+------------------------------------------+
| Extension | 0x05 | A failure processing the Transfer Extension | | Extension | 0x05 | A failure processing the Transfer |
| Failure | | Items has occurred. | | Failure | | Extension Items has occurred. |
+------------+------+-----------------------------------------------+ +-------------+------+------------------------------------------+
| Session | 0x06 | The receiving entity is in the process |
| Terminating | | of terminating the session. The sender |
| | | MAY retry the same bundle at a later |
| | | time in a different session. |
+-------------+------+------------------------------------------+
Table 6: XFER_REFUSE Reason Codes Table 6: XFER_REFUSE Reason Codes
The receiver MUST, for each transfer preceding the one to be refused, The receiver MUST, for each transfer preceding the one to be refused,
have either acknowledged all XFER_SEGMENT messages or refused the have either acknowledged all XFER_SEGMENT messages or refused the
bundle transfer. bundle transfer.
The bundle transfer refusal MAY be sent before an entire data segment The bundle transfer refusal MAY be sent before an entire data segment
is received. If a sender receives a XFER_REFUSE message, the sender is received. If a sender receives a XFER_REFUSE message, the sender
MUST complete the transmission of any partially sent XFER_SEGMENT MUST complete the transmission of any partially sent XFER_SEGMENT
skipping to change at page 47, line 17 skipping to change at page 49, line 24
5.2.5. Transfer Extension Items 5.2.5. Transfer Extension Items
Each of the Transfer Extension Items SHALL be encoded in an identical Each of the Transfer Extension Items SHALL be encoded in an identical
Type-Length-Value (TLV) container form as indicated in Figure 25. Type-Length-Value (TLV) container form as indicated in Figure 25.
The fields of the Transfer Extension Item are: The fields of the Transfer Extension Item are:
Item Flags: A one-octet field containing generic bit flags about the Item Flags: A one-octet field containing generic bit flags about the
Item, which are listed in Table 7. All reserved header flag bits Item, which are listed in Table 7. All reserved header flag bits
SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header flag bits
SHALL be ignored by the receiver. If a TCPCL node receives a SHALL be ignored by the receiver. If a TCPCL entity receives a
Transfer Extension Item with an unknown Item Type and the CRITICAL Transfer Extension Item with an unknown Item Type and the CRITICAL
flag is 1, the entity SHALL refuse the transfer with an flag is 1, the entity SHALL refuse the transfer with an
XFER_REFUSE reason code of "Extension Failure". If the CRITICAL XFER_REFUSE reason code of "Extension Failure". If the CRITICAL
flag is 0, an entity SHALL skip over and ignore any item with an flag is 0, an entity SHALL skip over and ignore any item with an
unknown Item Type. unknown Item Type.
Item Type: A 16-bit unsigned integer field containing the type of Item Type: A 16-bit unsigned integer field containing the type of
the extension item. This specification creates an IANA registry the extension item. This specification creates an IANA registry
for such codes (see Section 9.4). for such codes (see Section 9.4).
skipping to change at page 47, line 45 skipping to change at page 50, line 4
lengths, as the associated transfer cannot begin until the full lengths, as the associated transfer cannot begin until the full
extension data is sent. extension data is sent.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| Item Flags | Item Type | Item Length...| | Item Flags | Item Type | Item Length...|
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
| length contd. | Item Value... | | length contd. | Item Value... |
+---------------+---------------+---------------+---------------+ +---------------+---------------+---------------+---------------+
Figure 25: Transfer Extension Item Format Figure 25: Transfer Extension Item Format
+----------+--------+-----------------------------------------------+ +==========+========+=============================================+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +==========+========+=============================================+
| CRITICAL | 0x01 | If bit is set, indicates that the receiving | | CRITICAL | 0x01 | If bit is set, indicates that the receiving |
| | | peer must handle the extension item. | | | | peer must handle the extension item. |
| | | | +----------+--------+---------------------------------------------+
| Reserved | others | | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+---------------------------------------------+
Table 7: Transfer Extension Item Flags Table 7: Transfer Extension Item Flags
5.2.5.1. Transfer Length Extension 5.2.5.1. Transfer Length Extension
The purpose of the Transfer Length extension is to allow entities to The purpose of the Transfer Length extension is to allow entities to
preemptively refuse bundles that would exceed their resources or to preemptively refuse bundles that would exceed their resources or to
prepare storage on the receiving node for the upcoming bundle data. prepare storage on the receiving entity for the upcoming bundle data.
Multiple Transfer Length extension items SHALL NOT occur within the Multiple Transfer Length extension items SHALL NOT occur within the
same transfer. The lack of a Transfer Length extension item in any same transfer. The lack of a Transfer Length extension item in any
transfer SHALL NOT imply anything about the potential length of the transfer SHALL NOT imply anything about the potential length of the
transfer. The Transfer Length extension SHALL be assigned transfer transfer. The Transfer Length extension SHALL be assigned transfer
extension type ID 0x0001. extension type ID 0x0001.
If a transfer occupies exactly one segment (i.e., both START and END If a transfer occupies exactly one segment (i.e., both START and END
flags are 1) the Transfer Length extension SHOULD NOT be present. flags are 1) the Transfer Length extension SHOULD NOT be present.
The extension does not provide any additional information for single- The extension does not provide any additional information for single-
skipping to change at page 49, line 9 skipping to change at page 51, line 9
as authoritative by the receiver. If, for whatever reason, the as authoritative by the receiver. If, for whatever reason, the
actual total length of bundle data received differs from the value actual total length of bundle data received differs from the value
indicated by the Total Length value, the receiver SHALL treat the indicated by the Total Length value, the receiver SHALL treat the
transmitted data as invalid and send an XFER_REFUSE with a Reason transmitted data as invalid and send an XFER_REFUSE with a Reason
Code of "Not Acceptable". Code of "Not Acceptable".
6. Session Termination 6. Session Termination
This section describes the procedures for terminating a TCPCL This section describes the procedures for terminating a TCPCL
session. The purpose of terminating a session is to allow transfers session. The purpose of terminating a session is to allow transfers
to complete before the session is closed but not allow any new to complete before the TCP connection is closed but not allow any new
transfers to start. A session state change is necessary for this to transfers to start. A session state change is necessary for this to
happen because transfers can be in-progress in either direction happen because transfers can be in-progress in either direction
(transfer stream) within a session. Waiting for a transfer to (transfer stream) within a session. Waiting for a transfer to
complete in one direction does not control or influence the complete in one direction does not control or influence the
possibility of a transfer in the other direction. Either peer of a possibility of a transfer in the other direction. Either peer of a
session can terminate an established session at any time. session can terminate an established session at any time.
6.1. Session Termination Message (SESS_TERM) 6.1. Session Termination Message (SESS_TERM)
To cleanly terminate a session, a SESS_TERM message SHALL be To cleanly terminate a session, a SESS_TERM message SHALL be
transmitted by either node at any point following complete transmitted by either entity at any point following complete
transmission of any other message. When sent to initiate a transmission of any other message. When sent to initiate a
termination, the REPLY flag of a SESS_TERM message SHALL be 0. Upon termination, the REPLY flag of a SESS_TERM message SHALL be 0. Upon
receiving a SESS_TERM message after not sending a SESS_TERM message receiving a SESS_TERM message after not sending a SESS_TERM message
in the same session, an entity SHALL send an acknowledging SESS_TERM in the same session, an entity SHALL send an acknowledging SESS_TERM
message. When sent to acknowledge a termination, a SESS_TERM message message. When sent to acknowledge a termination, a SESS_TERM message
SHALL have identical data content from the message being acknowledged SHALL have identical data content from the message being acknowledged
except for the REPLY flag, which is set to 1 to indicate except for the REPLY flag, which is set to 1 to indicate
acknowledgement. acknowledgement.
