File: rfc9172.html

package info (click to toggle)
doc-rfc 20230121-1
links: PTS, VCS
area: non-free
in suites: bookworm, forky, sid, trixie
size: 1,609,944 kB
file content (4088 lines) | stat: -rw-r--r-- 206,313 bytes
<!DOCTYPE html>
<html lang="en" class="RFC">
<head>
<meta charset="utf-8">
<meta content="Common,Latin" name="scripts">
<meta content="initial-scale=1.0" name="viewport">
<title>RFC 9172: Bundle Protocol Security (BPSec)</title>
<meta content="Edward J. Birrane, III" name="author">
<meta content="Kenneth McKeever" name="author">
<meta content="
       
      This document defines a security protocol providing data 
      integrity and confidentiality services for the Bundle Protocol (BP).
       
    " name="description">
<meta content="xml2rfc 3.12.0" name="generator">
<meta content="security" name="keyword">
<meta content="bundle" name="keyword">
<meta content="integrity" name="keyword">
<meta content="confidentiality" name="keyword">
<meta content="9172" name="rfc.number">
<!-- Generator version information:
  xml2rfc 3.12.0
    Python 3.6.15
    appdirs 1.4.4
    ConfigArgParse 1.4.1
    google-i18n-address 2.4.0
    html5lib 1.0.1
    intervaltree 3.0.2
    Jinja2 2.11.3
    kitchen 1.2.6
    lxml 4.4.2
    pycairo 1.15.1
    pycountry 19.8.18
    pyflakes 2.1.1
    PyYAML 5.4.1
    requests 2.24.0
    setuptools 40.5.0
    six 1.14.0
    WeasyPrint 52.5
-->
<link href="rfc9172.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license">
<style type="text/css">/*

  NOTE: Changes at the bottom of this file overrides some earlier settings.

  Once the style has stabilized and has been adopted as an official RFC style,
  this can be consolidated so that style settings occur only in one place, but
  for now the contents of this file consists first of the initial CSS work as
  provided to the RFC Formatter (xml2rfc) work, followed by itemized and
  commented changes found necssary during the development of the v3
  formatters.

*/

/* fonts */
@import url('https://fonts.googleapis.com/css?family=Noto+Sans'); /* Sans-serif */
@import url('https://fonts.googleapis.com/css?family=Noto+Serif'); /* Serif (print) */
@import url('https://fonts.googleapis.com/css?family=Roboto+Mono'); /* Monospace */

@viewport {
  zoom: 1.0;
  width: extend-to-zoom;
}
@-ms-viewport {
  width: extend-to-zoom;
  zoom: 1.0;
}
/* general and mobile first */
html {
}
body {
  max-width: 90%;
  margin: 1.5em auto;
  color: #222;
  background-color: #fff;
  font-size: 14px;
  font-family: 'Noto Sans', Arial, Helvetica, sans-serif;
  line-height: 1.6;
  scroll-behavior: smooth;
}
.ears {
  display: none;
}

/* headings */
#title, h1, h2, h3, h4, h5, h6 {
  margin: 1em 0 0.5em;
  font-weight: bold;
  line-height: 1.3;
}
#title {
  clear: both;
  border-bottom: 1px solid #ddd;
  margin: 0 0 0.5em 0;
  padding: 1em 0 0.5em;
}
.author {
  padding-bottom: 4px;
}
h1 {
  font-size: 26px;
  margin: 1em 0;
}
h2 {
  font-size: 22px;
  margin-top: -20px;  /* provide offset for in-page anchors */
  padding-top: 33px;
}
h3 {
  font-size: 18px;
  margin-top: -36px;  /* provide offset for in-page anchors */
  padding-top: 42px;
}
h4 {
  font-size: 16px;
  margin-top: -36px;  /* provide offset for in-page anchors */
  padding-top: 42px;
}
h5, h6 {
  font-size: 14px;
}
#n-copyright-notice {
  border-bottom: 1px solid #ddd;
  padding-bottom: 1em;
  margin-bottom: 1em;
}
/* general structure */
p {
  padding: 0;
  margin: 0 0 1em 0;
  text-align: left;
}
div, span {
  position: relative;
}
div {
  margin: 0;
}
.alignRight.art-text {
  background-color: #f9f9f9;
  border: 1px solid #eee;
  border-radius: 3px;
  padding: 1em 1em 0;
  margin-bottom: 1.5em;
}
.alignRight.art-text pre {
  padding: 0;
}
.alignRight {
  margin: 1em 0;
}
.alignRight > *:first-child {
  border: none;
  margin: 0;
  float: right;
  clear: both;
}
.alignRight > *:nth-child(2) {
  clear: both;
  display: block;
  border: none;
}
svg {
  display: block;
}
.alignCenter.art-text {
  background-color: #f9f9f9;
  border: 1px solid #eee;
  border-radius: 3px;
  padding: 1em 1em 0;
  margin-bottom: 1.5em;
}
.alignCenter.art-text pre {
  padding: 0;
}
.alignCenter {
  margin: 1em 0;
}
.alignCenter > *:first-child {
  border: none;
  /* this isn't optimal, but it's an existence proof.  PrinceXML doesn't
     support flexbox yet.
  */
  display: table;
  margin: 0 auto;
}

/* lists */
ol, ul {
  padding: 0;
  margin: 0 0 1em 2em;
}
ol ol, ul ul, ol ul, ul ol {
  margin-left: 1em;
}
li {
  margin: 0 0 0.25em 0;
}
.ulCompact li {
  margin: 0;
}
ul.empty, .ulEmpty {
  list-style-type: none;
}
ul.empty li, .ulEmpty li {
  margin-top: 0.5em;
}
ul.ulBare, li.ulBare {
  margin-left: 0em !important;
}
ul.compact, .ulCompact,
ol.compact, .olCompact {
  line-height: 100%;
  margin: 0 0 0 2em;
}

/* definition lists */
dl {
}
dl > dt {
  float: left;
  margin-right: 1em;
}
/* 
dl.nohang > dt {
  float: none;
}
*/
dl > dd {
  margin-bottom: .8em;
  min-height: 1.3em;
}
dl.compact > dd, .dlCompact > dd {
  margin-bottom: 0em;
}
dl > dd > dl {
  margin-top: 0.5em;
  margin-bottom: 0em;
}

/* links */
a {
  text-decoration: none;
}
a[href] {
  color: #22e; /* Arlen: WCAG 2019 */
}
a[href]:hover {
  background-color: #f2f2f2;
}
figcaption a[href],
a[href].selfRef {
  color: #222;
}
/* XXX probably not this:
a.selfRef:hover {
  background-color: transparent;
  cursor: default;
} */

/* Figures */
tt, code, pre, code {
  background-color: #f9f9f9;
  font-family: 'Roboto Mono', monospace;
}
pre {
  border: 1px solid #eee;
  margin: 0;
  padding: 1em;
}
img {
  max-width: 100%;
}
figure {
  margin: 0;
}
figure blockquote {
  margin: 0.8em 0.4em 0.4em;
}
figcaption {
  font-style: italic;
  margin: 0 0 1em 0;
}
@media screen {
  pre {
    overflow-x: auto;
    max-width: 100%;
    max-width: calc(100% - 22px);
  }
}

/* aside, blockquote */
aside, blockquote {
  margin-left: 0;
  padding: 1.2em 2em;
}
blockquote {
  background-color: #f9f9f9;
  color: #111; /* Arlen: WCAG 2019 */
  border: 1px solid #ddd;
  border-radius: 3px;
  margin: 1em 0;
}
cite {
  display: block;
  text-align: right;
  font-style: italic;
}

/* tables */
table {
  width: 100%;
  margin: 0 0 1em;
  border-collapse: collapse;
  border: 1px solid #eee;
}
th, td {
  text-align: left;
  vertical-align: top;
  padding: 0.5em 0.75em;
}
th {
  text-align: left;
  background-color: #e9e9e9;
}
tr:nth-child(2n+1) > td {
  background-color: #f5f5f5;
}
table caption {
  font-style: italic;
  margin: 0;
  padding: 0;
  text-align: left;
}
table p {
  /* XXX to avoid bottom margin on table row signifiers. If paragraphs should
     be allowed within tables more generally, it would be far better to select on a class. */
  margin: 0;
}

/* pilcrow */
a.pilcrow {
  color: #666; /* Arlen: AHDJ 2019 */
  text-decoration: none;
  visibility: hidden;
  user-select: none;
  -ms-user-select: none;
  -o-user-select:none;
  -moz-user-select: none;
  -khtml-user-select: none;
  -webkit-user-select: none;
  -webkit-touch-callout: none;
}
@media screen {
  aside:hover > a.pilcrow,
  p:hover > a.pilcrow,
  blockquote:hover > a.pilcrow,
  div:hover > a.pilcrow,
  li:hover > a.pilcrow,
  pre:hover > a.pilcrow {
    visibility: visible;
  }
  a.pilcrow:hover {
    background-color: transparent;
  }
}

/* misc */
hr {
  border: 0;
  border-top: 1px solid #eee;
}
.bcp14 {
  font-variant: small-caps;
}

