RFC Errata
Found 2 records.
Status: Reported (2)
RFC 9172, "Bundle Protocol Security (BPSec)", January 2022
Source of RFC: dtn (int)
Errata ID: 7672
Status: Reported
Type: Technical
Publication Format(s) : TEXT, HTML
Reported By: Brian Sipos
Date Reported: 2023-10-10
Section 3.6 says:
Security Context Id: This field identifies the security context used to implement the security service represented by this block and applied to each security target. This field SHALL be represented by a CBOR unsigned integer. The values for this Id should come from the registry defined in Section 11.3.
It should say:
Security Context Id: This field identifies the security context used to implement the security service represented by this block and applied to each security target. This field SHALL be represented by a CBOR unsigned or negative integer. The values for this Id should come from the registry defined in Section 11.3.
Notes:
Per the IANA sub-registry in Section 11.3 the Context ID has "The value range: signed 16-bit integer." and negative values are reserved for private use, so the value can be either an unsigned or a negative integer.
Errata ID: 8312
Status: Reported
Type: Technical
Publication Format(s) : HTML
Reported By: Brian Sipos
Date Reported: 2025-02-24
Section 3.6 says:
/none/
It should say:
Any fields of the ASB, including the Security Source, MAY be treated as untrusted input for key material lookup in support of processing a security operation as a validator or acceptor. Any fields of the ASB SHALL NOT be used for making other decisions on a node unless they are covered as additional authenticated data by an successfully validated or accepted integrity or confidentiality operation on that node.
Notes:
There was no original text restricting how the fields of the ASB can be used by a node. This errata explicitly restricts untrusted inputs in the ASB from influencing node processing, including logic or telemetry based on the Security Source. The default security contexts of RFC 9173 do not yet have the possibility to include the Security Source as additional authenticated data.