Delay-Tolerant Networking E. Birrane Internet-Draft Johns Hopkins Applied Physics Laboratory Intended status: Experimental June 18, 2016 Expires: December 20, 2016 Bundle Protocol Security Application Data Model draft-birrane-dtn-adm-bpsec-00 Abstract This document describes an Application Data Model (ADM) for the Bundle Security Protocol (BPSEC). This ADM identifies the Primitive Values, Computed values, Reports, Controls, Macros, Literals, Operators, and meta-data associated with the monitoring and management of BPSEC security primitives. The information outlined in this document MUST be supported by any software claiming to manage a BPSEC implementation through the Asynchronous Management Protocol (AMP). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 20, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Birrane Expires December 20, 2016 [Page 1] Internet-Draft BPSEC ADM June 2016 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Technical Notes . . . . . . . . . . . . . . . . . . . . . 3 1.2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. OID Tree Identification . . . . . . . . . . . . . . . . . . . 4 2.1. Nicknames . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2. OID Shorthand . . . . . . . . . . . . . . . . . . . . . . 5 3. Metadata Definitions . . . . . . . . . . . . . . . . . . . . 6 4. Primitive Values . . . . . . . . . . . . . . . . . . . . . . 6 5. Computed Values . . . . . . . . . . . . . . . . . . . . . . . 10 6. Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 7. Controls . . . . . . . . . . . . . . . . . . . . . . . . . . 11 7.1. Summary . . . . . . . . . . . . . . . . . . . . . . . . . 11 7.2. Control Specification . . . . . . . . . . . . . . . . . . 12 7.2.1. Overview . . . . . . . . . . . . . . . . . . . . . . 12 7.2.2. BPSEC Controls . . . . . . . . . . . . . . . . . . . 13 8. Literals . . . . . . . . . . . . . . . . . . . . . . . . . . 21 9. Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 10. Operators . . . . . . . . . . . . . . . . . . . . . . . . . . 21 11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 12.1. Informative References . . . . . . . . . . . . . . . . . 21 12.2. Normative References . . . . . . . . . . . . . . . . . . 21 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 1. Introduction An Application Data Model (ADM) provides a guaranteed interface for the management of an application or protocol over the Asynchronous Management Protocol [AMP] that is independent of the nuances of its software implementation. In this respect, the ADM is conceptually similar to the Managed Information Base (MIB) used by SNMP, but contains additional information relating to command opcodes and more expressive syntax for automated behavior. Agents within the Asynchronous Management Architecture [AMA] represent applications running on managed devices that are responsible for implementing the AMA services of configuration, reporting, control, and administration. These agents provide the mechnism through which applications and protocols are managed through the AMP. Birrane Expires December 20, 2016 [Page 2] Internet-Draft BPSEC ADM June 2016 The BPSEC ([BPSEC]) protocol defines integrity and confidentiality mechanisms for securing extension blocks within Bundle Protocol bundle. The BPSEC ADM provides the set of information used to monitor and configure common aspects of any BPSEC software implementation. 1.1. Technical Notes o This document describes Version 0.1 of the BPSEC ADM. o The OID Root for this ADM is NOT correctly set. A sample OID Root is used in this version of the specification and MAY change in future versions of this ADM. o Currently, ADMs are organizing documents and not used to automatically generate software. Future versions of this ADM should include a specification in a data modeling language (such as YANG) to better enable software generation. o Agent applications MAY choose to ignore the name, description, or OID information associated with the component definitions within this ADM as these items are only used to provide human-readable information associated with user interfaces and may not be necessary on a deployed managed device. 