Once a SESS_TERM message is sent the state of that TCPCL session Once a SESS_TERM message is sent the state of that TCPCL session
changes to Ending. While the session is in the Ending state, an changes to Ending. While the session is in the Ending state, an
entity MAY finish an in-progress transfer in either direction. While entity MAY finish an in-progress transfer in either direction. While
the session is in the Ending state, an entity SHALL NOT begin any new the session is in the Ending state, an entity SHALL NOT begin any new
outgoing transfer for the remainder of the session. While the outgoing transfer for the remainder of the session. While the
session is in the Ending state, an entity SHALL NOT accept any new session is in the Ending state, an entity SHALL NOT accept any new
incoming transfer for the remainder of the session. incoming transfer for the remainder of the session. If a new
incoming transfer is attempted while in the Ending state, the
receiving entity SHALL send an XFER_REFUSE with a Reason Code of
"Session Terminating".
Instead of following a clean termination sequence, after transmitting There are circumstances where an entity has an urgent need to close a
a SESS_TERM message an entity MAY immediately close the associated TCP connection associated with a TCPCL session, without waiting for
TCP connection. When performing an unclean termination, a receiving transfers to complete but also in a way which doesn't force timeouts
node SHOULD acknowledge all received XFER_SEGMENTs with an XFER_ACK to occur; for example, due to impending shutdown of the underlying
before closing the TCP connection. Not acknowledging received data link layer. Instead of following a clean termination sequence,
segments can result in unnecessary bundle or bundle fragment after transmitting a SESS_TERM message an entity MAY perform an
retransmission. When performing an unclean termination, a unclean termination by immediately closing the associated TCP
transmitting node SHALL treat either sending or receiving a SESS_TERM connection. When performing an unclean termination, an entity SHOULD
message (i.e., before the final acknowledgment) as a failure of the acknowledge all received XFER_SEGMENTs with an XFER_ACK before
transfer. Any delay between request to close the TCP connection and closing the TCP connection. Not acknowledging received segments can
actual closing of the connection (a "half-closed" state) MAY be result in unnecessary bundle or bundle fragment retransmission. Any
ignored by the TCPCL entity. delay between request to close the TCP connection and actual closing
of the connection (a "half-closed" state) MAY be ignored by the TCPCL
entity. If the underlying TCP connection is closed during a
transmission (in either transfer stream), the transfer SHALL be
indicated to the BP agent as failed (see the transmission failure and
reception failure indications of Section 3.1).
The TCPCL itself does not have any required behavior to respond to an The TCPCL itself does not have any required behavior to respond to an
SESS_TERM based on its Reason Code; the termination is passed up as SESS_TERM based on its Reason Code; the termination is passed up as
an indication to the BP agent that the session state has changed. If an indication to the BP agent that the session state has changed. If
a termination has a Reason Code which is not decodable to the BP a termination has a Reason Code which is not decodable to the BP
agent, the agent SHOULD treat the termination as having an Unknown agent, the agent SHOULD treat the termination as having an Unknown
reason. reason.
The format of the SESS_TERM message is as follows in Figure 27. The format of the SESS_TERM message is as follows in Figure 27.
skipping to change at page 50, line 31 skipping to change at page 52, line 39
The fields of the SESS_TERM message are: The fields of the SESS_TERM message are:
Message Flags: A one-octet field of single-bit flags, interpreted Message Flags: A one-octet field of single-bit flags, interpreted
according to the descriptions in Table 8. All reserved header according to the descriptions in Table 8. All reserved header
flag bits SHALL be set to 0 by the sender. All reserved header flag bits SHALL be set to 0 by the sender. All reserved header
flag bits SHALL be ignored by the receiver. flag bits SHALL be ignored by the receiver.
Reason Code: A one-octet refusal reason code interpreted according Reason Code: A one-octet refusal reason code interpreted according
to the descriptions in Table 9. to the descriptions in Table 9.
+----------+--------+-----------------------------------------------+ +==========+========+====================================+
| Name | Code | Description | | Name | Code | Description |
+----------+--------+-----------------------------------------------+ +==========+========+====================================+
| REPLY | 0x01 | If bit is set, indicates that this message is | | REPLY | 0x01 | If bit is set, indicates that this |
| | | an acknowledgement of an earlier SESS_TERM | | | | message is an acknowledgement of |
| | | message. | | | | an earlier SESS_TERM message. |
| | | | +----------+--------+------------------------------------+
| Reserved | others | | | Reserved | others | |
+----------+--------+-----------------------------------------------+ +----------+--------+------------------------------------+
Table 8: SESS_TERM Flags Table 8: SESS_TERM Flags
+--------------+------+---------------------------------------------+ +==============+======+==========================================+
| Name | Code | Description | | Name | Code | Description |
+--------------+------+---------------------------------------------+ +==============+======+==========================================+
| Unknown | 0x00 | A termination reason is not available. | | Unknown | 0x00 | A termination reason is not available. |
| | | | +--------------+------+------------------------------------------+
| Idle timeout | 0x01 | The session is being closed due to | | Idle timeout | 0x01 | The session is being terminated due to |
| | | idleness. | | | | idleness. |
| | | | +--------------+------+------------------------------------------+
| Version | 0x02 | The node cannot conform to the specified | | Version | 0x02 | The entity cannot conform to the |
| mismatch | | TCPCL protocol version. | | mismatch | | specified TCPCL protocol version. |
| | | | +--------------+------+------------------------------------------+
| Busy | 0x03 | The node is too busy to handle the current | | Busy | 0x03 | The entity is too busy to handle the |
| | | session. | | | | current session. |
| | | | +--------------+------+------------------------------------------+
| Contact | 0x04 | The node cannot interpret or negotiate a | | Contact | 0x04 | The entity cannot interpret or negotiate |
| Failure | | Contact Header or SESS_INIT option. | | Failure | | a Contact Header or SESS_INIT option. |
| | | | +--------------+------+------------------------------------------+
| Resource | 0x05 | The node has run into some resource limit | | Resource | 0x05 | The entity has run into some resource |
| Exhaustion | | and cannot continue the session. | | Exhaustion | | limit and cannot continue the session. |
+--------------+------+---------------------------------------------+ +--------------+------+------------------------------------------+
Table 9: SESS_TERM Reason Codes Table 9: SESS_TERM Reason Codes
The earliest a TCPCL session termination MAY occur is immediately The earliest a TCPCL session termination MAY occur is immediately
after transmission of a Contact Header (and prior to any further after transmission of a Contact Header (and prior to any further
message transmit). This can, for example, be used to notify that the message transmit). This can, for example, be used to notify that the
entity is currently not able or willing to communicate. However, an entity is currently not able or willing to communicate. However, an
entity MUST always send the Contact Header to its peer before sending entity MUST always send the Contact Header to its peer before sending
a SESS_TERM message. a SESS_TERM message.
Termination of the TCP connection MAY occur prior to receiving the Termination of the TCP connection MAY occur prior to receiving the
Contact header as discussed in Section 4.1. If reception of the Contact header as discussed in Section 4.1. If reception of the
skipping to change at page 52, line 8 skipping to change at page 54, line 8
message but still SHALL close the TCP connection. Each TCPCL message message but still SHALL close the TCP connection. Each TCPCL message
is contiguous in the octet stream and has no ability to be cut short is contiguous in the octet stream and has no ability to be cut short
and/or preempted by an other message. This is particularly important and/or preempted by an other message. This is particularly important
when large segment sizes are being transmitted; either entire when large segment sizes are being transmitted; either entire
XFER_SEGMENT is sent before a SESS_TERM message or the connection is XFER_SEGMENT is sent before a SESS_TERM message or the connection is
simply terminated mid-XFER_SEGMENT. simply terminated mid-XFER_SEGMENT.
