Internet DRAFT - draft-irtf-burleigh-bibe
draft-irtf-burleigh-bibe
Network Working Group S. Burleigh
Internet-DraftJet Propulsion Laboratory, California Institute of Technol
Intended status: Experimental March 26, 2013
Expires: September 27, 2013
Bundle-in-Bundle Encapsulation
draft-irtf-burleigh-bibe-00
Abstract
This document describes Bundle-in-Bundle Encapsulation (BIBE), a
Delay-Tolerant Networking (DTN) Bundle Protocol (BP) "convergence
layer" protocol that tunnels BP "bundles" through encapsulating
bundles. The services provided by the BIBE convergence-layer
protocol adapter encapsulate an outbound BP "bundle" in a BIBE
convergence-layer protocol data unit for transmission as the payload
of a bundle. Security measures applied to the encapsulating bundle
may augment those applied to the encapsulated bundle.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 27, 2013.
Burleigh Expires September 27, 2013 [Page 1]
�
Internet-Draft BIBE March 2013
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. BIBE Design Elements . . . . . . . . . . . . . . . . . . . . 4
2.1. BIBE Protocol Data Unit . . . . . . . . . . . . . . . . . 4
2.2. BIBE Bundle Transmission Service . . . . . . . . . . . . 4
2.3. BIBE Bundle Delivery Service . . . . . . . . . . . . . . 5
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 6
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6
6. Normative References . . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
This document describes Bundle-in-Bundle Encapsulation (BIBE), a
Delay-Tolerant Networking (DTN) Bundle Protocol (BP) [RFC5050]
"convergence layer" protocol that tunnels BP "bundles" through
encapsulating bundles.
Conformance to the bundle-in-bundle encapsulation (BIBE)
specification is OPTIONAL for BP nodes. Each BP node that conforms
to the BIBE specification provides a BIBE convergence-layer adapter
(CLA) that is implemented within the administrative element of the BP
node's application agent. Like any convergence-layer adapter, the
BIBE CLA provides:
o A transmission service that sends an outbound bundle (from the
bundle protocol agent) to all BP nodes in the minimum reception
group of the endpoint identified by a specified endpoint ID.
Burleigh Expires September 27, 2013 [Page 2]
�
Internet-Draft BIBE March 2013
o A reception service that delivers to the bundle protocol agent an
inbound bundle that was sent by a remote BP node via the BIBE
convergence layer protocol.
The BIBE CLA performs these services by:
o Encapsulating outbound bundles in BIBE protocol data units, which
take the form of Bundle Protocol administrative records as
described later.
o Requesting that the bundle protocol agent transmit bundles whose
payloads are BIBE protocol data units.
o Taking delivery of BIBE protocol data units that are the payloads
of bundles received by the bundle protocol agent.
o Delivering to the bundle protocol agent the bundles that are
encapsulated in delivered BIBE protocol data units.
Bundle-in-bundle encapsulation may have broad utility, but the
principal motivating use case is the deployment of "cross domain
solutions" in secure communications. Under some circumstances a
bundle may arrive at a node that is on the frontier of a region of
network topology in which augmented security is required, from which
the bundle must egress at some other designated node. In that case,
the bundle may be encapsulated within a bundle to which the requisite
additional Bundle Security Protocol (BSP) [RFC6257] extension
block(s) can be attached, whose source is the point of entry into the
insecure region (the "security source") and whose destination is the
point of egress from the insecure region (the "security
destination").
Note that:
o If the payload of the encapsulating bundle is protected by a
Payload Confidentiality Block (PCB), then the source and
destination of the encapsulated bundle are encrypted, providing a
defense against traffic analysis that BSP alone cannot offer.
o Bundles whose payloads are BIBE protocol data units may themselves
be forwarded via a BIBE convergence-layer adapter, enabling nested
bundle encapsulation to arbitrary depth as required by a given
security policy.
Burleigh Expires September 27, 2013 [Page 3]
�
Internet-Draft BIBE March 2013
o Moreover, in the event that no single point of egress from an
insecure region of network topology can be determined at the
moment a bundle is to be encapsulated, multiple copies of the
bundle may be encapsulated individually and forwarded to all
candidate points of egress.
o Finally, because the BIBE CLA (like any CLA) may conform to the
Compressed Bundle Header Encoding (CBHE) specification [RFC6260],
a bundle that is forwarded by BIBE and protected by multiple
layers of encryption might be slightly smaller than a similarly
protected bundle whose multiple PCBs have explicit security
sources and destinations. This is because BSP extension block
security sources and destinations are encoded as endpoint ID
references, which are not subject to CBHE compression (and in fact
make CBHE compression of the bundle impossible); retention of the
complete "dictionary" in the bundle's primary block is mandatory.