1.2. Scope This ADM specifies the globally unique identifiers and descriptions for all Values, Controls, Literals, and Operators associated with BPSEC management via an AMP Agent. Any BPSEC implementation claiming compliance with the BPSEC ADM MUST compute all identified primitive data when requested by an AMP Agent. Also, any BPA implementation claiming compliance with the BPA ADM MUST execute all identified controls when requested by an AMP Agent. Any AMP Agent claiming to support the BPSEC ADM must compute all identifier data, perform identified controls/operators, and understand identified literals/metadata. 1.3. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Birrane Expires December 20, 2016 [Page 3] Internet-Draft BPSEC ADM June 2016 2. OID Tree Identification The Managed Identifiers (MIDs) used with this ADM encapsulate OIDs within a globally managed OID tree. The OID node from which all of the MIDs in this specification derive is called the "BPSEC ADM OID Root". This section identifies this root in the overall OID tree. NOTE: This version of the BPSEC ADM uses a proxy BPSEC ADM Root that has NOT been assigned. The BPSEC ADM Root in this version of the document is only used for experimental purposes and MAY change before the final release of this specification. +----------+--------------------------------------------------------+ | BPSEC | iso.identified- | | ADM OID | organization.dod.internet.mgmt.amp.bpsec | | ROOT | | | STRING | | | | | | BPSEC | 1.3.6.1.2.3.9 | | ADM ROOT | | | ID | | | STRING | | | | | | BPSEC | 2B 06 01 02 03 09 | | ADM ROOT | | | OID | | | (octets) | | +----------+--------------------------------------------------------+ OID Tree Identification The subtree under the BPSEC ADM OID ROOT contains eight subbranches that capture metadata, Primitive Values, Computed Values, Reports, Controls, Literals, Macros, and Operators as illustrated in Figure 1. BPSEC ADM ROOT (1.3.6.1.2.3.9) | Meta- Primitive Computed | Data Data Data Rpts | Ctrls Literals Macros Ops (.0) (.1) (.2) (.3) | (.4) (.5) (.6) (.7) +-------+---------+------+---------+------+----------+---------+ Figure 1: BPSEC ADM OID Subtree Birrane Expires December 20, 2016 [Page 4] Internet-Draft BPSEC ADM June 2016 2.1. Nicknames The following managed nicknames are provided to generate compressed OIDs within the AMP. Compressed OIDs enable shortening of common subtrees into a single numerical identifier to avoid the significant repetition incumbent with using OIDs from a common subtree. The nicknames defined by this ADM are given in Table 1. +--------+----------------------------+-----------------------------+ | Unique | Label | OID as ASN.1 BER | | ID | | | +--------+----------------------------+-----------------------------+ | 40 | BPSEC Metadata | 0x2B060102030900 | | | | | | 41 | BPSEC Primitive Values | 0x2B060102030901 | | | | | | 42 | BPSEC Computed Values | 0x2B060102030902 | | | | | | 43 | BPSEC Reports | 0x2B060102030903 | | | | | | 44 | BPSEC Controls | 0x2B060102030904 | | | | | | 45 | BPSEC Literals | 0x2B060102030905 | | | | | | 46 | BPSEC Macros | 0x2B060102030906 | | | | | | 47 | BPSEC Operators | 0x2B060102030907 | | | | | | 49 | BPSEC Root | 0x2B0601020309 | +--------+----------------------------+-----------------------------+ Table 1: BPSEC ADM Nicknames 2.2. OID Shorthand The components in this specification are identified by their AMP MID value. However, for easier traceability back to the OIDs encapsulated in MIDs, an OID string is also provided for each component. These OID strings are provided in a shorthand that makes use of the nicknames defined in Table 1 and uses the form [nickname].relative-oid. For example, the OID String [44].3.2.1 corresponds to the OID 2B060102030904030201, with 2B060102030904 being the expansion of nickname 44 and 030201 being the relative OID. Birrane Expires December 20, 2016 [Page 5] Internet-Draft BPSEC ADM June 2016 3. Metadata Definitions ADM metadata consists of the items necessary to uniquely identify the ADM to Managers within the AMA. This includes items such as the name of the ADM, its version, and any nicknames used within the ADM. +--------+------------+--------+----------------+------+------------+ | Name | MID (Hex) | OID | Description | Type | Value | | | | (Str) | | | | +--------+------------+--------+----------------+------+------------+ | Label | 0x80280100 | [40].0 | The human- | STR | BPSEC ADM | | | | | readable ADM | | | | | | | name. | | | +--------+------------+--------+----------------+------+------------+ | Versio | 0x80280101 | [40].1 | The ADM | STR | 2016_05_16 | | n | | | version. | | | +--------+------------+--------+----------------+------+------------+ Table 2: BPSEC Metadata 4. Primitive Values Primitive Value definitions represent those values that MUST be collected by the BPSEC protocol handler. Changing or updating Primitive Value definitions requires making changes to the BPSEC protocol handler and/ or its supporting firmware. +----------------+---------+----------------------+--------+--------+ | MID | OID | Decription | Type | Parms | +----------------+---------+----------------------+--------+--------+ | 80290100 | [41].0 | Total Successfully | UINT | None | | | | Tx BCB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290101 | [41].1 | Total Unsuccessfully | UINT | None | | | | Tx BCB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290102 | [41].2 | Total Successfully | UINT | None | | | | Rx BCB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290103 | [41].3 | Total Unsuccessfully | UINT | None | | | | Rx BCB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290104 | [41].4 | Total Missing-on-Rx | UINT | None | | | | BCB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290105 | [41].5 | Total Forwarded BCB | UINT | None | | | | blocks | | | +----------------+---------+----------------------+--------+--------+ Birrane Expires December 20, 2016 [Page 6] Internet-Draft BPSEC ADM June 2016 | 80290106 | [41].6 | Total Successfully | UINT | None | | | | Tx BCB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290107 | [41].7 | Total Unsuccessfully | UINT | None | | | | Tx BCB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290108 | [41].8 | Total Successfully | UINT | None | | | | Rx BCB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290109 | [41].9 | Total Unsuccessfully | UINT | None | | | | Rx BCB bytes | | | +----------------+---------+----------------------+--------+--------+ | 8029010A | [41].A | Total Missing-on-Rx | UINT | None | | | | BCB bytes | | | +----------------+---------+----------------------+--------+--------+ | 8029010B | [41].B | Total Forwarded BCB | UINT | None | | | | bytes | | | +----------------+---------+----------------------+--------+--------+ | 8029010C | [41].C | Total Successfully | UINT | None | | | | Tx BIB blocks | | | +----------------+---------+----------------------+--------+--------+ | 8029010D | [41].D | Total Unsuccessfully | UINT | None | | | | Tx BIB blocks | | | +----------------+---------+----------------------+--------+--------+ | 8029010E | [41].E | Total Successfully | UINT | None | | | | Rx BIB blocks | | | +----------------+---------+----------------------+--------+--------+ | 8029010F | [41].F | Total Unsuccessfully | UINT | None | | | | Rx BIB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290110 | [41].10 | Total Missing-on-Rx | UINT | None | | | | BIB blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290111 | [41].11 | Total Forwarded BIB | UINT | None | | | | blocks | | | +----------------+---------+----------------------+--------+--------+ | 80290112 | [41].12 | Total Successfully | UINT | None | | | | Tx BIB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290113 | [41].13 | Total Unsuccessfully | UINT | None | | | | Tx BIB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290114 | [41].14 | Total Successfully | UINT | None | | | | Rx BIB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290115 | [41].15 | Total Unsuccessfully | UINT | None | | | | Rx BIB bytes | | | +----------------+---------+----------------------+--------+--------+ Birrane Expires December 20, 2016 [Page 7] Internet-Draft BPSEC ADM June 2016 | 80290116 | [41].16 | Total Missing-on-Rx | UINT | None | | | | BIB bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290117 | [41].17 | Total Forwarded BIB | UINT | None | | | | bytes | | | +----------------+---------+----------------------+--------+--------+ | 80290118 | [41].18 | Last BPSEC Update | TS | None | +----------------+---------+----------------------+--------+--------+ | 80290119 | [41].19 | Number of Known Keys | UINT | None | +----------------+---------+----------------------+--------+--------+ | 8029011A | [41].1A | Known Key Names | STRING | None | | | | (CSV) | | | +----------------+---------+----------------------+--------+--------+ | 8029011B | [41].1B | Known Ciphersuite | STRING | None | | | | Names (CSV) | | | +----------------+---------+----------------------+--------+--------+ | 8029011C | [41].1C | Known Rule Sources | STRING | None | | | | (CSV) | | | +----------------+---------+----------------------+--------+--------+ | C029011D | [41].1D | Successfully Tx BCB | UINT | STR | | | | blocks from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029011E | [41].1E | Failed Tx BCB blocks | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029011F | [41].1F | Successfully Rx BCB | UINT | STR | | | | blocks from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290120 | [41].20 | Failed Rx BCB blocks | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290121 | [41].21 | Missing-on-Rx BCB | UINT | STR | | | | blocks from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290122 | [41].22 | Forwarded BCB blocks | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290123 | [41].23 | Successfully Tx BCB | UINT | STR | | | | bytes from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290124 | [41].24 | Failed Tx BCB bytes | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290125 | [41].25 | Successfully Rx BCB | UINT | STR | | | | bytes from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290126 | [41].26 | Failed Rx BCB bytes | UINT | STR | | | | from SRC | | Src | Birrane Expires December 20, 2016 [Page 8] Internet-Draft BPSEC ADM June 2016 +----------------+---------+----------------------+--------+--------+ | C0290127 | [41].27 | Missing-on-Rx BCB | UINT | STR | | | | bytes from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290128 | [41].28 | Forwarded BCB bytes | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290129 | [41].29 | Successfully Tx BIB | UINT | STR | | | | blocks from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029012A | [41].2A | Failed Tx BIB blocks | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029012B | [41].2B | Successfully Rx BIB | UINT | STR | | | | blocks from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029012C | [41].2C | Failed Rx BIB blocks | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029012D | [41].2D | Missing-on-Rx BIB | UINT | STR | | | | blocks from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029012E | [41].2E | Forwarded BIB blocks | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C029012F | [41].2F | Successfully Tx BIB | UINT | STR | | | | bytes from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290130 | [41].30 | Failed Tx BIB bytes | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290131 | [41].31 | Successfully Rx BIB | UINT | STR | | | | bytes from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290132 | [41].32 | Failed Rx BIB bytes | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290133 | [41].33 | Missing-on-Rx BIB | UINT | STR | | | | bytes from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290134 | [41].34 | Forwarded BIB bytes | UINT | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290135 | [41].35 | Last BPSEC Update | TS | STR | | | | from SRC | | Src | +----------------+---------+----------------------+--------+--------+ | C0290136 | [41].36 | Last Reset | TS | STR | | | | | | Src | Birrane Expires December 20, 2016 [Page 9] Internet-Draft BPSEC ADM June 2016 +----------------+---------+----------------------+--------+--------+ Table 3: BPSEC Primitive Values 5. Computed Values The BPSEC ADM defines no computed values. 