.role {
  font-variant: all-small-caps;
}

/* info block */
#identifiers {
  margin: 0;
  font-size: 0.9em;
}
#identifiers dt {
  width: 3em;
  clear: left;
}
#identifiers dd {
  float: left;
  margin-bottom: 0;
}
/* Fix PDF info block run off issue */
@media print {
  #identifiers dd {
    float: none;
  }
}
#identifiers .authors .author {
  display: inline-block;
  margin-right: 1.5em;
}
#identifiers .authors .org {
  font-style: italic;
}

/* The prepared/rendered info at the very bottom of the page */
.docInfo {
  color: #666; /* Arlen: WCAG 2019 */
  font-size: 0.9em;
  font-style: italic;
  margin-top: 2em;
}
.docInfo .prepared {
  float: left;
}
.docInfo .prepared {
  float: right;
}

/* table of contents */
#toc  {
  padding: 0.75em 0 2em 0;
  margin-bottom: 1em;
}
nav.toc ul {
  margin: 0 0.5em 0 0;
  padding: 0;
  list-style: none;
}
nav.toc li {
  line-height: 1.3em;
  margin: 0.75em 0;
  padding-left: 1.2em;
  text-indent: -1.2em;
}
/* references */
.references dt {
  text-align: right;
  font-weight: bold;
  min-width: 7em;
}
.references dd {
  margin-left: 8em;
  overflow: auto;
}

.refInstance {
  margin-bottom: 1.25em;
}

.references .ascii {
  margin-bottom: 0.25em;
}

/* index */
.index ul {
  margin: 0 0 0 1em;
  padding: 0;
  list-style: none;
}
.index ul ul {
  margin: 0;
}
.index li {
  margin: 0;
  text-indent: -2em;
  padding-left: 2em;
  padding-bottom: 5px;
}
.indexIndex {
  margin: 0.5em 0 1em;
}
.index a {
  font-weight: 700;
}
/* make the index two-column on all but the smallest screens */
@media (min-width: 600px) {
  .index ul {
    -moz-column-count: 2;
    -moz-column-gap: 20px;
  }
  .index ul ul {
    -moz-column-count: 1;
    -moz-column-gap: 0;
  }
}

/* authors */
address.vcard {
  font-style: normal;
  margin: 1em 0;
}

address.vcard .nameRole {
  font-weight: 700;
  margin-left: 0;
}
address.vcard .label {
  font-family: "Noto Sans",Arial,Helvetica,sans-serif;
  margin: 0.5em 0;
}
address.vcard .type {
  display: none;
}
.alternative-contact {
  margin: 1.5em 0 1em;
}
hr.addr {
  border-top: 1px dashed;
  margin: 0;
  color: #ddd;
  max-width: calc(100% - 16px);
}

/* temporary notes */
.rfcEditorRemove::before {
  position: absolute;
  top: 0.2em;
  right: 0.2em;
  padding: 0.2em;
  content: "The RFC Editor will remove this note";
  color: #9e2a00; /* Arlen: WCAG 2019 */
  background-color: #ffd; /* Arlen: WCAG 2019 */
}
.rfcEditorRemove {
  position: relative;
  padding-top: 1.8em;
  background-color: #ffd; /* Arlen: WCAG 2019 */
  border-radius: 3px;
}
.cref {
  background-color: #ffd; /* Arlen: WCAG 2019 */
  padding: 2px 4px;
}
.crefSource {
  font-style: italic;
}
/* alternative layout for smaller screens */
@media screen and (max-width: 1023px) {
  body {
    padding-top: 2em;
  }
  #title {
    padding: 1em 0;
  }
  h1 {
    font-size: 24px;
  }
  h2 {
    font-size: 20px;
    margin-top: -18px;  /* provide offset for in-page anchors */
    padding-top: 38px;
  }
  #identifiers dd {
    max-width: 60%;
  }
  #toc {
    position: fixed;
    z-index: 2;
    top: 0;
    right: 0;
    padding: 0;
    margin: 0;
    background-color: inherit;
    border-bottom: 1px solid #ccc;
  }
  #toc h2 {
    margin: -1px 0 0 0;
    padding: 4px 0 4px 6px;
    padding-right: 1em;
    min-width: 190px;
    font-size: 1.1em;
    text-align: right;
    background-color: #444;
    color: white;
    cursor: pointer;
  }
  #toc h2::before { /* css hamburger */
    float: right;
    position: relative;
    width: 1em;
    height: 1px;
    left: -164px;
    margin: 6px 0 0 0;
    background: white none repeat scroll 0 0;
    box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
    content: "";
  }
  #toc nav {
    display: none;
    padding: 0.5em 1em 1em;
    overflow: auto;
    height: calc(100vh - 48px);
    border-left: 1px solid #ddd;
  }
}

/* alternative layout for wide screens */
@media screen and (min-width: 1024px) {
  body {
    max-width: 724px;
    margin: 42px auto;
    padding-left: 1.5em;
    padding-right: 29em;
  }
  #toc {
    position: fixed;
    top: 42px;
    right: 42px;
    width: 25%;
    margin: 0;
    padding: 0 1em;
    z-index: 1;
  }
  #toc h2 {
    border-top: none;
    border-bottom: 1px solid #ddd;
    font-size: 1em;
    font-weight: normal;
    margin: 0;
    padding: 0.25em 1em 1em 0;
  }
  #toc nav {
    display: block;
    height: calc(90vh - 84px);
    bottom: 0;
    padding: 0.5em 0 0;
    overflow: auto;
  }
  img { /* future proofing */
    max-width: 100%;
    height: auto;
  }
}

/* pagination */
@media print {
  body {

    width: 100%;
  }
  p {
    orphans: 3;
    widows: 3;
  }
  #n-copyright-notice {
    border-bottom: none;
  }
  #toc, #n-introduction {
    page-break-before: always;
  }
  #toc {
    border-top: none;
    padding-top: 0;
  }
  figure, pre {
    page-break-inside: avoid;
  }
  figure {
    overflow: scroll;
  }
  h1, h2, h3, h4, h5, h6 {
    page-break-after: avoid;
  }
  h2+*, h3+*, h4+*, h5+*, h6+* {
    page-break-before: avoid;
  }
  pre {
    white-space: pre-wrap;
    word-wrap: break-word;
    font-size: 10pt;
  }
  table {
    border: 1px solid #ddd;
  }
  td {
    border-top: 1px solid #ddd;
  }
}

/* This is commented out here, as the string-set: doesn't
   pass W3C validation currently */
/*
.ears thead .left {
  string-set: ears-top-left content();
}

.ears thead .center {
  string-set: ears-top-center content();
}

.ears thead .right {
  string-set: ears-top-right content();
}

.ears tfoot .left {
  string-set: ears-bottom-left content();
}

.ears tfoot .center {
  string-set: ears-bottom-center content();
}

.ears tfoot .right {
  string-set: ears-bottom-right content();
}
*/

@page :first {
  padding-top: 0;
  @top-left {
    content: normal;
    border: none;
  }
  @top-center {
    content: normal;
    border: none;
  }
  @top-right {
    content: normal;
    border: none;
  }
}

@page {
  size: A4;
  margin-bottom: 45mm;
  padding-top: 20px;
  /* The follwing is commented out here, but set appropriately by in code, as
     the content depends on the document */
  /*
  @top-left {
    content: 'Internet-Draft';
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @top-left {
    content: string(ears-top-left);
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @top-center {
    content: string(ears-top-center);
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @top-right {
    content: string(ears-top-right);
    vertical-align: bottom;
    border-bottom: solid 1px #ccc;
  }
  @bottom-left {
    content: string(ears-bottom-left);
    vertical-align: top;
    border-top: solid 1px #ccc;
  }
  @bottom-center {
    content: string(ears-bottom-center);
    vertical-align: top;
    border-top: solid 1px #ccc;
  }
  @bottom-right {
      content: '[Page ' counter(page) ']';
      vertical-align: top;
      border-top: solid 1px #ccc;
  }
  */

}

/* Changes introduced to fix issues found during implementation */
/* Make sure links are clickable even if overlapped by following H* */
a {
  z-index: 2;
}
/* Separate body from document info even without intervening H1 */
section {
  clear: both;
}


/* Top align author divs, to avoid names without organization dropping level with org names */
.author {
  vertical-align: top;
}

/* Leave room in document info to show Internet-Draft on one line */
#identifiers dt {
  width: 8em;
}

/* Don't waste quite as much whitespace between label and value in doc info */
#identifiers dd {
  margin-left: 1em;
}

/* Give floating toc a background color (needed when it's a div inside section */
#toc {
  background-color: white;
}

/* Make the collapsed ToC header render white on gray also when it's a link */
@media screen and (max-width: 1023px) {
  #toc h2 a,
  #toc h2 a:link,
  #toc h2 a:focus,
  #toc h2 a:hover,
  #toc a.toplink,
  #toc a.toplink:hover {
    color: white;
    background-color: #444;
    text-decoration: none;
  }
}

/* Give the bottom of the ToC some whitespace */
@media screen and (min-width: 1024px) {
  #toc {
    padding: 0 0 1em 1em;
  }
}

/* Style section numbers with more space between number and title */
.section-number {
  padding-right: 0.5em;
}

/* prevent monospace from becoming overly large */
tt, code, pre, code {
  font-size: 95%;
}

