idnits 2.17.1 draft-irtf-burleigh-bibe-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 26, 2013) is 4050 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- == Unused Reference: 'RFC3986' is defined on line 248, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Burleigh 3 Internet-DraftJet Propulsion Laboratory, California Institute of Technol 4 Intended status: Experimental March 26, 2013 5 Expires: September 27, 2013 7 Bundle-in-Bundle Encapsulation 8 draft-irtf-burleigh-bibe-00 10 Abstract 12 This document describes Bundle-in-Bundle Encapsulation (BIBE), a 13 Delay-Tolerant Networking (DTN) Bundle Protocol (BP) "convergence 14 layer" protocol that tunnels BP "bundles" through encapsulating 15 bundles. The services provided by the BIBE convergence-layer 16 protocol adapter encapsulate an outbound BP "bundle" in a BIBE 17 convergence-layer protocol data unit for transmission as the payload 18 of a bundle. Security measures applied to the encapsulating bundle 19 may augment those applied to the encapsulated bundle. 21 Requirements Language 23 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 24 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 25 document are to be interpreted as described in RFC 2119 [RFC2119]. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on September 27, 2013. 44 Copyright Notice 46 Copyright (c) 2013 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents 51 (http://trustee.ietf.org/license-info) in effect on the date of 52 publication of this document. Please review these documents 53 carefully, as they describe your rights and restrictions with respect 54 to this document. Code Components extracted from this document must 55 include Simplified BSD License text as described in Section 4.e of 56 the Trust Legal Provisions and are provided without warranty as 57 described in the Simplified BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 62 2. BIBE Design Elements . . . . . . . . . . . . . . . . . . . . 4 63 2.1. BIBE Protocol Data Unit . . . . . . . . . . . . . . . . . 4 64 2.2. BIBE Bundle Transmission Service . . . . . . . . . . . . 4 65 2.3. BIBE Bundle Delivery Service . . . . . . . . . . . . . . 5 66 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 67 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 68 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 69 6. Normative References . . . . . . . . . . . . . . . . . . . . 6 70 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 72 1. Introduction 74 This document describes Bundle-in-Bundle Encapsulation (BIBE), a 75 Delay-Tolerant Networking (DTN) Bundle Protocol (BP) [RFC5050] 76 "convergence layer" protocol that tunnels BP "bundles" through 77 encapsulating bundles. 79 Conformance to the bundle-in-bundle encapsulation (BIBE) 80 specification is OPTIONAL for BP nodes. Each BP node that conforms 81 to the BIBE specification provides a BIBE convergence-layer adapter 82 (CLA) that is implemented within the administrative element of the BP 83 node's application agent. Like any convergence-layer adapter, the 84 BIBE CLA provides: 86 o A transmission service that sends an outbound bundle (from the 87 bundle protocol agent) to all BP nodes in the minimum reception 88 group of the endpoint identified by a specified endpoint ID. 90 o A reception service that delivers to the bundle protocol agent an 91 inbound bundle that was sent by a remote BP node via the BIBE 92 convergence layer protocol. 94 The BIBE CLA performs these services by: 96 o Encapsulating outbound bundles in BIBE protocol data units, which 97 take the form of Bundle Protocol administrative records as 98 described later. 100 o Requesting that the bundle protocol agent transmit bundles whose 101 payloads are BIBE protocol data units. 103 o Taking delivery of BIBE protocol data units that are the payloads 104 of bundles received by the bundle protocol agent. 106 o Delivering to the bundle protocol agent the bundles that are 107 encapsulated in delivered BIBE protocol data units. 109 Bundle-in-bundle encapsulation may have broad utility, but the 110 principal motivating use case is the deployment of "cross domain 111 solutions" in secure communications. Under some circumstances a 112 bundle may arrive at a node that is on the frontier of a region of 113 network topology in which augmented security is required, from which 114 the bundle must egress at some other designated node. In that case, 115 the bundle may be encapsulated within a bundle to which the requisite 116 additional Bundle Security Protocol (BSP) [RFC6257] extension 117 block(s) can be attached, whose source is the point of entry into the 118 insecure region (the "security source") and whose destination is the 119 point of egress from the insecure region (the "security 120 destination"). 122 Note that: 124 o If the payload of the encapsulating bundle is protected by a 125 Payload Confidentiality Block (PCB), then the source and 126 destination of the encapsulated bundle are encrypted, providing a 127 defense against traffic analysis that BSP alone cannot offer. 129 o Bundles whose payloads are BIBE protocol data units may themselves 130 be forwarded via a BIBE convergence-layer adapter, enabling nested 131 bundle encapsulation to arbitrary depth as required by a given 132 security policy. 134 o Moreover, in the event that no single point of egress from an 135 insecure region of network topology can be determined at the 136 moment a bundle is to be encapsulated, multiple copies of the 137 bundle may be encapsulated individually and forwarded to all 138 candidate points of egress. 