6. Reports A Report is a listing of data items including Primitive Value definitions, Computed Value definitions, and other Reports returned from an AMP Agent. Similar to Computed Values, Report definitions are captured as a MID Collection (MC), which is the ordered set of MIDs identifying individual data items that comprise the report. +----------+------------+-------+----------------------------+------+ | Name | MID | OID | Description | Type | +----------+------------+-------+----------------------------+------+ | Full | 822B0100 |[43].0 | All known Meta-Data, | RPT | | Report | | | Primitive, and Computed | | | | | | Values. | | +----------+------------+-------+----------------------------+------+ | Definition | +-------------------------------------------------------------------+ | 0x1D 0x80290100 0x80290101 0x80290102 0x80290103 0x80290104 | | 0x80290105 0x80290106 0x80290107 0x80290108 0x80290109 | | 0x8029010A 0x8029010B 0x8029010C 0x8029010D 0x8029010E | | 0x8029010F 0x80290110 0x80290111 0x80290112 0x80290113 | | 0x80290114 0x80290115 0x80290116 0x80290117 0x80290118 | | 0x80290119 0x8029011A 0x8029011B 0x8029011C | +-------------------------------------------------------------------+ Table 4: BPSEC Full Report Birrane Expires December 20, 2016 [Page 10] Internet-Draft BPSEC ADM June 2016 +----------+------------+-------+----------------------------+------+ | Name | MID | OID | Description | Type | +----------+------------+-------+----------------------------+------+ | Source | 0xC22B0101 |[43].1 | Security Info By Source | RPT | | Report | | | | | +----------+------------+-------+----------------------------+------+ | Definition | +-------------------------------------------------------------------+ | 0x1A 0xC029011D 0xC029011E 0xC029011F 0xC0290120 0xC0290121 | | 0xC0290122 0xC0290123 0xC0290124 0xC0290125 0xC0290126 | | 0xC0290127 0xC0290128 0xC0290129 0xC029012A 0xC029012B | | 0xC029012C 0xC029012D 0xC029012E 0xC029012F 0xC0290130 | | 0xC0290131 0xC0290132 0xC0290133 0xC0290134 0xC0290135 | | 0xC0290136 | +-------------------------------------------------------------------+ Table 5: BPSEC Source Report 7. Controls Controls represent well-known command opcodes that can be run by the Agent in response to direct requests by an AMP Manager, or in response to time- or state-based rules on the Agent itself. 7.1. Summary Birrane Expires December 20, 2016 [Page 11] Internet-Draft BPSEC ADM June 2016 +----------------+------------+--------+------+---------------------+ | Name | MID | OID | # | Prms | | | | | Prms | | +----------------+------------+--------+------+---------------------+ | ResetAllCounts | 0x832C0100 | [44].0 | 0 | () | +----------------+------------+--------+------+---------------------+ | ResetSrcCounts | 0xC32C0101 | [44].1 | 1 | (STR Src) | +----------------+------------+--------+------+---------------------+ | DelKey | 0xC32C0102 | [44].2 | 1 | (STR KeyName) | +----------------+------------+--------+------+---------------------+ | AddKey | 0xC32C0103 | [44].3 | 2 | (STR KeyName, BLOB | | | | | | Key) | +----------------+------------+--------+------+---------------------+ | AddBibRule | 0xC32C0104 | [44].4 | 5 | (STR Src, STR Dest, | | | | | | INT Tgt, STR Cs, | | | | | | STR Key) | +----------------+------------+--------+------+---------------------+ | DelBibRule | 0xC32C0105 | [44].5 | 3 | (STR Src, STR Dest, | | | | | | INT Tgt) | +----------------+------------+--------+------+---------------------+ | ListBibRules | 0x832C0106 | [44].6 | 0 | () | +----------------+------------+--------+------+---------------------+ | AddBcbRule | 0xC32C0107 | [44].7 | 5 | (STR Src, STR Dest, | | | | | | INT Tgt, STR Cs, | | | | | | STR Key) | +----------------+------------+--------+------+---------------------+ | DelBcbRule | 0xC32C0108 | [44].8 | 3 | (STR Src, STR Dest, | | | | | | INT Tgt) | +----------------+------------+--------+------+---------------------+ | ListBcbRules | 0x832C0109 | [44].9 | 0 | () | +----------------+------------+--------+------+---------------------+ Table 6: BPSEC Controls 7.2. Control Specification 7.2.1. Overview This section lists the description, parameters, and reports generated for each Control specified in this ADM. The "DESCRIPTION" section lists the functional requirements of the Control when run on an Agent. The "PARAMETERS" section illustrates and describes the ordered set of data items provided to the Control, when run on the Agent. A parameterized Control is represented in the AMP by a MID Birrane Expires December 20, 2016 [Page 12] Internet-Draft BPSEC ADM June 2016 encapsulating a parameterized OID. OID parameters are captured as a Typed Data