/* Fix the height/width aspect for ascii art*/
pre.sourcecode,
.art-text pre {
  line-height: 1.12;
}


/* Add styling for a link in the ToC that points to the top of the document */
a.toplink {
  float: right;
  margin-right: 0.5em;
}

/* Fix the dl styling to match the RFC 7992 attributes */
dl > dt,
dl.dlParallel > dt {
  float: left;
  margin-right: 1em;
}
dl.dlNewline > dt {
  float: none;
}

/* Provide styling for table cell text alignment */
table td.text-left,
table th.text-left {
  text-align: left;
}
table td.text-center,
table th.text-center {
  text-align: center;
}
table td.text-right,
table th.text-right {
  text-align: right;
}

/* Make the alternative author contact informatio look less like just another
   author, and group it closer with the primary author contact information */
.alternative-contact {
  margin: 0.5em 0 0.25em 0;
}
address .non-ascii {
  margin: 0 0 0 2em;
}

/* With it being possible to set tables with alignment
  left, center, and right, { width: 100%; } does not make sense */
table {
  width: auto;
}

/* Avoid reference text that sits in a block with very wide left margin,
   because of a long floating dt label.*/
.references dd {
  overflow: visible;
}

/* Control caption placement */
caption {
  caption-side: bottom;
}

/* Limit the width of the author address vcard, so names in right-to-left
   script don't end up on the other side of the page. */

address.vcard {
  max-width: 30em;
  margin-right: auto;
}

/* For address alignment dependent on LTR or RTL scripts */
address div.left {
  text-align: left;
}
address div.right {
  text-align: right;
}

/* Provide table alignment support.  We can't use the alignX classes above
   since they do unwanted things with caption and other styling. */
table.right {
 margin-left: auto;
 margin-right: 0;
}
table.center {
 margin-left: auto;
 margin-right: auto;
}
table.left {
 margin-left: 0;
 margin-right: auto;
}

/* Give the table caption label the same styling as the figcaption */
caption a[href] {
  color: #222;
}

@media print {
  .toplink {
    display: none;
  }

  /* avoid overwriting the top border line with the ToC header */
  #toc {
    padding-top: 1px;
  }

  /* Avoid page breaks inside dl and author address entries */
  .vcard {
    page-break-inside: avoid;
  }