6.2. Idle Session Shutdown 6.2. Idle Session Shutdown
The protocol includes a provision for clean termination of idle The protocol includes a provision for clean termination of idle
sessions. Determining the length of time to wait before ending idle sessions. Determining the length of time to wait before terminating
sessions, if they are to be closed at all, is an implementation and idle sessions, if they are to be terminated at all, is an
configuration matter. implementation and configuration matter.
If there is a configured time to close idle links and if no TCPCL If there is a configured time to terminate idle sessions and if no
messages (other than KEEPALIVE messages) has been received for at TCPCL messages (other than KEEPALIVE messages) has been received for
least that amount of time, then either node MAY terminate the session at least that amount of time, then either entity MAY terminate the
by transmitting a SESS_TERM message indicating the reason code of session by transmitting a SESS_TERM message indicating the reason
"Idle timeout" (as described in Table 9). code of "Idle timeout" (as described in Table 9).
7. Implementation Status 7. Implementation Status
[NOTE to the RFC Editor: please remove this section before [NOTE to the RFC Editor: please remove this section before
publication, as well as the reference to [RFC7942] and publication, as well as the reference to [RFC7942] and
[github-dtn-bpbis-tcpcl].] [github-dtn-bpbis-tcpcl].]
This section records the status of known implementations of the This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942]. Internet-Draft, and is based on a proposal described in [RFC7942].
skipping to change at page 53, line 11 skipping to change at page 55, line 11
This section separates security considerations into threat categories This section separates security considerations into threat categories
based on guidance of BCP 72 [RFC3552]. based on guidance of BCP 72 [RFC3552].
8.1. Threat: Passive Leak of Node Data 8.1. Threat: Passive Leak of Node Data
When used without TLS security, the TCPCL exposes the Node ID and When used without TLS security, the TCPCL exposes the Node ID and
other configuration data to passive eavesdroppers. This occurs even other configuration data to passive eavesdroppers. This occurs even
when no transfers occur within a TCPCL session. This can be avoided when no transfers occur within a TCPCL session. This can be avoided
by always using TLS, even if authentication is not available (see by always using TLS, even if authentication is not available (see
Section 8.10). Section 8.11).
8.2. Threat: Passive Leak of Bundle Data 8.2. Threat: Passive Leak of Bundle Data
TCPCL can be used to provide point-to-point transport security, but TCPCL can be used to provide point-to-point transport security, but
does not provide security of data-at-rest and does not guarantee end- does not provide security of data-at-rest and does not guarantee end-
to-end bundle security. The bundle security mechanisms defined in to-end bundle security. The bundle security mechanisms defined in
[I-D.ietf-dtn-bpsec] are to be used instead. [I-D.ietf-dtn-bpsec] are to be used instead.
When used without TLS security, the TCPCL exposes all bundle data to When used without TLS security, the TCPCL exposes all bundle data to
passive eavesdroppers. This can be avoided by always using TLS, even passive eavesdroppers. This can be avoided by always using TLS, even
if authentication is not available (see Section 8.10). if authentication is not available (see Section 8.11).
8.3. Threat: TCPCL Version Downgrade 8.3. Threat: TCPCL Version Downgrade
When a TCPCL entity supports multiple versions of the protocol it is When a TCPCL entity supports multiple versions of the protocol it is
possible for a malicious or misconfigured peer to use an older possible for a malicious or misconfigured peer to use an older
version of TCPCL which does not support transport security. A man- version of TCPCL which does not support transport security. A man-
in-the-middle attacker can also manipulate a Contact Header to in-the-middle attacker can also manipulate a Contact Header to
present a lower protocol version than desired. present a lower protocol version than desired.
It is up to security policies within each TCPCL node to ensure that It is up to security policies within each TCPCL entity to ensure that
the negotiated TCPCL version meets transport security requirements. the negotiated TCPCL version meets transport security requirements.
8.4. Threat: Transport Security Stripping 8.4. Threat: Transport Security Stripping
When security policy allows non-TLS sessions, TCPCL does not protect When security policy allows non-TLS sessions, TCPCL does not protect
against active network attackers. It is possible for a man-in-the- against active network attackers. It is possible for a man-in-the-
middle attacker to set the CAN_TLS flag to 0 on either side of the middle attacker to set the CAN_TLS flag to 0 on either side of the
Contact Header exchange. This leads to the "SSL Stripping" attack Contact Header exchange. This leads to the "SSL Stripping" attack
described in [RFC7457]. described in [RFC7457].
The purpose of the CAN_TLS flag is to allow the use of TCPCL on The purpose of the CAN_TLS flag is to allow the use of TCPCL on
entities which simply do not have a TLS implementation available. entities which simply do not have a TLS implementation available.
When TLS is available on an entity, it is strongly encouraged that When TLS is available on an entity, it is strongly encouraged that
the security policy disallow non-TLS sessions. This requires that the security policy disallow non-TLS sessions. This requires that
the TLS handshake occurs, regardless of the policy-driven parameters the TLS handshake occurs, regardless of the policy-driven parameters
of the handshake and policy-driven handling of the handshake outcome. of the handshake and policy-driven handling of the handshake outcome.
One mechanism to mitigate the possibility of TLS stripping is the use
of DNS-based Authentication of Named Entities (DANE) [RFC6698] for
the passive peer. This mechanism relies on DNS and is
unidirectional, so it doesn't help with applying policy toward the
active peer, but it can be useful in an environment using
opportunistic security. The configuration and use of DANE are are
outside of the scope of this document.
The negotiated use of TLS is identical behavior to STARTTLS use in The negotiated use of TLS is identical behavior to STARTTLS use in
[RFC2595] and [RFC4511]. [RFC2595] and [RFC4511].
8.5. Threat: Weak TLS Configurations 8.5. Threat: Weak TLS Configurations
Even when using TLS to secure the TCPCL session, the actual Even when using TLS to secure the TCPCL session, the actual
ciphersuite negotiated between the TLS peers can be insecure. ciphersuite negotiated between the TLS peers can be insecure.
Recommendations for ciphersuite use are included in BCP 195 Recommendations for ciphersuite use are included in BCP 195
[RFC7525]. It is up to security policies within each TCPCL node to [RFC7525]. It is up to security policies within each TCPCL entity to
ensure that the negotiated TLS ciphersuite meets transport security ensure that the negotiated TLS ciphersuite meets transport security
requirements. requirements.
8.6. Threat: Certificate Validation Vulnerabilities 8.6. Threat: Untrusted End-Entity Certificate
The profile in Section 4.4.3 uses end-entity certificates chained up
to a trusted root CA. During TLS handshake, either entity can send a
certificate set which does not contain the full chain, possibly
excluding intermediate or root CAs. In an environment where peers
are known to already contain needed root and intermediate CAs there
is no need to include those CAs, but this has a risk of an entity not
actually having one of the needed CAs.
8.7. Threat: Certificate Validation Vulnerabilities
Even when TLS itself is operating properly an attacker can attempt to Even when TLS itself is operating properly an attacker can attempt to
exploit vulnerabilities within certificate check algorithms or exploit vulnerabilities within certificate check algorithms or
configuration to establish a secure TCPCL session using an invalid configuration to establish a secure TCPCL session using an invalid
certificate. A BP agent treats the peer Node ID within a TCPCL certificate. A BP agent treats the peer Node ID within a TCPCL
session as authoritative and an invalid certificate exploit could session as authoritative and an invalid certificate exploit could
lead to bundle data leaking and/or denial of service to the Node ID lead to bundle data leaking and/or denial of service to the Node ID
being impersonated. There are many reasons, described in [RFC5280], being impersonated. There are many reasons, described in [RFC5280],
why a certificate can fail to validate, including using the why a certificate can fail to validate, including using the
certificate outside of its valid time interval, using purposes for certificate outside of its valid time interval, using purposes for
which it was not authorized, or using it after it has been revoked by which it was not authorized, or using it after it has been revoked by
its CA. Validating a certificate is a complex task and can require its CA. Validating a certificate is a complex task and can require
network connectivity outside of the primary TCPCL network path(s) if network connectivity outside of the primary TCPCL network path(s) if
a mechanism such as the Online Certificate Status Protocol (OCSP) is a mechanism such as the Online Certificate Status Protocol (OCSP)
used by the CA. The configuration and use of particular certificate [RFC6960] is used by the CA. The configuration and use of particular
validation methods are outside of the scope of this document. certificate validation methods are outside of the scope of this
document.