Collection (TDC). The TDC capturing these parameters is elided for clarity, as the TDC is only the container used to transmit the parameters between the Agent and Manager and not expected as input to the Control itself. The "REPORTS GENERATED" section describes the format of any Reports sent from the Agent to a Manager as a result of running the Control. This section ONLY describes Reports that are specific to the Control. Cases where policy requires Agents to send summary Reports when Controls either run or fail to run due to error, are not considered in this section as they are not specific to any one Control. Any Control summary reports should be as described in [AMP]. Reports generated on an Agent by a Control will either be directly sent to the Manager executing the Control or otherwise batched and send with other Reports destined for the receiving Manager. This behavior will be based on the policy associated with the AMP Agent and is not specified in this ADM. 7.2.2. BPSEC Controls 7.2.2.1. ResetAllCounts DESCRIPTION The ResetAllCounts control causes the Agent to reset all counts associated with block or byte statistics and to set the Last Reset Time of the BPSEC Primitive Data to the time when the control was run. All per-source counters will be cleared as will the listing of known sources into the BPSEC agent. PARAMETERS This control does not take any parameters. REPORTS GENERATED This control does not produce any reports. 7.2.2.2. ResetSrcCounts DESCRIPTION The ResetSrcCounts control causes the Agent to reset all counts (blocks and bytes) associated with a given bundle source and set the Last Reset Time of the source statistics to the time when the control was run. THe source will still be returned in any query of known sources, but its counters will be zero immediately after this call. Birrane Expires December 20, 2016 [Page 13] Internet-Draft BPSEC ADM June 2016 PARAMETERS This Control accepts 1 parameter as illustrated in Figure 2. +------------+ | Source EID | | [STR] | +------------+ Figure 2: ResetSrcCounts Parameters Where: Source EID = The EID of the source being queried. This MUST be an exact match to the source to query. Regular expressions and other wildcards are not allowed. REPORTS GENERATED This control does not produce any reports. 7.2.2.3. DelKey DESCRIPTION The DelKey control deletes a key from the BPSEC system. PARAMETERS This Control accepts 1 parameter as illustrated in Figure 3. +----------+ | Key Name | | [STR] | +----------+ Figure 3: DelKey Parameters Where: Key Name = The string name of the key being deleted. REPORTS GENERATED This control does not produce any reports. 7.2.2.4. AddKey DESCRIPTION The AddKey control adds a key to the BPSEC system. Birrane Expires December 20, 2016 [Page 14] Internet-Draft BPSEC ADM June 2016 PARAMETERS This Control accepts 2 parameter as illustrated in Figure 4. +----------+----------+ | Key Name | Key Data | | [STR] | [BLOB] | +----------+----------+ Figure 4: AddKey Parameters Where: Key Name = Is the string name used ot identify the key. This name is used to reference the key in BIB and BCB rules and to identify the key when it is deleted. Key Data = The binary value of the key. REPORTS GENERATED This control does not produce any reports. 7.2.2.5. AddBibRule DESCRIPTION The AddBibRule control configures policy on the BPSEC protocol implementation the describes how BIB blocks should be applied to bundles in the system. This policy is captured as a rule which states when transmitting a bunde from the given source EID to the given destination EID, blocks of type target should have a BIB added to them using the given ciphersuite and the given key. PARAMETERS This Control accepts 5 parameters as illustrated in Figure 5. +--------+-------+--------+----------------+----------+ | Source | Dest | Target | Ciphersuite ID | Key Name | | [STR] | [STR] | [INT] | [STR] | [STR] | +--------+-------+--------+----------------+----------+ Figure 5: AddBibRule Parameters Where: Source = The source EID associated with this rule. This EID may contain an exactly EID or an EID containing wildcard symbols. Birrane Expires December 20, 2016 [Page 15] Internet-Draft BPSEC ADM June 2016 The wildcard symbol * matches zero or more characters. The