}
/* Tweak the bcp14 keyword presentation */
.bcp14 {
  font-variant: small-caps;
  font-weight: bold;
  font-size: 0.9em;
}
/* Tweak the invisible space above H* in order not to overlay links in text above */
 h2 {
  margin-top: -18px;  /* provide offset for in-page anchors */
  padding-top: 31px;
 }
 h3 {
  margin-top: -18px;  /* provide offset for in-page anchors */
  padding-top: 24px;
 }
 h4 {
  margin-top: -18px;  /* provide offset for in-page anchors */
  padding-top: 24px;
 }
/* Float artwork pilcrow to the right */
@media screen {
  .artwork a.pilcrow {
    display: block;
    line-height: 0.7;
    margin-top: 0.15em;
  }
}
/* Make pilcrows on dd visible */
@media screen {
  dd:hover > a.pilcrow {
    visibility: visible;
  }
}
/* Make the placement of figcaption match that of a table's caption
   by removing the figure's added bottom margin */
.alignLeft.art-text,
.alignCenter.art-text,
.alignRight.art-text {
   margin-bottom: 0;
}
.alignLeft,
.alignCenter,
.alignRight {
  margin: 1em 0 0 0;
}
/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
   possibly even requiring a new line */
@media print {
  a.pilcrow {
    display: none;
  }
}
/* Styling for the external metadata */
div#external-metadata {
  background-color: #eee;
  padding: 0.5em;
  margin-bottom: 0.5em;
  display: none;
}
div#internal-metadata {
  padding: 0.5em;                       /* to match the external-metadata padding */
}
/* Styling for title RFC Number */
h1#rfcnum {
  clear: both;
  margin: 0 0 -1em;
  padding: 1em 0 0 0;
}
/* Make .olPercent look the same as <ol><li> */
dl.olPercent > dd {
  margin-bottom: 0.25em;
  min-height: initial;
}
/* Give aside some styling to set it apart */
aside {
  border-left: 1px solid #ddd;
  margin: 1em 0 1em 2em;
  padding: 0.2em 2em;
}
aside > dl,
aside > ol,
aside > ul,
aside > table,
aside > p {
  margin-bottom: 0.5em;
}
/* Additional page break settings */
@media print {
  figcaption, table caption {
    page-break-before: avoid;
  }
}
/* Font size adjustments for print */
@media print {
  body  { font-size: 10pt;      line-height: normal; max-width: 96%; }
  h1    { font-size: 1.72em;    padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
  h2    { font-size: 1.44em;    padding-top: 1.5em; } /* 1*1.2*1.2 */
  h3    { font-size: 1.2em;     padding-top: 1.5em; } /* 1*1.2 */
  h4    { font-size: 1em;       padding-top: 1.5em; }
  h5, h6 { font-size: 1em;      margin: initial; padding: 0.5em 0 0.3em; }
}
/* Sourcecode margin in print, when there's no pilcrow */
@media print {
  .artwork,
  .sourcecode {
    margin-bottom: 1em;
  }
}
/* Avoid narrow tables forcing too narrow table captions, which may render badly */
table {
  min-width: 20em;
}
/* ol type a */
ol.type-a { list-style-type: lower-alpha; }
ol.type-A { list-style-type: upper-alpha; }
ol.type-i { list-style-type: lower-roman; }
ol.type-I { list-style-type: lower-roman; }
/* Apply the print table and row borders in general, on request from the RPC,
and increase the contrast between border and odd row background sligthtly */
table {
  border: 1px solid #ddd;
}
td {
  border-top: 1px solid #ddd;
}
tr:nth-child(2n+1) > td {
  background-color: #f8f8f8;
}
/* Use style rules to govern display of the TOC. */
@media screen and (max-width: 1023px) {
  #toc nav { display: none; }
  #toc.active nav { display: block; }
}
/* Add support for keepWithNext */
.keepWithNext {
  break-after: avoid-page;
  break-after: avoid-page;
}
/* Add support for keepWithPrevious */
.keepWithPrevious {
  break-before: avoid-page;
}
/* Change the approach to avoiding breaks inside artwork etc. */
figure, pre, table, .artwork, .sourcecode  {
  break-before: auto;
  break-after: auto;
}
/* Avoid breaks between <dt> and <dd> */
dl {
  break-before: auto;
  break-inside: auto;
}
dt {
  break-before: auto;
  break-after: avoid-page;
}
dd {
  break-before: avoid-page;
  break-after: auto;
  orphans: 3;
  widows: 3
}
span.break, dd.break {
  margin-bottom: 0;
  min-height: 0;
  break-before: auto;
  break-inside: auto;
  break-after: auto;
}
/* Undo break-before ToC */
@media print {
  #toc {
    break-before: auto;
  }
}
/* Text in compact lists should not get extra bottim margin space,
   since that would makes the list not compact */
ul.compact p, .ulCompact p,
ol.compact p, .olCompact p {
 margin: 0;
}
/* But the list as a whole needs the extra space at the end */
section ul.compact,
section .ulCompact,
section ol.compact,
section .olCompact {
  margin-bottom: 1em;                    /* same as p not within ul.compact etc. */
}
/* The tt and code background above interferes with for instance table cell
   backgrounds.  Changed to something a bit more selective. */
tt, code {
  background-color: transparent;
}
p tt, p code, li tt, li code {
  background-color: #f8f8f8;
}
/* Tweak the pre margin -- 0px doesn't come out well */
pre {
   margin-top: 0.5px;
}
/* Tweak the comact list text */
ul.compact, .ulCompact,
ol.compact, .olCompact,
dl.compact, .dlCompact {
  line-height: normal;
}
/* Don't add top margin for nested lists */
li > ul, li > ol, li > dl,
dd > ul, dd > ol, dd > dl,
dl > dd > dl {
  margin-top: initial;
}
/* Elements that should not be rendered on the same line as a <dt> */
/* This should match the element list in writer.text.TextWriter.render_dl() */
dd > div.artwork:first-child,
dd > aside:first-child,
dd > figure:first-child,
dd > ol:first-child,
dd > div:first-child > pre.sourcecode,
dd > table:first-child,
dd > ul:first-child {
  clear: left;
}
/* fix for weird browser behaviour when <dd/> is empty */
dt+dd:empty::before{
  content: "\00a0";
}
/* Make paragraph spacing inside <li> smaller than in body text, to fit better within the list */
li > p {
  margin-bottom: 0.5em
}
/* Don't let p margin spill out from inside list items */
li > p:last-of-type {
  margin-bottom: 0;
}
</style>
<link href="rfc-local.css" rel="stylesheet" type="text/css">
<link href="https://dx.doi.org/10.17487/rfc9172" rel="alternate">
  <link href="urn:issn:2070-1721" rel="alternate">
  <link href="https://datatracker.ietf.org/doc/draft-ietf-dtn-bpsec-27" rel="prev">
  </head>
<body>
<script src="https://www.rfc-editor.org/js/metadata.min.js"></script>
<table class="ears">
<thead><tr>
<td class="left">RFC 9172</td>
<td class="center">Bundle Protocol Security (BPSec)</td>
<td class="right">January 2022</td>
</tr></thead>
<tfoot><tr>
<td class="left">Birrane, III &amp; McKeever</td>
<td class="center">Standards Track</td>
<td class="right">[Page]</td>
</tr></tfoot>
</table>
<div id="external-metadata" class="document-information"></div>
<div id="internal-metadata" class="document-information">
<dl id="identifiers">
<dt class="label-stream">Stream:</dt>
<dd class="stream">Internet Engineering Task Force (IETF)</dd>
<dt class="label-rfc">RFC:</dt>
<dd class="rfc"><a href="https://www.rfc-editor.org/rfc/rfc9172" class="eref">9172</a></dd>
<dt class="label-category">Category:</dt>
<dd class="category">Standards Track</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2022-01" class="published">January 2022</time>
    </dd>
<dt class="label-issn">ISSN:</dt>
<dd class="issn">2070-1721</dd>
<dt class="label-authors">Authors:</dt>
<dd class="authors">
<div class="author">
      <div class="author-name">E. Birrane, III</div>
<div class="org">JHU/APL</div>
</div>
<div class="author">
      <div class="author-name">K. McKeever</div>
<div class="org">JHU/APL</div>
</div>
</dd>
</dl>
</div>
<h1 id="rfcnum">RFC 9172</h1>
<h1 id="title">Bundle Protocol Security (BPSec)</h1>
<section id="section-abstract">
      <h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
<p id="section-abstract-1">
      This document defines a security protocol providing data 
      integrity and confidentiality services for the Bundle Protocol (BP).<a href="#section-abstract-1" class="pilcrow">¶</a></p>
</section>
<div id="status-of-memo">
<section id="section-boilerplate.1">
        <h2 id="name-status-of-this-memo">
<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
        </h2>
<p id="section-boilerplate.1-1">
            This is an Internet Standards Track document.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
<p id="section-boilerplate.1-2">
            This document is a product of the Internet Engineering Task Force
            (IETF).  It represents the consensus of the IETF community.  It has
            received public review and has been approved for publication by
            the Internet Engineering Steering Group (IESG).  Further
            information on Internet Standards is available in Section 2 of 
            RFC 7841.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
<p id="section-boilerplate.1-3">
            Information about the current status of this document, any
            errata, and how to provide feedback on it may be obtained at
            <span><a href="https://www.rfc-editor.org/info/rfc9172">https://www.rfc-editor.org/info/rfc9172</a></span>.<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
</section>
</div>
<div id="copyright">
<section id="section-boilerplate.2">
        <h2 id="name-copyright-notice">
<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
        </h2>
<p id="section-boilerplate.2-1">
            Copyright (c) 2022 IETF Trust and the persons identified as the
            document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
<p id="section-boilerplate.2-2">
            This document is subject to BCP 78 and the IETF Trust's Legal
            Provisions Relating to IETF Documents
            (<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
            publication of this document. Please review these documents
            carefully, as they describe your rights and restrictions with
            respect to this document. Code Components extracted from this
            document must include Revised BSD License text as described in
            Section 4.e of the Trust Legal Provisions and are provided without
            warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
</section>
</div>
<div id="toc">
<section id="section-toc.1">
        <a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
        </h2>
<nav class="toc"><ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
            <p id="section-toc.1-1.1.1"><a href="#section-1" class="xref">1</a>.  <a href="#name-introduction" class="xref">Introduction</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.1">
                <p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="xref">1.1</a>.  <a href="#name-supported-security-services" class="xref">Supported Security Services</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.2">
                <p id="section-toc.1-1.1.2.2.1" class="keepWithNext"><a href="#section-1.2" class="xref">1.2</a>.  <a href="#name-specification-scope" class="xref">Specification Scope</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.3">
                <p id="section-toc.1-1.1.2.3.1" class="keepWithNext"><a href="#section-1.3" class="xref">1.3</a>.  <a href="#name-related-documents" class="xref">Related Documents</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.4">
                <p id="section-toc.1-1.1.2.4.1"><a href="#section-1.4" class="xref">1.4</a>.  <a href="#name-terminology" class="xref">Terminology</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
            <p id="section-toc.1-1.2.1"><a href="#section-2" class="xref">2</a>.  <a href="#name-design-decisions" class="xref">Design Decisions</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2.2.1">
                <p id="section-toc.1-1.2.2.1.1"><a href="#section-2.1" class="xref">2.1</a>.  <a href="#name-block-level-granularity" class="xref">Block-Level Granularity</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2.2.2">
                <p id="section-toc.1-1.2.2.2.1"><a href="#section-2.2" class="xref">2.2</a>.  <a href="#name-multiple-security-sources" class="xref">Multiple Security Sources</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2.2.3">
                <p id="section-toc.1-1.2.2.3.1"><a href="#section-2.3" class="xref">2.3</a>.  <a href="#name-mixed-security-policy" class="xref">Mixed Security Policy</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2.2.4">
                <p id="section-toc.1-1.2.2.4.1"><a href="#section-2.4" class="xref">2.4</a>.  <a href="#name-user-defined-security-conte" class="xref">User-Defined Security Contexts</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2.2.5">
                <p id="section-toc.1-1.2.2.5.1"><a href="#section-2.5" class="xref">2.5</a>.  <a href="#name-deterministic-processing" class="xref">Deterministic Processing</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