8.7. Threat: Symmetric Key Limits 8.8. Threat: Symmetric Key Limits
Even with a secure block cipher and securely-established session Even with a secure block cipher and securely-established session
keys, there are limits to the amount of plaintext which can be safely keys, there are limits to the amount of plaintext which can be safely
encrypted with a given set of keys as described in [AEAD-LIMITS]. encrypted with a given set of keys as described in [AEAD-LIMITS].
When permitted by the negotiated TLS version (see [RFC8446]), it is When permitted by the negotiated TLS version (see [RFC8446]), it is
advisable to take advantage of session key updates to avoid those advisable to take advantage of session key updates to avoid those
limits. limits.
8.8. Threat: BP Node Impersonation 8.9. Threat: BP Node Impersonation
The certificates exchanged by TLS enable authentication of peer DNS The certificates exchanged by TLS enable authentication of peer DNS
name and Node ID, but it is possible that a peer either not provide a name and Node ID, but it is possible that a peer either not provide a
valid certificate or that the certificate does not validate either valid certificate or that the certificate does not validate either
the DNS name or Node ID of the peer (see Section 3.4). Having a CA- the DNS name or Node ID of the peer (see Section 3.4). Having a CA-
validated certificate does not alone guarantee the identity of the validated certificate does not alone guarantee the identity of the
network host or BP node from which the certificate is provided; network host or BP node from which the certificate is provided;
additional validation procedures in Section 4.4.2 bind the DNS name additional validation procedures in Section 4.4.2 bind the DNS name
or node ID based on the contents of the certificate. or Node ID based on the contents of the certificate.
The DNS name validation is a weaker form of authentication, because The DNS name validation is a weaker form of authentication, because
even if a peer is operating on an authenticated network DNS name it even if a peer is operating on an authenticated network DNS name it
can provide an invalid Node ID and cause bundles to be "leaked" to an can provide an invalid Node ID and cause bundles to be "leaked" to an
invalid node. Especially in DTN environments, network names and invalid node. Especially in DTN environments, network names and
addresses of nodes can be time-variable so binding a certificate to a addresses of nodes can be time-variable so binding a certificate to a
Node ID is a more stable identity. Node ID is a more stable identity.
Node ID validation ensures that the peer to which a bundle is Node ID validation ensures that the peer to which a bundle is
transferred is in fact the node which the BP Agent expects it to be. transferred is in fact the node which the BP Agent expects it to be.
It is a reasonable policy to skip DNS name validation if certificates It is a reasonable policy to skip DNS name validation if certificates
can be guaranteed to validate the peer's Node ID. In circumstances can be guaranteed to validate the peer's Node ID. In circumstances
where certificates can only be issued to DNS names, Node ID where certificates can only be issued to DNS names, Node ID
validation is not possible but it could be reasonable to assume that validation is not possible but it could be reasonable to assume that
a trusted host is not going to present an invalid Node ID. a trusted host is not going to present an invalid Node ID.
Determining of when a DNS name authentication can be trusted to Determining of when a DNS name authentication can be trusted to
validate a Node ID is also a policy matter outside the scope of this validate a Node ID is also a policy matter outside the scope of this
document. document.
8.9. Threat: Denial of Service 8.10. Threat: Denial of Service
The behaviors described in this section all amount to a potential The behaviors described in this section all amount to a potential
denial-of-service to a TCPCL entity. The denial-of-service could be denial-of-service to a TCPCL entity. The denial-of-service could be
limited to an individual TCPCL session, could affect other well- limited to an individual TCPCL session, could affect other well-
behaving sessions on an entity, or could affect all sessions on a behaving sessions on an entity, or could affect all sessions on a
host. host.
A malicious entity can continually establish TCPCL sessions and delay A malicious entity can continually establish TCPCL sessions and delay
sending of protocol-required data to trigger timeouts. The victim sending of protocol-required data to trigger timeouts. The victim
entity can block TCP connections from network peers which are thought entity can block TCP connections from network peers which are thought
skipping to change at page 56, line 15 skipping to change at page 58, line 38
parameter the smallest Session Keepalive is one second, which should parameter the smallest Session Keepalive is one second, which should
be long enough to not flood the link. The victim entity can be long enough to not flood the link. The victim entity can
terminate the session during the negotiation of Section 4.7 if the terminate the session during the negotiation of Section 4.7 if the
Keepalive Interval is unacceptable. Keepalive Interval is unacceptable.
Finally, an attacker or a misconfigured entity can cause issues at Finally, an attacker or a misconfigured entity can cause issues at
the TCP connection which will cause unnecessary TCP retransmissions the TCP connection which will cause unnecessary TCP retransmissions
or connection resets, effectively denying the use of the overlying or connection resets, effectively denying the use of the overlying
TCPCL session. TCPCL session.
8.10. Alternate Uses of TLS 8.11. Alternate Uses of TLS
This specification makes use of PKIX certificate validation and This specification makes use of PKIX certificate validation and
authentication within TLS. There are alternate uses of TLS which are authentication within TLS. There are alternate uses of TLS which are
not necessarily incompatible with the security goals of this not necessarily incompatible with the security goals of this
specification, but are outside of the scope of this document. The specification, but are outside of the scope of this document. The
following subsections give examples of alternate TLS uses. following subsections give examples of alternate TLS uses.
8.10.1. TLS Without Authentication 8.11.1. TLS Without Authentication
In environments where PKI is available but there are restrictions on In environments where PKI is available but there are restrictions on
the issuance of certificates (including the contents of the issuance of certificates (including the contents of
certificates), it may be possible to make use of TLS in a way which certificates), it may be possible to make use of TLS in a way which
authenticates only the passive entity of a TCPCL session or which authenticates only the passive entity of a TCPCL session or which
does not authenticate either entity. Using TLS in a way which does does not authenticate either entity. Using TLS in a way which does
not successfully authenticate some claim of both peer entities of a not successfully authenticate some claim of both peer entities of a
TCPCL session is outside of the scope of this document but does have TCPCL session is outside of the scope of this document but does have
similar properties to the opportunistic security model of [RFC7435]. similar properties to the opportunistic security model of [RFC7435].
8.10.2. Non-Certificate TLS Use 8.11.2. Non-Certificate TLS Use
In environments where PKI is unavailable, alternate uses of TLS which In environments where PKI is unavailable, alternate uses of TLS which
do not require certificates such as pre-shared key (PSK) do not require certificates such as pre-shared key (PSK)
authentication [RFC5489] and the use of raw public keys [RFC7250] are authentication [RFC5489] and the use of raw public keys [RFC7250] are
available and can be used to ensure confidentiality within TCPCL. available and can be used to ensure confidentiality within TCPCL.
Using non-PKI node authentication methods is outside of the scope of Using non-PKI node authentication methods is outside of the scope of
this document. this document.