wildcard symbol ~, which may be used only by itself, indicates a match to all EIDs. Dest = The destination EID associated with this rule. This EID may contain an exactly EID or an EID containing wildcard symbols. The wildcard symbol * matches zero or more characters. The wildcard symbol ~, which may be used only by itself, indicates a match to all EIDs. Target = The block type to which this rule will apply. Ciphersuite ID = The name oft he ciphersuite to be used to populate the BIB. This ciphersuite MUST be known to the BPSEC protocol implementation being managed and be approved for use with BIB blocks. Key Name = The name of the key to be used to generate the BIB for this given target block. This key name MUST match the name of a key known to the BPSEC implementation, either from pre- configuration or through the use of the AddKey control. REPORTS GENERATED This control does not produce any reports. 7.2.2.6. DelBibRule DESCRIPTION The DelBibRule control removes any configured policy on the BPSEC protocol implementation the describes how BIB blocks should be applied to bundles in the system. A BIB policy is uniquely identified by a source EID, a destination EID, and a target block type. PARAMETERS This Control accepts 3 parameters as illustrated in Figure 6. +--------+-------+--------+ | Source | Dest | Target | | [STR] | [STR] | [INT] | +--------+-------+--------+ Figure 6: DelBibRule Parameters Birrane Expires December 20, 2016 [Page 16] Internet-Draft BPSEC ADM June 2016 Where: Source = The source EID associated with this rule. This string must syntactically match the configured source EID for the rule to be deleted. If the existing rule source EID contains a wildcard, this parameter must contain a wildcard. This control does not interpret EID name wildcards, it simply performs a string comparison. Dest = The destination EID associated with this rule. This string must syntactically match the configured destination EID for the rule to be deleted. If the existing rule destination EID contains a wildcard, this parameter must contain a wildcard. This control does not interpret EID name wildcards, it simply performs a string comparison. Target = The block type of the BIB rule to be deleted. REPORTS GENERATED This control does not produce any reports. 7.2.2.7. ListBibRules DESCRIPTION The ListBibRules control returns a table describing all of the BIB policy rules that are known to the BPSEC implementation. PARAMETERS This control takes no parameters. REPORTS GENERATED This control produces a table whose column structure is illustrated in Figure 7. +--------+-------+--------+----------------+----------+ | Source | Dest | Target | Ciphersuite ID | Key Name | | [STR] | [STR] | [INT] | [STR] | [STR] | +--------+-------+--------+----------------+----------+ Figure 7: ListBibRule Parameters Where: Source = The source EID associated with this rule. Birrane Expires December 20, 2016 [Page 17] Internet-Draft BPSEC ADM June 2016 Dest = The destination EID associated with this rule. Target = The block type of the BIB rule. Ciphersuite ID = The name of the ciphersuite. Key Name = The name of the key. 7.2.2.8. AddBcbRule DESCRIPTION The AddBcbRule control configures policy on the BPSEC protocol implementation the describes how BCB blocks should be applied to bundles in the system. This policy is captured as a rule which states when transmitting a bunde from the given source EID to the given destination EID, blocks of type target should have a BCB added to them using the given ciphersuite and the given key. PARAMETERS This Control accepts 5 parameters as illustrated in Figure 8. +--------+-------+--------+----------------+----------+ | Source | Dest | Target | Ciphersuite ID | Key Name | | [STR] | [STR] | [INT] | [STR] | [STR] | +--------+-------+--------+----------------+----------+ Figure 8: AddBcbRule Parameters Where: Source = The source EID associated with this rule. This EID may contain an exactly EID or an EID containing wildcard symbols. The wildcard symbol * matches zero or more characters. The wildcard symbol ~, which may be used only by itself, indicates a match to all EIDs. Dest = The destination EID associated with this rule. This EID may contain an exactly EID or an EID