            <p id="section-toc.1-1.3.1"><a href="#section-3" class="xref">3</a>.  <a href="#name-security-blocks" class="xref">Security Blocks</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.1">
                <p id="section-toc.1-1.3.2.1.1"><a href="#section-3.1" class="xref">3.1</a>.  <a href="#name-block-definitions" class="xref">Block Definitions</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2">
                <p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2" class="xref">3.2</a>.  <a href="#name-uniqueness" class="xref">Uniqueness</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3">
                <p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3" class="xref">3.3</a>.  <a href="#name-target-multiplicity" class="xref">Target Multiplicity</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4">
                <p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4" class="xref">3.4</a>.  <a href="#name-target-identification" class="xref">Target Identification</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.5">
                <p id="section-toc.1-1.3.2.5.1"><a href="#section-3.5" class="xref">3.5</a>.  <a href="#name-block-representation" class="xref">Block Representation</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.6">
                <p id="section-toc.1-1.3.2.6.1"><a href="#section-3.6" class="xref">3.6</a>.  <a href="#name-abstract-security-block" class="xref">Abstract Security Block</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.7">
                <p id="section-toc.1-1.3.2.7.1"><a href="#section-3.7" class="xref">3.7</a>.  <a href="#name-block-integrity-block" class="xref">Block Integrity Block</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.8">
                <p id="section-toc.1-1.3.2.8.1"><a href="#section-3.8" class="xref">3.8</a>.  <a href="#name-block-confidentiality-block" class="xref">Block Confidentiality Block</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.9">
                <p id="section-toc.1-1.3.2.9.1"><a href="#section-3.9" class="xref">3.9</a>.  <a href="#name-block-interactions" class="xref">Block Interactions</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.10">
                <p id="section-toc.1-1.3.2.10.1"><a href="#section-3.10" class="xref">3.10</a>. <a href="#name-parameter-and-result-identi" class="xref">Parameter and Result Identification</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.11">
                <p id="section-toc.1-1.3.2.11.1"><a href="#section-3.11" class="xref">3.11</a>. <a href="#name-bpsec-block-examples" class="xref">BPSec Block Examples</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.11.2.1">
                    <p id="section-toc.1-1.3.2.11.2.1.1"><a href="#section-3.11.1" class="xref">3.11.1</a>.  <a href="#name-example-1-constructing-a-bu" class="xref">Example 1: Constructing a Bundle with Security</a></p>
</li>
                  <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.11.2.2">
                    <p id="section-toc.1-1.3.2.11.2.2.1"><a href="#section-3.11.2" class="xref">3.11.2</a>.  <a href="#name-example-2-adding-more-secur" class="xref">Example 2: Adding More Security at a New Node</a></p>
</li>
                </ul>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
            <p id="section-toc.1-1.4.1"><a href="#section-4" class="xref">4</a>.  <a href="#name-canonical-forms" class="xref">Canonical Forms</a></p>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
            <p id="section-toc.1-1.5.1"><a href="#section-5" class="xref">5</a>.  <a href="#name-security-processing" class="xref">Security Processing</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.1">
                <p id="section-toc.1-1.5.2.1.1"><a href="#section-5.1" class="xref">5.1</a>.  <a href="#name-bundles-received-from-other" class="xref">Bundles Received from Other Nodes</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.1.2.1">
                    <p id="section-toc.1-1.5.2.1.2.1.1"><a href="#section-5.1.1" class="xref">5.1.1</a>.  <a href="#name-receiving-bcbs" class="xref">Receiving BCBs</a></p>
</li>
                  <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.1.2.2">
                    <p id="section-toc.1-1.5.2.1.2.2.1"><a href="#section-5.1.2" class="xref">5.1.2</a>.  <a href="#name-receiving-bibs" class="xref">Receiving BIBs</a></p>
</li>
                </ul>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.2">
                <p id="section-toc.1-1.5.2.2.1"><a href="#section-5.2" class="xref">5.2</a>.  <a href="#name-bundle-fragmentation-and-re" class="xref">Bundle Fragmentation and Reassembly</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
            <p id="section-toc.1-1.6.1"><a href="#section-6" class="xref">6</a>.  <a href="#name-key-management" class="xref">Key Management</a></p>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
            <p id="section-toc.1-1.7.1"><a href="#section-7" class="xref">7</a>.  <a href="#name-security-policy-considerati" class="xref">Security Policy Considerations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.1">
                <p id="section-toc.1-1.7.2.1.1"><a href="#section-7.1" class="xref">7.1</a>.  <a href="#name-security-reason-codes" class="xref">Security Reason Codes</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
            <p id="section-toc.1-1.8.1"><a href="#section-8" class="xref">8</a>.  <a href="#name-security-considerations" class="xref">Security Considerations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.1">
                <p id="section-toc.1-1.8.2.1.1"><a href="#section-8.1" class="xref">8.1</a>.  <a href="#name-attacker-capabilities-and-o" class="xref">Attacker Capabilities and Objectives</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2">
                <p id="section-toc.1-1.8.2.2.1"><a href="#section-8.2" class="xref">8.2</a>.  <a href="#name-attacker-behaviors-and-bpse" class="xref">Attacker Behaviors and BPSec Mitigations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2.2.1">
                    <p id="section-toc.1-1.8.2.2.2.1.1"><a href="#section-8.2.1" class="xref">8.2.1</a>.  <a href="#name-eavesdropping-attacks" class="xref">Eavesdropping Attacks</a></p>
</li>
                  <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2.2.2">
                    <p id="section-toc.1-1.8.2.2.2.2.1"><a href="#section-8.2.2" class="xref">8.2.2</a>.  <a href="#name-modification-attacks" class="xref">Modification Attacks</a></p>
</li>
                  <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2.2.3">
                    <p id="section-toc.1-1.8.2.2.2.3.1"><a href="#section-8.2.3" class="xref">8.2.3</a>.  <a href="#name-topology-attacks" class="xref">Topology Attacks</a></p>
</li>
                  <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2.2.4">
                    <p id="section-toc.1-1.8.2.2.2.4.1"><a href="#section-8.2.4" class="xref">8.2.4</a>.  <a href="#name-message-injection" class="xref">Message Injection</a></p>
</li>
                </ul>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
            <p id="section-toc.1-1.9.1"><a href="#section-9" class="xref">9</a>.  <a href="#name-security-context-considerat" class="xref">Security Context Considerations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9.2.1">
                <p id="section-toc.1-1.9.2.1.1"><a href="#section-9.1" class="xref">9.1</a>.  <a href="#name-mandating-security-contexts" class="xref">Mandating Security Contexts</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9.2.2">
                <p id="section-toc.1-1.9.2.2.1"><a href="#section-9.2" class="xref">9.2</a>.  <a href="#name-identification-and-configur" class="xref">Identification and Configuration</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9.2.3">
                <p id="section-toc.1-1.9.2.3.1"><a href="#section-9.3" class="xref">9.3</a>.  <a href="#name-authorship" class="xref">Authorship</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
            <p id="section-toc.1-1.10.1"><a href="#section-10" class="xref">10</a>. <a href="#name-defining-other-security-blo" class="xref">Defining Other Security Blocks</a></p>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11">
            <p id="section-toc.1-1.11.1"><a href="#section-11" class="xref">11</a>. <a href="#name-iana-considerations" class="xref">IANA Considerations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.1">
                <p id="section-toc.1-1.11.2.1.1"><a href="#section-11.1" class="xref">11.1</a>.  <a href="#name-bundle-block-types" class="xref">Bundle Block Types</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.2">
                <p id="section-toc.1-1.11.2.2.1"><a href="#section-11.2" class="xref">11.2</a>.  <a href="#name-bundle-status-report-reason" class="xref">Bundle Status Report Reason Codes</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11.2.3">
                <p id="section-toc.1-1.11.2.3.1"><a href="#section-11.3" class="xref">11.3</a>.  <a href="#name-security-context-identifier" class="xref">Security Context Identifiers</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12">
            <p id="section-toc.1-1.12.1"><a href="#section-12" class="xref">12</a>. <a href="#name-references" class="xref">References</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12.2.1">
                <p id="section-toc.1-1.12.2.1.1"><a href="#section-12.1" class="xref">12.1</a>.  <a href="#name-normative-references" class="xref">Normative References</a></p>
</li>
              <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12.2.2">
                <p id="section-toc.1-1.12.2.2.1"><a href="#section-12.2" class="xref">12.2</a>.  <a href="#name-informative-references" class="xref">Informative References</a></p>
</li>
            </ul>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.13">
            <p id="section-toc.1-1.13.1"><a href="#appendix-A" class="xref"></a><a href="#name-acknowledgments" class="xref">Acknowledgments</a></p>
</li>
          <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14">
            <p id="section-toc.1-1.14.1"><a href="#appendix-B" class="xref"></a><a href="#name-authors-addresses" class="xref">Authors' Addresses</a></p>
</li>
        </ul>
</nav>
</section>
</div>
<div id="intro">
<section id="section-1">
      <h2 id="name-introduction">
<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
      </h2>
<p id="section-1-1">
      This document defines security features for the Bundle Protocol 
      (BP) <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> and is intended for use
      in Delay-Tolerant Networking (DTN) to provide security 
      services between a security source and a security acceptor. When the 
      security source is the bundle source and the security acceptor is
      the bundle destination, the security service provides end-to-end 
      protection.<a href="#section-1-1" class="pilcrow">¶</a></p>
<p id="section-1-2">
      The Bundle Protocol specification <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> 
      defines DTN as referring to "a network architecture providing 
      communications in and/or through highly stressed environments" 
      where "BP may be viewed as sitting at the application layer of some 
      number of constituent networks, forming a store-carry-forward 
      overlay network". The phrase "stressed environment" refers to multiple 
      challenging conditions including intermittent connectivity, large 
      and/or variable delays, asymmetric data rates, and high bit error 
      rates.<a href="#section-1-2" class="pilcrow">¶</a></p>
<p id="section-1-3">
   It should be presumed that the BP will be deployed in an untrusted 
   network, which poses the usual security challenges
   related to confidentiality and integrity. However, the stressed nature of the BP
      operating environment imposes unique conditions where usual transport 
      security mechanisms may not be sufficient. For example, the 
      store-carry-forward nature of the network may require protecting 
      data at rest, preventing unauthorized consumption of critical 
      resources such as storage space, and operating without regular 
      contact with a centralized security oracle (such as a certificate 
      authority).<a href="#section-1-3" class="pilcrow">¶</a></p>
<p id="section-1-4">
      An end-to-end security service that operates in all of the
      environments where the BP operates is needed.<a href="#section-1-4" class="pilcrow">¶</a></p>
<div id="sup_sec_svc">
<section id="section-1.1">
        <h3 id="name-supported-security-services">