8.11. Predictability of Transfer IDs 8.12. Predictability of Transfer IDs
The only requirement on Transfer IDs is that they be unique with each The only requirement on Transfer IDs is that they be unique with each
session from the sending peer only. The trivial algorithm of the session from the sending peer only. The trivial algorithm of the
first transfer starting at zero and later transfers incrementing by first transfer starting at zero and later transfers incrementing by
one causes absolutely predictable Transfer IDs. Even when a TCPCL one causes absolutely predictable Transfer IDs. Even when a TCPCL
session is not TLS secured and there is a man-in-the-middle attacker session is not TLS secured and there is a man-in-the-middle attacker
causing denial of service with XFER_REFUSE messages, it is not causing denial of service with XFER_REFUSE messages, it is not
possible to preemptively refuse a transfer so there is no benefit in possible to preemptively refuse a transfer so there is no benefit in
having unpredictable Transfer IDs within a session. having unpredictable Transfer IDs within a session.
skipping to change at page 57, line 28 skipping to change at page 60, line 16
Within the port registry of [IANA-PORTS], TCP port number 4556 has Within the port registry of [IANA-PORTS], TCP port number 4556 has
been previously assigned as the default port for the TCP convergence been previously assigned as the default port for the TCP convergence
layer in [RFC7242]. This assignment is unchanged by TCPCL version 4, layer in [RFC7242]. This assignment is unchanged by TCPCL version 4,
but the assignment reference is updated to this specification. Each but the assignment reference is updated to this specification. Each
TCPCL entity identifies its TCPCL protocol version in its initial TCPCL entity identifies its TCPCL protocol version in its initial
contact (see Section 9.2), so there is no ambiguity about what contact (see Section 9.2), so there is no ambiguity about what
protocol is being used. The related assignments for UDP and DCCP protocol is being used. The related assignments for UDP and DCCP
port 4556 (both registered by [RFC7122]) are unchanged. port 4556 (both registered by [RFC7122]) are unchanged.
+------------------------+----------------------------+ +========================+============================+
| Parameter | Value | | Parameter | Value |
+------------------------+----------------------------+ +========================+============================+
| Service Name: | dtn-bundle | | Service Name: | dtn-bundle |
| | | +------------------------+----------------------------+
| Transport Protocol(s): | TCP | | Transport Protocol(s): | TCP |
| | | +------------------------+----------------------------+
| Assignee: | IESG <iesg@ietf.org> | | Assignee: | IESG <iesg@ietf.org> |
| | | +------------------------+----------------------------+
| Contact: | IESG <iesg@ietf.org> | | Contact: | IESG <iesg@ietf.org> |
| | | +------------------------+----------------------------+
| Description: | DTN Bundle TCP CL Protocol | | Description: | DTN Bundle TCP CL Protocol |
| | | +------------------------+----------------------------+
| Reference: | This specification. | | Reference: | This specification. |
| | | +------------------------+----------------------------+
| Port Number: | 4556 | | Port Number: | 4556 |
+------------------------+----------------------------+ +------------------------+----------------------------+
Table 10
9.2. Protocol Versions 9.2. Protocol Versions
IANA has created, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA has created, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
Numbers". The version number table is updated to include this Numbers". The version number table is updated to include this
specification. The registration procedure is RFC Required. specification. The registration procedure is RFC Required.
+-------+-------------+-----------------------------------+ +=======+=============+=====================+
| Value | Description | Reference | | Value | Description | Reference |
+-------+-------------+-----------------------------------+ +=======+=============+=====================+
| 0 | Reserved | [RFC7242] | | 0 | Reserved | [RFC7242] |
| | | | +-------+-------------+---------------------+
| 1 | Reserved | [RFC7242] | | 1 | Reserved | [RFC7242] |
| | | | +-------+-------------+---------------------+
| 2 | Reserved | [RFC7242] | | 2 | Reserved | [RFC7242] |
| | | | +-------+-------------+---------------------+
| 3 | TCPCL | [RFC7242] | | 3 | TCPCL | [RFC7242] |
| | | | +-------+-------------+---------------------+
| 4 | TCPCLv4 | This specification. | | 4 | TCPCLv4 | This specification. |
| | | | +-------+-------------+---------------------+
| 5-255 | Unassigned | | | 5-255 | Unassigned | |
+-------+-------------+-----------------------------------+ +-------+-------------+---------------------+
Table 11
9.3. Session Extension Types 9.3. Session Extension Types
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 Session Extension Types" and initialize it with the contents of 4 Session Extension Types" and initialize it with the contents of
Table 10. The registration procedure is Expert Review within the Table 12. The registration procedure is Expert Review within the
lower range 0x0001--0x7FFF. Values in the range 0x8000--0xFFFF are lower range 0x0001--0x7FFF. Values in the range 0x8000--0xFFFF are
reserved for use on private networks for functions not published to reserved for use on private networks for functions not published to
the IANA. the IANA.
Specifications of new session extension types need to define the Specifications of new session extension types need to define the
encoding of the Item Value data as well as any meaning or restriction encoding of the Item Value data as well as any meaning or restriction
on the number of or order of instances of the type within an on the number of or order of instances of the type within an
extension item list. Specifications need to define how the extension extension item list. Specifications need to define how the extension
functions when no instance of the new extension type is received functions when no instance of the new extension type is received
during session negotiation. during session negotiation.
Expert(s) are encouraged to be biased towards approving registrations Expert(s) are encouraged to be biased towards approving registrations
unless they are abusive, frivolous, or actively harmful (not merely unless they are abusive, frivolous, or actively harmful (not merely
aesthetically displeasing, or architecturally dubious). aesthetically displeasing, or architecturally dubious).
+----------------+--------------------------+ +================+==========================+
| Code | Session Extension Type | | Code | Session Extension Type |
+----------------+--------------------------+ +================+==========================+
| 0x0000 | Reserved | | 0x0000 | Reserved |
| | | +----------------+--------------------------+
| 0x0001--0x7FFF | Unassigned | | 0x0001--0x7FFF | Unassigned |
| | | +----------------+--------------------------+
| 0x8000--0xFFFF | Private/Experimental Use | | 0x8000--0xFFFF | Private/Experimental Use |
+----------------+--------------------------+ +----------------+--------------------------+
Table 10: Session Extension Type Codes Table 12: Session Extension Type Codes
9.4. Transfer Extension Types 9.4. Transfer Extension Types
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 Transfer Extension Types" and initialize it with the contents of 4 Transfer Extension Types" and initialize it with the contents of
Table 11. The registration procedure is Expert Review within the Table 13. The registration procedure is Expert Review within the
lower range 0x0001--0x7FFF. Values in the range 0x8000--0xFFFF are lower range 0x0001--0x7FFF. Values in the range 0x8000--0xFFFF are
reserved for use on private networks for functions not published to reserved for use on private networks for functions not published to
the IANA. the IANA.
Specifications of new transfer extension types need to define the Specifications of new transfer extension types need to define the
encoding of the Item Value data as well as any meaning or restriction encoding of the Item Value data as well as any meaning or restriction
on the number of or order of instances of the type within an on the number of or order of instances of the type within an
extension item list. Specifications need to define how the extension extension item list. Specifications need to define how the extension
functions when no instance of the new extension type is received in a functions when no instance of the new extension type is received in a
transfer. transfer.
Expert(s) are encouraged to be biased towards approving registrations Expert(s) are encouraged to be biased towards approving registrations
unless they are abusive, frivolous, or actively harmful (not merely unless they are abusive, frivolous, or actively harmful (not merely
aesthetically displeasing, or architecturally dubious). aesthetically displeasing, or architecturally dubious).