When a bundle is forwarded via a BIBE CLA, explicit security
sources and destinations in the BSP extension blocks are
unnecessary. Implicit security sources and destinations are
asserted in the primary blocks of the encapsulating and
encapsulated bundle(s), which may be compressed as described in
the CBHE specification.
Taken together, these capabilities provide flexibility in security
that is comparable, and in some ways superior, to that offered by the
explicit security sources and destinations of [RFC6257].
2. BIBE Design Elements
2.1. BIBE Protocol Data Unit
The BIBE protocol data unit is a Bundle Protocol administrative
record constructed as follows:
o Record type code is 7, i.e., bit pattern 0111.
o The content of the administrative record consists of a single BP
bundle.
2.2. BIBE Bundle Transmission Service
When a BIBE convergence-layer adapter is requested by the bundle
protocol agent to send a bundle to all bundle nodes in the minimum
reception group of the endpoint identified by a specified endpoint
ID:
o If the BIBE CLA is CBHE-conformant and the destination endpoint ID
is likewise CBHE-conformant, the CLA SHOULD encode the primary
Burleigh Expires September 27, 2013 [Page 4]
�
Internet-Draft BIBE March 2013
block of the bundle in the manner prescribed by the CBHE
specification.
o The CLA MUST place the possibly encoded bundle in the content of a
new BIBE administrative record.
o This new BIBE administrative record constitutes a BIBE
convergence-layer protocol data unit which is to be conveyed from
the BIBE CLA to a peer BIBE CLA at the destination node(s).
o To accomplish conveyance of the BIBE convergence-layer protocol
data unit to its peer CLA, the CLA MUST request that the bundle
protocol agent transmit -- to the destination endpoint -- a bundle
whose payload is the BIBE convergence-layer protocol data unit
(i.e., the new BIBE administrative record).
o Selection of the values of the parameters governing the bundle
transmission requested by the CLA, other than the destination
endpoint ID, is an implementation matter. The parameter values
governing transmission of the encapsulated bundle MAY be consulted
for this purpose.
2.3. BIBE Bundle Delivery Service
When a BIBE CLA receives a BIBE convergence-layer protocol data unit
from the bundle protocol agent (that is, upon delivery of the payload
of a bundle whose transmission was requested by a BIBE CLA):
o The BIBE convergence-layer protocol data unit constitutes a BIBE
administrative record.
o If the BIBE CLA is CBHE-conformant and the bundle that forms the
content of that administrative record is CBHE-encoded, the CLA
MUST decode the primary block of that bundle in the manner
prescribed by the CBHE specification.
o The CLA MUST deliver the possibly decoded bundle to the bundle
protocol agent.
Note that, upon delivery of a bundle from a BIBE CLA, the bundle
prototol agent will perform the bundle reception procedures defined
in section 5.6 of [RFC5050] as usual: the formerly encapsulated
bundle may be forwarded, delivered, etc.
3. IANA Considerations
The BIBE specification requires IANA registration of the new BIBE
administrative record (type code 7) defined in section 2.1 above.
Burleigh Expires September 27, 2013 [Page 5]
�
Internet-Draft BIBE March 2013
4. Security Considerations
The BIBE specification introduces no new security considerations.
5. Acknowledgments
Although the BIBE specification diverges in some ways from the
original Bundle-in-Bundle Encapsulation Internet Draft authored by
Susan Symington, Bob Durst, and Keith Scott of The MITRE Corporation
(draft-irtf-dtnrg-bundle-encapsulation-06, 2009), the influence of
that earlier document is gratefully acknowledged.
6. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, RFC
3986, January 2005.
[RFC5050] Scott, K. and S. Burleigh, "Bundle Protocol
Specification", RFC 5050, November 2007.
[RFC6257] Symington, S., Farrell, S., Weiss, H., and P. Lovell,
"Bundle Security Protocol Specification", RFC 6257, May
2011.
[RFC6260] Burleigh, S., "Compressed Bundle Header Encoding (CBHE)",
RFC 6260, May 2011.
Author's Address
Scott Burleigh
Jet Propulsion Laboratory, California Institute of Technology
4800 Oak Grove Drive, m/s 301-490
Pasadena, CA 91109
USA
Phone: +1 818 393 3353
Email: Scott.C.Burleigh@jpl.nasa.gov
Burleigh Expires September 27, 2013 [Page 6]