<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-supported-security-services" class="section-name selfRef">Supported Security Services</a>
        </h3>
<p id="section-1.1-1">
         BPSec provides integrity and confidentiality 
         services for BP bundles, as defined in this section.<a href="#section-1.1-1" class="pilcrow">¶</a></p>
<p id="section-1.1-2">
         Integrity services ensure that changes to target data 
         within a bundle can be discovered. Data changes 
         may be caused by processing errors, environmental conditions,
         or intentional manipulation. In the context of BPSec, integrity
         services apply to plaintext in the bundle.<a href="#section-1.1-2" class="pilcrow">¶</a></p>
<p id="section-1.1-3">
         Confidentiality services ensure that target data is unintelligible
         to nodes in DTN, except for authorized nodes possessing 
         special information. Generally, this means producing ciphertext from
         plaintext and generating authentication information for that
         ciphertext. In this context, confidentiality applies 
         to the contents of target data and does not extend to hiding 
         the fact that confidentiality exists in the bundle.<a href="#section-1.1-3" class="pilcrow">¶</a></p>
<p id="section-1.1-4">
         NOTE: Hop-by-hop authentication is NOT a supported security service
         in this specification, for two reasons:<a href="#section-1.1-4" class="pilcrow">¶</a></p>
<ol start="1" type="1" class="normal type-1" id="section-1.1-5">
<li id="section-1.1-5.1">
               The term "hop-by-hop" is ambiguous in a BP overlay, as nodes 
               that are adjacent in the overlay may not be adjacent in 
               physical connectivity. This condition is difficult or 
               impossible to detect; therefore, hop-by-hop authentication is 
               difficult or impossible to enforce.<a href="#section-1.1-5.1" class="pilcrow">¶</a>
</li>
          <li id="section-1.1-5.2">                   
               Hop-by-hop authentication cannot be deployed in a network if adjacent 
               nodes in the network have incompatible security capabilities.<a href="#section-1.1-5.2" class="pilcrow">¶</a>
</li>
        </ol>
</section>
</div>
<section id="section-1.2">
        <h3 id="name-specification-scope">
<a href="#section-1.2" class="section-number selfRef">1.2. </a><a href="#name-specification-scope" class="section-name selfRef">Specification Scope</a>
        </h3>
<p id="section-1.2-1">
         This document defines the security services provided by the BPSec. 
         This includes the data specification for representing these 
         services as BP extension blocks and the rules for adding, 
         removing, and processing these blocks at various points during 
         the bundle's traversal of a delay-tolerant network.<a href="#section-1.2-1" class="pilcrow">¶</a></p>
<p id="section-1.2-2">
         BPSec addresses only the security of data traveling over the
         DTN, not the underlying DTN itself. Furthermore, while the BPSec 
         protocol can provide security-at-rest in a store-carry-forward
         network, it does not address threats that share computing resources 
         with the DTN and/or BPSec software implementations.  These threats 
         may be malicious software or compromised libraries that intend 
         to intercept data or recover cryptographic material. Here, it is 
         the responsibility of the BPSec implementer to ensure that any 
         cryptographic material, including shared secrets or private keys, 
         is protected against access within both memory and storage devices.<a href="#section-1.2-2" class="pilcrow">¶</a></p>
<p id="section-1.2-3">
         Completely trusted networks are extremely uncommon. Among
         untrusted networks, different networking conditions and
         operational considerations require security mechanisms of
         varying strengths. 
   Mandating a single security context, which is a set of assumptions, 
   algorithms, configurations, and policies used to implement security 
   services, may result in too much security for some networks and too 
   little security in others. Default security contexts are 
   defined in <span>[<a href="#RFC9173" class="xref">RFC9173</a>]</span> to provide basic security services for 
   interoperability testing and for operational use on the terrestrial   
   Internet. It is expected that separate documents will define 
   different security contexts for use in different networks.<a href="#section-1.2-3" class="pilcrow">¶</a></p>
<p id="section-1.2-4">
         This specification addresses neither the fitness of 
         externally defined cryptographic methods nor the security of 
         their implementation.<a href="#section-1.2-4" class="pilcrow">¶</a></p>
<p id="section-1.2-5">
         This specification does not address the implementation of 
         security policies and does not provide a security policy for the 
         BPSec.  Similar to cipher suites, security policies are based on 
         the nature and capabilities of individual networks and network 
         operational concepts. This specification does provide policy considerations that 
         can be taken into account when building a security policy.<a href="#section-1.2-5" class="pilcrow">¶</a></p>
<p id="section-1.2-6">
         With the exception of the Bundle Protocol, this specification 
         does not address how to combine the BPSec security blocks with 
         other protocols, other BP extension blocks, or other best 
         practices to achieve security in any particular network 
         implementation.<a href="#section-1.2-6" class="pilcrow">¶</a></p>
</section>
<div id="reldoc">
<section id="section-1.3">
        <h3 id="name-related-documents">
<a href="#section-1.3" class="section-number selfRef">1.3. </a><a href="#name-related-documents" class="section-name selfRef">Related Documents</a>
        </h3>
<p id="section-1.3-1">
         This document is best read and understood within the context of 
         the following other DTN documents:<a href="#section-1.3-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-1.3-2.1">"<a href="#RFC4838" class="xref">Delay-Tolerant Networking Architecture</a>" <span>[<a href="#RFC4838" class="xref">RFC4838</a>]</span> 
         defines the architecture for DTN and identifies certain security 
         assumptions made by existing Internet protocols that are not valid in
         DTN.<a href="#section-1.3-2.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-1.3-2.2">
         "<a href="#RFC9171" class="xref">Bundle Protocol Version 7</a>" <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> defines 
         the format and processing of bundles, the extension 
         block format used to represent BPSec security blocks, and 
         the canonical block structure used by this specification.<a href="#section-1.3-2.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-1.3-2.3">
         "<a href="#RFC8949" class="xref">Concise Binary Object Representation (CBOR)</a>" <span>[<a href="#RFC8949" class="xref">RFC8949</a>]</span>
         defines a data format that allows for small code size, fairly small
         message size, and extensibility  without version negotiation. The
         block-type-specific data associated with BPSec security blocks is encoded
         in this data format.<a href="#section-1.3-2.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-1.3-2.4">
         "<a href="#RFC6257" class="xref">Bundle Security Protocol Specification</a>" <span>[<a href="#RFC6257" class="xref">RFC6257</a>]</span>
         introduces the
         concept of using BP extension blocks for security services
         in DTN. BPSec is a continuation and refinement of this 
         document.<a href="#section-1.3-2.4" class="pilcrow">¶</a>
</li>
        </ul>
</section>
</div>
<div id="term">
<section id="section-1.4">
        <h3 id="name-terminology">
<a href="#section-1.4" class="section-number selfRef">1.4. </a><a href="#name-terminology" class="section-name selfRef">Terminology</a>
        </h3>
<p id="section-1.4-1">
         The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
         "<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
         described in BCP 14 <span>[<a href="#RFC2119" class="xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="xref">RFC8174</a>]</span> when, and only when, they
         appear in all capitals, as shown here.<a href="#section-1.4-1" class="pilcrow">¶</a></p>
<p id="section-1.4-2">
         This section defines terminology that either is unique to the BPSec or 
         is necessary for understanding the concepts defined in 
         this specification.<a href="#section-1.4-2" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-1.4-3">
          <dt id="section-1.4-3.1">Bundle Destination:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.2">the Bundle Protocol Agent (BPA) 
          that receives a bundle and delivers the payload of the bundle 
          to an Application Agent.  Also, an endpoint comprising the 
          node(s) at which the bundle is to be delivered. The bundle 
          destination acts as the security acceptor for every security 
          target in every security block in every bundle it receives.<a href="#section-1.4-3.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.3">Bundle Source:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.4">the BPA that originates a
          bundle. Also, any node ID of the node of which the BPA is a 
          component.<a href="#section-1.4-3.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.5">Cipher Suite:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.6">a set of one or more algorithms
          providing integrity and/or confidentiality services. Cipher
          suites may define user parameters (e.g., secret keys to
          use), but they do not provide values for those parameters.<a href="#section-1.4-3.6" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.7">Forwarder:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.8">any BPA that transmits a bundle in
          DTN. Also, any node ID of the node of which the BPA that 
          sent the bundle on its most recent hop is a component.<a href="#section-1.4-3.8" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.9">Intermediate Receiver, Waypoint, or Next
          Hop:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.10">any BPA that receives a bundle from a
          forwarder that is not the bundle destination. Also, any node
          ID of the node of which the BPA is a component.<a href="#section-1.4-3.10" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.11">Path:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.12">the ordered sequence of nodes through
          which a bundle passes on its way from source to
          destination. The path is not necessarily known in advance by
          the bundle or any BPAs in DTN.<a href="#section-1.4-3.12" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.13">Security Acceptor:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.14">a BPA that processes
          and dispositions one or more security blocks in a bundle. 
          Security acceptors act as the endpoint of a security service 
          represented in a security block. They remove the security 
          blocks they act upon as part of processing and disposition. 
          Also, any node ID of the node of which the BPA is a component.<a href="#section-1.4-3.14" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.15">Security Block:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.16">a BPSec extension block in a
          bundle.<a href="#section-1.4-3.16" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.17">Security Context:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.18">the set of assumptions,
          algorithms, configurations, and policies used to implement
          security services.<a href="#section-1.4-3.18" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.19">Security Operation:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.20">the application of a given
          security service to a security target, notated as
          OP(security service, security target). For example,
          OP(bcb-confidentiality, payload).  Every security operation
          in a bundle <span class="bcp14">MUST</span> be unique, meaning that a
          given security service can only be applied to a security
          target once in a bundle. A security operation is implemented