+----------------+---------------------------+ +================+===========================+
| Code | Transfer Extension Type | | Code | Transfer Extension Type |
+----------------+---------------------------+ +================+===========================+
| 0x0000 | Reserved | | 0x0000 | Reserved |
| | | +----------------+---------------------------+
| 0x0001 | Transfer Length Extension | | 0x0001 | Transfer Length Extension |
| | | +----------------+---------------------------+
| 0x0002--0x7FFF | Unassigned | | 0x0002--0x7FFF | Unassigned |
| | | +----------------+---------------------------+
| 0x8000--0xFFFF | Private/Experimental Use | | 0x8000--0xFFFF | Private/Experimental Use |
+----------------+---------------------------+ +----------------+---------------------------+
Table 11: Transfer Extension Type Codes Table 13: Transfer Extension Type Codes
9.5. Message Types 9.5. Message Types
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 Message Types" and initialize it with the contents of Table 12. 4 Message Types" and initialize it with the contents of Table 14.
The registration procedure is RFC Required within the lower range The registration procedure is RFC Required within the lower range
0x01--0xEF. Values in the range 0xF0--0xFF are reserved for use on 0x01--0xEF. Values in the range 0xF0--0xFF are reserved for use on
private networks for functions not published to the IANA. private networks for functions not published to the IANA.
Specifications of new message types need to define the encoding of Specifications of new message types need to define the encoding of
the message data as well as the purpose and relationship of the new the message data as well as the purpose and relationship of the new
message to existing session/transfer state within the baseline message to existing session/transfer state within the baseline
message sequencing. The use of new message types need to be message sequencing. The use of new message types need to be
negotiated between TCPCL entities within a session (using the session negotiated between TCPCL entities within a session (using the session
extension mechanism) so that the receiving entity can properly decode extension mechanism) so that the receiving entity can properly decode
all message types used in the session. all message types used in the session.
Expert(s) are encouraged to favor new session/transfer extension Expert(s) are encouraged to favor new session/transfer extension
types over new message types. TCPCL messages are not self- types over new message types. TCPCL messages are not self-
delimiting, so care must be taken in introducing new message types. delimiting, so care must be taken in introducing new message types.
If an entity receives an unknown message type the only thing that can If an entity receives an unknown message type the only thing that can
be done is to send a MSG_REJECT and close the TCP connection; not be done is to send a MSG_REJECT and close the TCP connection; not
even a clean termination can be done at that point. even a clean termination can be done at that point.
+------------+--------------------------+ +============+==========================+
| Code | Message Type | | Code | Message Type |
+------------+--------------------------+ +============+==========================+
| 0x00 | Reserved | | 0x00 | Reserved |
| | | +------------+--------------------------+
| 0x01 | XFER_SEGMENT | | 0x01 | XFER_SEGMENT |
| | | +------------+--------------------------+
| 0x02 | XFER_ACK | | 0x02 | XFER_ACK |
| | | +------------+--------------------------+
| 0x03 | XFER_REFUSE | | 0x03 | XFER_REFUSE |
| | | +------------+--------------------------+
| 0x04 | KEEPALIVE | | 0x04 | KEEPALIVE |
| | | +------------+--------------------------+
| 0x05 | SESS_TERM | | 0x05 | SESS_TERM |
| | | +------------+--------------------------+
| 0x06 | MSG_REJECT | | 0x06 | MSG_REJECT |
| | | +------------+--------------------------+
| 0x07 | SESS_INIT | | 0x07 | SESS_INIT |
| | | +------------+--------------------------+
| 0x08--0xEF | Unassigned | | 0x08--0xEF | Unassigned |
| | | +------------+--------------------------+
| 0xF0--0xFF | Private/Experimental Use | | 0xF0--0xFF | Private/Experimental Use |
+------------+--------------------------+ +------------+--------------------------+
Table 12: Message Type Codes Table 14: Message Type Codes
9.6. XFER_REFUSE Reason Codes 9.6. XFER_REFUSE Reason Codes
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 XFER_REFUSE Reason Codes" and initialize it with the contents of 4 XFER_REFUSE Reason Codes" and initialize it with the contents of
Table 13. The registration procedure is Specification Required Table 15. The registration procedure is Specification Required
within the lower range 0x00--0xEF. Values in the range 0xF0--0xFF within the lower range 0x00--0xEF. Values in the range 0xF0--0xFF
are reserved for use on private networks for functions not published are reserved for use on private networks for functions not published
to the IANA. to the IANA.
Specifications of new XFER_REFUSE reason codes need to define the Specifications of new XFER_REFUSE reason codes need to define the
meaning of the reason and disambiguate it with pre-existing reasons. meaning of the reason and disambiguate it with pre-existing reasons.
Each refusal reason needs to be usable by the receiving BP Agent to Each refusal reason needs to be usable by the receiving BP Agent to
make retransmission or re-routing decisions. make retransmission or re-routing decisions.
Expert(s) are encouraged to be biased towards approving registrations Expert(s) are encouraged to be biased towards approving registrations
unless they are abusive, frivolous, or actively harmful (not merely unless they are abusive, frivolous, or actively harmful (not merely
aesthetically displeasing, or architecturally dubious). aesthetically displeasing, or architecturally dubious).
+------------+--------------------------+ +============+==========================+
| Code | Refusal Reason | | Code | Refusal Reason |
+------------+--------------------------+ +============+==========================+
| 0x00 | Unknown | | 0x00 | Unknown |
| | | +------------+--------------------------+
| 0x01 | Completed | | 0x01 | Completed |
| | | +------------+--------------------------+
| 0x02 | No Resources | | 0x02 | No Resources |
| | | +------------+--------------------------+
| 0x03 | Retransmit | | 0x03 | Retransmit |
| | | +------------+--------------------------+
| 0x04 | Not Acceptable | | 0x04 | Not Acceptable |
| | | +------------+--------------------------+
| 0x05 | Extension Failure | | 0x05 | Extension Failure |
| | | +------------+--------------------------+
| 0x06--0xEF | Unassigned | | 0x06 | Session Terminating |
| | | +------------+--------------------------+
| 0x07--0xEF | Unassigned |
+------------+--------------------------+
| 0xF0--0xFF | Private/Experimental Use | | 0xF0--0xFF | Private/Experimental Use |
+------------+--------------------------+ +------------+--------------------------+
Table 13: XFER_REFUSE Reason Codes Table 15: XFER_REFUSE Reason Codes
9.7. SESS_TERM Reason Codes 9.7. SESS_TERM Reason Codes
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 SESS_TERM Reason Codes" and initialize it with the contents of 4 SESS_TERM Reason Codes" and initialize it with the contents of
Table 14. The registration procedure is Specification Required Table 16. The registration procedure is Specification Required
within the lower range 0x00--0xEF. Values in the range 0xF0--0xFF within the lower range 0x00--0xEF. Values in the range 0xF0--0xFF
are reserved for use on private networks for functions not published are reserved for use on private networks for functions not published
to the IANA. to the IANA.
Specifications of new SESS_TERM reason codes need to define the Specifications of new SESS_TERM reason codes need to define the
meaning of the reason and disambiguate it with pre-existing reasons. meaning of the reason and disambiguate it with pre-existing reasons.
Each termination reason needs to be usable by the receiving BP Agent Each termination reason needs to be usable by the receiving BP Agent
to make re-connection decisions. to make re-connection decisions.
Expert(s) are encouraged to be biased towards approving registrations Expert(s) are encouraged to be biased towards approving registrations
unless they are abusive, frivolous, or actively harmful (not merely unless they are abusive, frivolous, or actively harmful (not merely
aesthetically displeasing, or architecturally dubious). aesthetically displeasing, or architecturally dubious).