140 o Finally, because the BIBE CLA (like any CLA) may conform to the 141 Compressed Bundle Header Encoding (CBHE) specification [RFC6260], 142 a bundle that is forwarded by BIBE and protected by multiple 143 layers of encryption might be slightly smaller than a similarly 144 protected bundle whose multiple PCBs have explicit security 145 sources and destinations. This is because BSP extension block 146 security sources and destinations are encoded as endpoint ID 147 references, which are not subject to CBHE compression (and in fact 148 make CBHE compression of the bundle impossible); retention of the 149 complete "dictionary" in the bundle's primary block is mandatory. 150 When a bundle is forwarded via a BIBE CLA, explicit security 151 sources and destinations in the BSP extension blocks are 152 unnecessary. Implicit security sources and destinations are 153 asserted in the primary blocks of the encapsulating and 154 encapsulated bundle(s), which may be compressed as described in 155 the CBHE specification. 157 Taken together, these capabilities provide flexibility in security 158 that is comparable, and in some ways superior, to that offered by the 159 explicit security sources and destinations of [RFC6257]. 161 2. BIBE Design Elements 163 2.1. BIBE Protocol Data Unit 165 The BIBE protocol data unit is a Bundle Protocol administrative 166 record constructed as follows: 168 o Record type code is 7, i.e., bit pattern 0111. 170 o The content of the administrative record consists of a single BP 171 bundle. 173 2.2. BIBE Bundle Transmission Service 175 When a BIBE convergence-layer adapter is requested by the bundle 176 protocol agent to send a bundle to all bundle nodes in the minimum 177 reception group of the endpoint identified by a specified endpoint 178 ID: 180 o If the BIBE CLA is CBHE-conformant and the destination endpoint ID 181 is likewise CBHE-conformant, the CLA SHOULD encode the primary 182 block of the bundle in the manner prescribed by the CBHE 183 specification. 185 o The CLA MUST place the possibly encoded bundle in the content of a 186 new BIBE administrative record. 188 o This new BIBE administrative record constitutes a BIBE 189 convergence-layer protocol data unit which is to be conveyed from 190 the BIBE CLA to a peer BIBE CLA at the destination node(s). 192 o To accomplish conveyance of the BIBE convergence-layer protocol 193 data unit to its peer CLA, the CLA MUST request that the bundle 194 protocol agent transmit -- to the destination endpoint -- a bundle 195 whose payload is the BIBE convergence-layer protocol data unit 196 (i.e., the new BIBE administrative record). 198 o Selection of the values of the parameters governing the bundle 199 transmission requested by the CLA, other than the destination 200 endpoint ID, is an implementation matter. The parameter values 201 governing transmission of the encapsulated bundle MAY be consulted 202 for this purpose. 204 2.3. BIBE Bundle Delivery Service 206 When a BIBE CLA receives a BIBE convergence-layer protocol data unit 207 from the bundle protocol agent (that is, upon delivery of the payload 208 of a bundle whose transmission was requested by a BIBE CLA): 210 o The BIBE convergence-layer protocol data unit constitutes a BIBE 211 administrative record. 213 o If the BIBE CLA is CBHE-conformant and the bundle that forms the 214 content of that administrative record is CBHE-encoded, the CLA 215 MUST decode the primary block of that bundle in the manner 216 prescribed by the CBHE specification. 218 o The CLA MUST deliver the possibly decoded bundle to the bundle 219 protocol agent. 221 Note that, upon delivery of a bundle from a BIBE CLA, the bundle 222 prototol agent will perform the bundle reception procedures defined 223 in section 5.6 of [RFC5050] as usual: the formerly encapsulated 224 bundle may be forwarded, delivered, etc. 226 3. IANA Considerations 228 The BIBE specification requires IANA registration of the new BIBE 229 administrative record (type code 7) defined in section 2.1 above. 231 4. Security Considerations 233 The BIBE specification introduces no new security considerations. 235 5. Acknowledgments 237 Although the BIBE specification diverges in some ways from the 238 original Bundle-in-Bundle Encapsulation Internet Draft authored by 239 Susan Symington, Bob Durst, and Keith Scott of The MITRE Corporation 240 (draft-irtf-dtnrg-bundle-encapsulation-06, 2009), the influence of 241 that earlier document is gratefully acknowledged. 243 6. Normative References 245 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 246 Requirement Levels", BCP 14, RFC 2119, March 1997. 248 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 249 Resource Identifier (URI): Generic Syntax", STD 66, RFC 250 3986, January 2005. 252 [RFC5050] Scott, K. and S. Burleigh, "Bundle Protocol 253 Specification", RFC 5050, November 2007. 255 [RFC6257] Symington, S., Farrell, S., Weiss, H., and P. Lovell, 256 "Bundle Security Protocol Specification", RFC 6257, May 257 2011. 259 [RFC6260] Burleigh, S., "Compressed Bundle Header Encoding (CBHE)", 260 RFC 6260, May 2011. 262 Author's Address 264 Scott Burleigh 265 Jet Propulsion Laboratory, California Institute of Technology 266 4800 Oak Grove Drive, m/s 301-490 267 Pasadena, CA 91109 268 USA 270 Phone: +1 818 393 3353 271 Email: Scott.C.Burleigh@jpl.nasa.gov