          by a security block.<a href="#section-1.4-3.20" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.21">Security Service:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.22">a process that gives some
          protection to a security target. For example, this
          specification defines security services for plaintext
          integrity (bib-integrity) and authenticated plaintext
          confidentiality with additional authenticated data
          (bcb-confidentiality).<a href="#section-1.4-3.22" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.23">Security Source:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.24">a BPA that adds a
          security block to a bundle. Also, any node ID of the node
          of which the BPA is a component.<a href="#section-1.4-3.24" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.25">Security Target:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.26">the block within a bundle that
          receives a security service as part of a security operation.<a href="#section-1.4-3.26" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-1.4-3.27">Security Verifier:</dt>
          <dd style="margin-left: 1.5em" id="section-1.4-3.28">a BPA that verifies
          the data integrity of one or more security blocks in a bundle. 
          Unlike security acceptors, security verifiers do not act as 
          the endpoint of a security service, and they do not remove 
          verified security blocks. Also, any node ID of the node of 
          which the BPA is a component.<a href="#section-1.4-3.28" class="pilcrow">¶</a>
</dd>
        <dd class="break"></dd>
</dl>
</section>
</div>
</section>
</div>
<section id="section-2">
      <h2 id="name-design-decisions">
<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-design-decisions" class="section-name selfRef">Design Decisions</a>
      </h2>
<p id="section-2-1">
      The application of security services in DTN is a complex endeavor
      that must consider physical properties of the network (such as connectivity and
      propagation times), policies at
      each node, application security requirements, and current and future 
      threat environments. This section 
      identifies those desirable properties that guide design decisions for
      this specification and that are necessary for understanding the format and
      behavior of the BPSec protocol.<a href="#section-2-1" class="pilcrow">¶</a></p>
<section id="section-2.1">
        <h3 id="name-block-level-granularity">
<a href="#section-2.1" class="section-number selfRef">2.1. </a><a href="#name-block-level-granularity" class="section-name selfRef">Block-Level Granularity</a>
        </h3>
<p id="section-2.1-1">
         Security services within this specification must allow different 
         blocks within a bundle to have different security services 
         applied to them.<a href="#section-2.1-1" class="pilcrow">¶</a></p>
<p id="section-2.1-2">
         Blocks within a bundle represent different types of information. The
         primary block contains identification and routing information. The
         payload block carries application data. Extension blocks carry a
         variety of data that may augment or annotate the payload or that 
         otherwise provide information necessary for the proper processing
         of a bundle along a path. Therefore, applying a single level and 
         type of security across an entire bundle
         fails to recognize that blocks in a bundle represent different
         types of information with different security needs.<a href="#section-2.1-2" class="pilcrow">¶</a></p>
<p id="section-2.1-3">
         For example, a payload block might be encrypted to
         protect its contents and an extension block containing 
         summary information related to the payload might be integrity 
         signed but unencrypted to provide waypoints access
         to payload-related data without providing access to the payload.<a href="#section-2.1-3" class="pilcrow">¶</a></p>
</section>
<section id="section-2.2">
        <h3 id="name-multiple-security-sources">
<a href="#section-2.2" class="section-number selfRef">2.2. </a><a href="#name-multiple-security-sources" class="section-name selfRef">Multiple Security Sources</a>
        </h3>
<p id="section-2.2-1">
         A bundle can have multiple security blocks, and these blocks can
         have different security sources. BPSec implementations <span class="bcp14">MUST NOT</span> assume that all blocks in a bundle have the same security
         operations applied to them.<a href="#section-2.2-1" class="pilcrow">¶</a></p>
<p id="section-2.2-2">
         The Bundle Protocol allows extension blocks to be added to a bundle
         at any time during its existence in DTN. When a waypoint
         adds a new extension block to a bundle, that extension block
         <span class="bcp14">MAY</span> have security services applied to it by that waypoint. Similarly, 
         a waypoint <span class="bcp14">MAY</span> add a security service to an existing 
         block, consistent with its security policy.<a href="#section-2.2-2" class="pilcrow">¶</a></p>
<p id="section-2.2-3">
         When a waypoint adds a security service to the bundle, the waypoint
         is the security source for that service. The security block(s) 
         that represent that service in the bundle may need to record this
         security source, as the bundle destination might need this information
         for processing.<a href="#section-2.2-3" class="pilcrow">¶</a></p>
<p id="section-2.2-4">
         For example, a bundle source may choose to apply an integrity service 
         to its plaintext payload. Later a waypoint node, representing a 
         gateway to another portion of the delay-tolerant network, may receive the bundle and 
         choose to apply a confidentiality service. In this case, the 
         integrity security source is the bundle source and the 
         confidentiality security source is the waypoint node.<a href="#section-2.2-4" class="pilcrow">¶</a></p>
<p id="section-2.2-5">
         In cases where the security source and security acceptor are not the
         bundle source and bundle destination, respectively, it is possible that the bundle
         will reach the bundle destination prior to reaching a security
         acceptor. In cases where this may be a practical problem, it is
         recommended that solutions such as bundle encapsulation be
         used to ensure that a bundle be delivered to a security acceptor
         prior to being delivered to the bundle destination. Generally,
         if a bundle reaches a waypoint that has the appropriate configuration
         and policy to act as a security acceptor for a security service in 
         the bundle, then the waypoint should act as that security acceptor.<a href="#section-2.2-5" class="pilcrow">¶</a></p>
</section>
<section id="section-2.3">
        <h3 id="name-mixed-security-policy">
<a href="#section-2.3" class="section-number selfRef">2.3. </a><a href="#name-mixed-security-policy" class="section-name selfRef">Mixed Security Policy</a>
        </h3>
<p id="section-2.3-1">
         The security policy enforced by nodes in the delay-tolerant network may differ.<a href="#section-2.3-1" class="pilcrow">¶</a></p>
<p id="section-2.3-2">
   Some waypoints will have security policies that require the waypoint 
   to evaluate security services even if the waypoint is neither the 
   bundle destination nor the final intended acceptor of the service. 
         For example, a waypoint could choose to
         verify an integrity service even though the waypoint is not
         the bundle destination and the integrity service will be needed
         by other nodes along the bundle's path.<a href="#section-2.3-2" class="pilcrow">¶</a></p>
<p id="section-2.3-3">
         Some waypoints will determine, through policy, that they are the
         intended recipient of the security service and will terminate the 
         security service in the bundle.  For example, a gateway node could
         determine that, even though it is not the destination of the bundle, 
         it should verify and remove a particular integrity service or 
         attempt to decrypt a confidentiality service, before forwarding the
         bundle along its path.<a href="#section-2.3-3" class="pilcrow">¶</a></p>
<p id="section-2.3-4">
         Some waypoints could understand security blocks but refuse to 
         process them unless they are the bundle destination.<a href="#section-2.3-4" class="pilcrow">¶</a></p>
</section>
<section id="section-2.4">
        <h3 id="name-user-defined-security-conte">
<a href="#section-2.4" class="section-number selfRef">2.4. </a><a href="#name-user-defined-security-conte" class="section-name selfRef">User-Defined Security Contexts</a>
        </h3>
<p id="section-2.4-1">
         A security context is the set of assumptions, algorithms, configurations, 
      and policies used to implement security services. Different contexts may specify different 
         algorithms, different polices, or different configuration values used 
         in the implementation of their security services. BPSec provides 
         a mechanism to define security contexts. Users may select from 
         registered security contexts and customize those contexts through
         security context parameters.<a href="#section-2.4-1" class="pilcrow">¶</a></p>
<p id="section-2.4-2">
         For example, some users might prefer a 
         SHA2 hash function for integrity, whereas other users might prefer a
         SHA3 hash function. Providing either separate security contexts or a single,
         parameterized security context allows users flexibility in applying
         the desired cipher suite, policy, and configuration when populating
         a security block.<a href="#section-2.4-2" class="pilcrow">¶</a></p>
</section>
<section id="section-2.5">
        <h3 id="name-deterministic-processing">
<a href="#section-2.5" class="section-number selfRef">2.5. </a><a href="#name-deterministic-processing" class="section-name selfRef">Deterministic Processing</a>
        </h3>
<p id="section-2.5-1">
         Whenever a node determines that it must process more than one
         security block in a received bundle (either because the policy
         at a waypoint states that it should process security blocks or
         because the node is the bundle destination), the order in which 
         security blocks are processed must be deterministic. All nodes
         must impose this same deterministic processing order for all 
         security blocks. This specification provides
         determinism in the application and evaluation of security 
         services, even when doing so results in a loss of flexibility.<a href="#section-2.5-1" class="pilcrow">¶</a></p>
</section>
</section>
<div id="sec_blocks">
<section id="section-3">
      <h2 id="name-security-blocks">
<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-security-blocks" class="section-name selfRef">Security Blocks</a>
      </h2>
<div id="sec_blocks_def">
<section id="section-3.1">
        <h3 id="name-block-definitions">
<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-block-definitions" class="section-name selfRef">Block Definitions</a>
        </h3>
<p id="section-3.1-1">
         This specification defines two types of security block: the Block
         Integrity Block (BIB) and the Block Confidentiality Block (BCB).<a href="#section-3.1-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.1-2.1">
               The BIB is used to ensure the integrity of its plaintext 
               security target(s). The integrity information in the BIB <span class="bcp14">MAY</span> be
               verified by any node along the bundle path from the BIB 
               security source to the bundle destination. Waypoints add or remove BIBs from bundles in accordance with 
               their security policy. BIBs are never used for integrity protection 
               of the ciphertext provided by a BCB. Because security policy at
               BPSec nodes may differ regarding integrity verification, BIBs do not 
               guarantee hop-by-hop authentication, as discussed in <a href="#sup_sec_svc" class="xref">Section 1.1</a>.<a href="#section-3.1-2.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.1-2.2">
               The BCB indicates that the security target or targets have been 
               encrypted at the BCB security source in order to protect their 
               content while in transit. As a matter of security policy, the BCB is decrypted by security acceptor
               nodes in the network, up to and including the bundle 