+------------+--------------------------+ +============+==========================+
| Code | Termination Reason | | Code | Termination Reason |
+------------+--------------------------+ +============+==========================+
| 0x00 | Unknown | | 0x00 | Unknown |
| | | +------------+--------------------------+
| 0x01 | Idle timeout | | 0x01 | Idle timeout |
| | | +------------+--------------------------+
| 0x02 | Version mismatch | | 0x02 | Version mismatch |
| | | +------------+--------------------------+
| 0x03 | Busy | | 0x03 | Busy |
| | | +------------+--------------------------+
| 0x04 | Contact Failure | | 0x04 | Contact Failure |
| | | +------------+--------------------------+
| 0x05 | Resource Exhaustion | | 0x05 | Resource Exhaustion |
| | | +------------+--------------------------+
| 0x06--0xEF | Unassigned | | 0x06--0xEF | Unassigned |
| | | +------------+--------------------------+
| 0xF0--0xFF | Private/Experimental Use | | 0xF0--0xFF | Private/Experimental Use |
+------------+--------------------------+ +------------+--------------------------+
Table 14: SESS_TERM Reason Codes Table 16: SESS_TERM Reason Codes
9.8. MSG_REJECT Reason Codes 9.8. MSG_REJECT Reason Codes
EDITOR NOTE: sub-registry to-be-created upon publication of this EDITOR NOTE: sub-registry to-be-created upon publication of this
specification. specification.
IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE], IANA will create, under the "Bundle Protocol" registry [IANA-BUNDLE],
a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version a sub-registry titled "Bundle Protocol TCP Convergence-Layer Version
4 MSG_REJECT Reason Codes" and initialize it with the contents of 4 MSG_REJECT Reason Codes" and initialize it with the contents of
Table 15. The registration procedure is Specification Required Table 17. The registration procedure is Specification Required
within the lower range 0x01--0xEF. Values in the range 0xF0--0xFF within the lower range 0x01--0xEF. Values in the range 0xF0--0xFF
are reserved for use on private networks for functions not published are reserved for use on private networks for functions not published
to the IANA. to the IANA.
Specifications of new MSG_REJECT reason codes need to define the Specifications of new MSG_REJECT reason codes need to define the
meaning of the reason and disambiguate it with pre-existing reasons. meaning of the reason and disambiguate it with pre-existing reasons.
Each rejection reason needs to be usable by the receiving TCPCL Each rejection reason needs to be usable by the receiving TCPCL
Entity to make message sequencing and/or session termination Entity to make message sequencing and/or session termination
decisions. decisions.
Expert(s) are encouraged to be biased towards approving registrations Expert(s) are encouraged to be biased towards approving registrations
unless they are abusive, frivolous, or actively harmful (not merely unless they are abusive, frivolous, or actively harmful (not merely
aesthetically displeasing, or architecturally dubious). aesthetically displeasing, or architecturally dubious).
+------------+--------------------------+ +============+==========================+
| Code | Rejection Reason | | Code | Rejection Reason |
+------------+--------------------------+ +============+==========================+
| 0x00 | reserved | | 0x00 | reserved |
| | | +------------+--------------------------+
| 0x01 | Message Type Unknown | | 0x01 | Message Type Unknown |
| | | +------------+--------------------------+
| 0x02 | Message Unsupported | | 0x02 | Message Unsupported |
| | | +------------+--------------------------+
| 0x03 | Message Unexpected | | 0x03 | Message Unexpected |
| | | +------------+--------------------------+
| 0x04--0xEF | Unassigned | | 0x04--0xEF | Unassigned |
| | | +------------+--------------------------+
| 0xF0--0xFF | Private/Experimental Use | | 0xF0--0xFF | Private/Experimental Use |
+------------+--------------------------+ +------------+--------------------------+
Table 15: MSG_REJECT Reason Codes Table 17: MSG_REJECT Reason Codes
10. Acknowledgments 10. Acknowledgments
This specification is based on comments on implementation of This specification is based on comments on implementation of
[RFC7242] provided from Scott Burleigh. [RFC7242] provided from Scott Burleigh.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-dtn-bpbis]
Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol
Version 7", draft-ietf-dtn-bpbis-26 (work in progress),
July 2020.
[IANA-BUNDLE]
IANA, "Bundle Protocol",
<https://www.iana.org/assignments/bundle/>.
[IANA-PORTS] [IANA-PORTS]
IANA, "Service Name and Transport Protocol Port Number IANA, "Service Name and Transport Protocol Port Number
Registry", <https://www.iana.org/assignments/service- Registry", <https://www.iana.org/assignments/service-
names-port-numbers/>. names-port-numbers/>.
[IANA-BUNDLE]
IANA, "Bundle Protocol",
<https://www.iana.org/assignments/bundle/>.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, [RFC0793] Postel, J., "Transmission Control Protocol", STD 7,
RFC 793, DOI 10.17487/RFC0793, September 1981, RFC 793, DOI 10.17487/RFC0793, September 1981,
<https://www.rfc-editor.org/info/rfc793>. <https://www.rfc-editor.org/info/rfc793>.
[RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers", STD 3, RFC 1122, Communication Layers", STD 3, RFC 1122,
DOI 10.17487/RFC1122, October 1989, DOI 10.17487/RFC1122, October 1989,
<https://www.rfc-editor.org/info/rfc1122>. <https://www.rfc-editor.org/info/rfc1122>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
skipping to change at page 66, line 9 skipping to change at page 69, line 5
<https://www.rfc-editor.org/info/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>. <https://www.rfc-editor.org/info/rfc8446>.
[I-D.ietf-dtn-bpbis]
Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol
Version 7", Work in Progress, Internet-Draft, draft-ietf-
dtn-bpbis-27, 27 October 2020,
<https://tools.ietf.org/html/draft-ietf-dtn-bpbis-27>.
11.2. Informative References 11.2. Informative References
[AEAD-LIMITS] [AEAD-LIMITS]
Luykx, A. and K. Paterson, "Limits on Authenticated Luykx, A. and K. Paterson, "Limits on Authenticated
Encryption Use in TLS", August 2017, Encryption Use in TLS", August 2017,
<http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf>. <http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf>.
[github-dtn-bpbis-tcpcl]
Sipos, B., "TCPCL Example Implementation",
<https://github.com/BSipos-RKF/dtn-bpbis-tcpcl/>.
[I-D.ietf-dtn-bibect]
Burleigh, S., "Bundle-in-Bundle Encapsulation", draft-
ietf-dtn-bibect-03 (work in progress), February 2020.
[I-D.ietf-dtn-bpsec]
Birrane, E. and K. McKeever, "Bundle Protocol Security
Specification", draft-ietf-dtn-bpsec-23 (work in
progress), October 2020.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, DOI 10.17487/RFC2595, June 1999, RFC 2595, DOI 10.17487/RFC2595, June 1999,
<https://www.rfc-editor.org/info/rfc2595>. <https://www.rfc-editor.org/info/rfc2595>.
[RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC
Text on Security Considerations", BCP 72, RFC 3552, Text on Security Considerations", BCP 72, RFC 3552,
DOI 10.17487/RFC3552, July 2003, DOI 10.17487/RFC3552, July 2003,
<https://www.rfc-editor.org/info/rfc3552>. <https://www.rfc-editor.org/info/rfc3552>.
[RFC4511] Sermersheim, J., Ed., "Lightweight Directory Access [RFC4511] Sermersheim, J., Ed., "Lightweight Directory Access
skipping to change at page 67, line 5 skipping to change at page 69, line 42
[RFC4838] Cerf, V., Burleigh, S., Hooke, A., Torgerson, L., Durst, [RFC4838] Cerf, V., Burleigh, S., Hooke, A., Torgerson, L., Durst,
R., Scott, K., Fall, K., and H. Weiss, "Delay-Tolerant R., Scott, K., Fall, K., and H. Weiss, "Delay-Tolerant
Networking Architecture", RFC 4838, DOI 10.17487/RFC4838, Networking Architecture", RFC 4838, DOI 10.17487/RFC4838,
April 2007, <https://www.rfc-editor.org/info/rfc4838>. April 2007, <https://www.rfc-editor.org/info/rfc4838>.