containing wildcard symbols. The wildcard symbol * matches zero or more characters. The wildcard symbol ~, which may be used only by itself, indicates a match to all EIDs. Birrane Expires December 20, 2016 [Page 18] Internet-Draft BPSEC ADM June 2016 Target = The block type to which this rule will apply. Ciphersuite ID = The name oft he ciphersuite to be used to populate the BCB. This ciphersuite MUST be known to the BPSEC protocol implementation being managed and be approved for use with BCB blocks. Key Name = The name of the key to be used to generate the BCB for this given target block. This key name MUST match the name of a key known to the BPSEC implementation, either from pre- configuration or through the use of the AddKey control. REPORTS GENERATED This control does not produce any reports. 7.2.2.9. DelBcbRule DESCRIPTION The DelBcbRule control removes any configured policy on the BPSEC protocol implementation the describes how BCB blocks should be applied to bundles in the system. A BCB policy is uniquely identified by a source EID, a destination EID, and a target block type. PARAMETERS This Control accepts 3 parameters as illustrated in Figure 9. +--------+-------+--------+ | Source | Dest | Target | | [STR] | [STR] | [INT] | +--------+-------+--------+ Figure 9: DelBcbRule Parameters Where: Source = The source EID associated with this rule. This string must syntactically match the configured source EID for the rule to be deleted. If the existing rule source EID contains a wildcard, this parameter must contain a wildcard. This control does not interpret EID name wildcards, it simply performs a string comparison. Dest = Birrane Expires December 20, 2016 [Page 19] Internet-Draft BPSEC ADM June 2016 The destination EID associated with this rule. This string must syntactically match the configured destination EID for the rule to be deleted. If the existing rule destination EID contains a wildcard, this parameter must contain a wildcard. This control does not interpret EID name wildcards, it simply performs a string comparison. Target = The block type of the BCB rule to be deleted. REPORTS GENERATED This control does not produce any reports. 7.2.2.10. ListBcbRules DESCRIPTION The ListBcbRules control returns a table describing all of the BCB policy rules that are known to the BPSEC implementation. PARAMETERS This control takes no parameters. REPORTS GENERATED This control produces a table whose column structure is illustrated in Figure 10. +--------+-------+--------+----------------+----------+ | Source | Dest | Target | Ciphersuite ID | Key Name | | [STR] | [STR] | [INT] | [STR] | [STR] | +--------+-------+--------+----------------+----------+ Figure 10: ListBcbRule Parameters Where: Source = The source EID associated with this rule. Dest = The destination EID associated with this rule. Target = The block type of the BCB rule. Ciphersuite ID = The name of the ciphersuite. Key Name = Birrane Expires December 20, 2016 [Page 20] Internet-Draft BPSEC ADM June 2016 The name of the key. 8. Literals The BPSEC ADM does not define any literals. 9. Macros The BPSEC ADM does not define any macros. 10. Operators The BPSEC ADM does not define any operators. 11. IANA Considerations At this time, this protocol has no fields registered by IANA. 12. References 12.1. Informative References [AMA] Birrane, E., "Asynchronous Management Architecture", draft-birrane-dtn-ama-00 (work in progress), August 2015. 12.2. Normative References [AMP] Birrane, E., "Asynchronous Management Protocol", draft- birrane-dtn-amp-00 (work in progress), August 2015. [BPSEC] Birrane, E., Mayer, J., and D. Iannicca, "Bundle Protocol Security", draft-ietf-dtn-bpsec-01 (work in progress), March 2016. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5050] Scott, K. and S. Burleigh, "Bundle Protocol Specification", RFC 5050, DOI 10.17487/RFC5050, November 2007, . [RFC6256] Eddy, W. and E. Davies, "Using Self-Delimiting Numeric Values in Protocols", RFC 6256, DOI 10.17487/RFC6256, May 2011, . Birrane Expires December 20, 2016 [Page 21] Internet-Draft BPSEC ADM June 2016 Author's Address Edward J. Birrane Johns Hopkins Applied Physics Laboratory Email: Edward.Birrane@jhuapl.edu Birrane Expires December 20, 2016 [Page 22]