[RFC5489] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for [RFC5489] Badra, M. and I. Hajjeh, "ECDHE_PSK Cipher Suites for
Transport Layer Security (TLS)", RFC 5489, Transport Layer Security (TLS)", RFC 5489,
DOI 10.17487/RFC5489, March 2009, DOI 10.17487/RFC5489, March 2009,
<https://www.rfc-editor.org/info/rfc5489>. <https://www.rfc-editor.org/info/rfc5489>.
[RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication
of Named Entities (DANE) Transport Layer Security (TLS)
Protocol: TLSA", RFC 6698, DOI 10.17487/RFC6698, August
2012, <https://www.rfc-editor.org/info/rfc6698>.
[RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A.,
Galperin, S., and C. Adams, "X.509 Internet Public Key
Infrastructure Online Certificate Status Protocol - OCSP",
RFC 6960, DOI 10.17487/RFC6960, June 2013,
<https://www.rfc-editor.org/info/rfc6960>.
[RFC7122] Kruse, H., Jero, S., and S. Ostermann, "Datagram [RFC7122] Kruse, H., Jero, S., and S. Ostermann, "Datagram
Convergence Layers for the Delay- and Disruption-Tolerant Convergence Layers for the Delay- and Disruption-Tolerant
Networking (DTN) Bundle Protocol and Licklider Networking (DTN) Bundle Protocol and Licklider
Transmission Protocol (LTP)", RFC 7122, Transmission Protocol (LTP)", RFC 7122,
DOI 10.17487/RFC7122, March 2014, DOI 10.17487/RFC7122, March 2014,
<https://www.rfc-editor.org/info/rfc7122>. <https://www.rfc-editor.org/info/rfc7122>.
[RFC7242] Demmer, M., Ott, J., and S. Perreault, "Delay-Tolerant [RFC7242] Demmer, M., Ott, J., and S. Perreault, "Delay-Tolerant
Networking TCP Convergence-Layer Protocol", RFC 7242, Networking TCP Convergence-Layer Protocol", RFC 7242,
DOI 10.17487/RFC7242, June 2014, DOI 10.17487/RFC7242, June 2014,
skipping to change at page 67, line 42 skipping to change at page 70, line 42
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", BCP 205, Code: The Implementation Status Section", BCP 205,
RFC 7942, DOI 10.17487/RFC7942, July 2016, RFC 7942, DOI 10.17487/RFC7942, July 2016,
<https://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J. [RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J.
Kasten, "Automatic Certificate Management Environment Kasten, "Automatic Certificate Management Environment
(ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019, (ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019,
<https://www.rfc-editor.org/info/rfc8555>. <https://www.rfc-editor.org/info/rfc8555>.
[I-D.ietf-dtn-bpsec]
Birrane, E. and K. McKeever, "Bundle Protocol Security
Specification", Work in Progress, Internet-Draft, draft-
ietf-dtn-bpsec-23, 25 October 2020,
<https://tools.ietf.org/html/draft-ietf-dtn-bpsec-23>.
[I-D.ietf-dtn-bibect]
Burleigh, S., "Bundle-in-Bundle Encapsulation", Work in
Progress, Internet-Draft, draft-ietf-dtn-bibect-03, 18
February 2020,
<https://tools.ietf.org/html/draft-ietf-dtn-bibect-03>.
[github-dtn-bpbis-tcpcl]
Sipos, B., "TCPCL Example Implementation",
<https://github.com/BSipos-RKF/dtn-bpbis-tcpcl/>.
Appendix A. Significant changes from RFC7242 Appendix A. Significant changes from RFC7242
The areas in which changes from [RFC7242] have been made to existing The areas in which changes from [RFC7242] have been made to existing
headers and messages are: headers and messages are:
o Split Contact Header into pre-TLS protocol negotiation and * Split Contact Header into pre-TLS protocol negotiation and
SESS_INIT parameter negotiation. The Contact Header is now fixed- SESS_INIT parameter negotiation. The Contact Header is now fixed-
length. length.
o Changed Contact Header content to limit number of negotiated * Changed Contact Header content to limit number of negotiated
options. options.
o Added session option to negotiate maximum segment size (per each * Added session option to negotiate maximum segment size (per each
direction). direction).
o Renamed "Endpoint ID" to "Node ID" to conform with BPv7 * Renamed "Endpoint ID" to "Node ID" to conform with BPv7
terminology. terminology.
o Added session extension capability. * Added session extension capability.
o Added transfer extension capability. Moved transfer total length * Added transfer extension capability. Moved transfer total length
into an extension item. into an extension item.
o Defined new IANA registries for message / type / reason codes to * Defined new IANA registries for message / type / reason codes to
allow renaming some codes for clarity. allow renaming some codes for clarity.
o Segments of all new IANA registries are reserved for private/ * Segments of all new IANA registries are reserved for private/
experimental use. experimental use.
o Expanded Message Header to octet-aligned fields instead of bit- * Expanded Message Header to octet-aligned fields instead of bit-
packing. packing.
o Added a bundle transfer identification number to all bundle- * Added a bundle transfer identification number to all bundle-
related messages (XFER_SEGMENT, XFER_ACK, XFER_REFUSE). related messages (XFER_SEGMENT, XFER_ACK, XFER_REFUSE).
o Use flags in XFER_ACK to mirror flags from XFER_SEGMENT. * Use flags in XFER_ACK to mirror flags from XFER_SEGMENT.
o Removed all uses of SDNV fields and replaced with fixed-bit-length * Removed all uses of SDNV fields and replaced with fixed-bit-length
(network byte order) fields. (network byte order) fields.
o Renamed SHUTDOWN to SESS_TERM to deconflict term "shutdown" * Renamed SHUTDOWN to SESS_TERM to deconflict term "shutdown"
related to TCP connections. related to TCP connections.
o Removed the notion of a re-connection delay parameter. * Removed the notion of a re-connection delay parameter.
The areas in which extensions from [RFC7242] have been made as new The areas in which extensions from [RFC7242] have been made as new
messages and codes are: messages and codes are:
o Added contact negotiation failure SESS_TERM reason code. * Added contact negotiation failure SESS_TERM reason code.
o Added MSG_REJECT message to indicate an unknown or unhandled * Added MSG_REJECT message to indicate an unknown or unhandled
message was received. message was received.
o Added TLS connection security mechanism. * Added TLS connection security mechanism.
o Added Resource Exhaustion SESS_TERM reason code. * Added "Not Acceptable", "Extension Failure", and "Session
Terminating" XFER_REFUSE reason codes.
* Added "Resource Exhaustion" SESS_TERM reason code.
Authors' Addresses Authors' Addresses
Brian Sipos Brian Sipos
RKF Engineering Solutions, LLC RKF Engineering Solutions, LLC
7500 Old Georgetown Road 7500 Old Georgetown Road
Suite 1275 Suite 1275
Bethesda, MD 20814-6198 Bethesda, MD 20814-6198
United States of America United States of America
Email: BSipos@rkf-eng.com Email: BSipos@rkf-eng.com
Michael Demmer Michael Demmer
University of California, Berkeley University of California, Berkeley
Computer Science Division Computer Science Division
445 Soda Hall 445 Soda Hall
Berkeley, CA 94720-1776 Berkeley, CA 94720-1776
United States of America United States of America
Email: demmer@cs.berkeley.edu Email: demmer@cs.berkeley.edu
Joerg Ott Joerg Ott
Aalto University Aalto University
Department of Communications and Networking Department of Communications and Networking
PO Box 13000 PO Box 13000
Aalto 02015 FI-02015 Aalto
Finland Finland
Email: ott@in.tum.de Email: ott@in.tum.de
Simon Perreault Simon Perreault
Quebec QC
Quebec, QC
Canada Canada
Email: simon@per.reau.lt Email: simon@per.reau.lt
 End of changes. 233 change blocks. 
777 lines changed or deleted 845 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/