               destination. BCBs additionally 
               provide integrity-protection mechanisms for the ciphertext they 
               generate.<a href="#section-3.1-2.2" class="pilcrow">¶</a>
</li>
        </ul>
</section>
</div>
<div id="sec_blocks_uni">
<section id="section-3.2">
        <h3 id="name-uniqueness">
<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-uniqueness" class="section-name selfRef">Uniqueness</a>
        </h3>
<p id="section-3.2-1">
         Security operations in a bundle <span class="bcp14">MUST</span> be unique; the same security 
         service <span class="bcp14">MUST NOT</span> be applied to a security target more than once in a 
         bundle. Since a security operation is represented by a security 
         block, this means that multiple security blocks of the same type cannot 
         share the same security targets. A new security block <span class="bcp14">MUST NOT</span> be added 
         to a bundle if a preexisting security block of the same type is 
         already defined for the security target of the new security block.<a href="#section-3.2-1" class="pilcrow">¶</a></p>
<p id="section-3.2-2">
         This uniqueness requirement ensures that there is no ambiguity related
         to the order in which security blocks are processed or how security policy
         can be specified to require certain security services be present in a
         bundle.<a href="#section-3.2-2" class="pilcrow">¶</a></p>
<p id="section-3.2-3">
         Using the notation OP(service, target), several examples illustrate 
         this uniqueness requirement.<a href="#section-3.2-3" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.2-4">
          <dt id="section-3.2-4.1">Signing the payload twice:</dt>
          <dd style="margin-left: 1.5em" id="section-3.2-4.2">The two operations OP(bib-integrity, 
               payload) and OP(bib-integrity, payload) are redundant and <span class="bcp14">MUST NOT</span> 
               both be present in the same bundle at the same time.<a href="#section-3.2-4.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-3.2-4.3">Signing different blocks:</dt>
          <dd style="margin-left: 1.5em" id="section-3.2-4.4">The two operations
          OP(bib-integrity, payload) and OP(bib-integrity,
          extension_block_1) are not redundant and both may be present
          in the same bundle at the same time.  Similarly, the two
          operations OP(bib-integrity, extension_block_1) and
          OP(bib-integrity, extension_block_2) are also not redundant
          and may both be present in the bundle at the same time.<a href="#section-3.2-4.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-3.2-4.5">Different services on same block:</dt>
          <dd style="margin-left: 1.5em" id="section-3.2-4.6">The two
          operations OP(bib-integrity, payload) and
          OP(bcb-confidentiality, payload) are not inherently
          redundant and may both be present in the bundle at the same
          time, pursuant to other processing rules in this
          specification.<a href="#section-3.2-4.6" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-3.2-4.7">Different services from different block
          types:</dt>
          <dd style="margin-left: 1.5em" id="section-3.2-4.8">The notation OP(service, target) refers
          specifically to a security block, as the security block is
          the embodiment of a security service applied to a security
          target in a bundle. Were some Other Security Block (OSB) to
          be defined providing an integrity service, then the
          operations OP(bib-integrity, target) and OP(osb-integrity,
          target) <span class="bcp14">MAY</span> both be present in the same
          bundle if so allowed by the definition of the OSB, as
          discussed in <a href="#Extensions" class="xref">Section 10</a>.<a href="#section-3.2-4.8" class="pilcrow">¶</a>
</dd>
        <dd class="break"></dd>
</dl>
<p id="section-3.2-5">
         NOTES:<a href="#section-3.2-5" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.2-6.1">
               A security block may be removed from a bundle as part
               of security processing at a waypoint node with a new
               security block being added to the bundle by that
               node. In this case, conflicting security blocks never
               coexist in the bundle at the same time and the
               uniqueness requirement is not violated.<a href="#section-3.2-6.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.2-6.2">
               A ciphertext integrity-protection mechanism (such as associated
               authenticated data) calculated by a cipher suite and
               transported in a BCB is considered part of the
               confidentiality service; therefore, it is unique from the
               plaintext integrity service provided by a BIB.<a href="#section-3.2-6.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.2-6.3">
               The security blocks defined in this specification (BIB
               and BCB) are designed with the intention that the BPA
               adding these blocks is the authoritative source of the
               security service. If a BPA adds a BIB on a security
               target, then the BIB is expected to be the
               authoritative source of integrity for that security
               target. If a BPA adds a BCB to a security target, then
               the BCB is expected to be the authoritative source of
               confidentiality for that security target. More complex
               scenarios, such as having multiple nodes in a network
               sign the same security target, can be accommodated
               using the definition of custom security contexts (see <a href="#sec_ctx" class="xref">Section 9</a>) and/or the
               definition of OSBs (see <a href="#Extensions" class="xref">Section 10</a>).<a href="#section-3.2-6.3" class="pilcrow">¶</a>
</li>
        </ul>
</section>
</div>
<div id="sec_blocks_mult">
<section id="section-3.3">
        <h3 id="name-target-multiplicity">
<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-target-multiplicity" class="section-name selfRef">Target Multiplicity</a>
        </h3>
<p id="section-3.3-1">
         A single security block <span class="bcp14">MAY</span> represent 
         multiple security operations as a way of reducing the overall number 
         of security blocks present in a bundle.  In these circumstances, 
         reducing the number of security blocks in the bundle reduces the 
         amount of redundant information in the bundle.<a href="#section-3.3-1" class="pilcrow">¶</a></p>
<p id="section-3.3-2">   
         A set of security operations can be represented by a single security 
         block when all of the following conditions are true.<a href="#section-3.3-2" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.3-3.1">
               The security operations apply the same security service. For
               example, they are all integrity operations or all 
               confidentiality operations.<a href="#section-3.3-3.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.3-3.2">
               The security context parameters for the 
               security operations are identical.<a href="#section-3.3-3.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.3-3.3">
               The security source for the security operations is the same, 
               meaning the set of operations are being added by the 
               same node.<a href="#section-3.3-3.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.3-3.4">
               No security operations have the same security target, as that 
               would violate the need for security operations to be unique.<a href="#section-3.3-3.4" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.3-3.5">
               None of the security operations conflict with security 
               operations already present in the bundle.<a href="#section-3.3-3.5" class="pilcrow">¶</a>
</li>
        </ul>
<p id="section-3.3-4">
         When representing multiple security operations in a single security 
         block, the information that is common across all operations is 
         represented once in the security block; the information that is 
         different (e.g., the security targets) is represented individually.<a href="#section-3.3-4" class="pilcrow">¶</a></p>
<p id="section-3.3-5">
         If a node processes any security operation in a security block, it is <span class="bcp14">RECOMMENDED</span> that it process all
         security operations in the security block. This allows
         security sources to assert that the set of security
         operations in a security block are expected to be processed
         by the same security acceptor. However, the determination of
         whether a node actually is a security acceptor or not is a
         matter of the policy of the node itself. In cases where a
         receiving node determines that it is the security acceptor of
         only a subset of the security operations in a security block,
         the node may choose to only process that subset of security
         operations.<a href="#section-3.3-5" class="pilcrow">¶</a></p>
</section>
</div>
<div id="sec_blocks_tgtid">
<section id="section-3.4">
        <h3 id="name-target-identification">
<a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-target-identification" class="section-name selfRef">Target Identification</a>
        </h3>
<p id="section-3.4-1">
         A security target is a block in the bundle to which a security 
         service applies. This target must be uniquely and unambiguously 
         identifiable when processing a security block. The definition of the 
         extension block header from <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> 
         provides a "block number" field suitable for this purpose. Therefore, 
         a security target in a security block <span class="bcp14">MUST</span> be represented as the 
         block number of the target block.<a href="#section-3.4-1" class="pilcrow">¶</a></p>
</section>
</div>
<div id="sec_blocks_rep">
<section id="section-3.5">
        <h3 id="name-block-representation">
<a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-block-representation" class="section-name selfRef">Block Representation</a>
        </h3>
<p id="section-3.5-1">
         Each security block uses the Canonical Bundle Block Format as
         defined in <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span>. That is, each 
         security block is comprised of the following elements:<a href="#section-3.5-1" class="pilcrow">¶</a></p>
<ul class="compact">
<li class="compact" id="section-3.5-2.1">block type code<a href="#section-3.5-2.1" class="pilcrow">¶</a>
</li>
          <li class="compact" id="section-3.5-2.2">block number<a href="#section-3.5-2.2" class="pilcrow">¶</a>
</li>
          <li class="compact" id="section-3.5-2.3">block processing control flags<a href="#section-3.5-2.3" class="pilcrow">¶</a>
</li>
          <li class="compact" id="section-3.5-2.4">cyclic redundancy check (CRC) type<a href="#section-3.5-2.4" class="pilcrow">¶</a>
</li>
          <li class="compact" id="section-3.5-2.5">block-type-specific data<a href="#section-3.5-2.5" class="pilcrow">¶</a>
</li>
          <li class="compact" id="section-3.5-2.6">CRC field (if present)<a href="#section-3.5-2.6" class="pilcrow">¶</a>
</li>
        </ul>
<p id="section-3.5-3">
         Security-specific information for a security block is captured in the 
         block-type-specific data field.<a href="#section-3.5-3" class="pilcrow">¶</a></p>
</section>
</div>
<div id="sec_blocks_asb">
<section id="section-3.6">
        <h3 id="name-abstract-security-block">
<a href="#section-3.6" class="section-number selfRef">3.6. </a><a href="#name-abstract-security-block" class="section-name selfRef">Abstract Security Block</a>
        </h3>
<p id="section-3.6-1">
         The structure of the security-specific portions of a security block 
         is identical for both the BIB and BCB block types. Therefore, this 
         section defines an Abstract Security Block (ASB) data structure and 
         discusses its definition, its processing, and other constraints for using 
         this structure. An ASB is never directly instantiated within a 
         bundle, it is only a mechanism for discussing the common aspects of 
         BIB and BCB security blocks.<a href="#section-3.6-1" class="pilcrow">¶</a></p>
<p id="section-3.6-2">
         The fields of the ASB <span class="bcp14">SHALL</span> be as follows,
         listed in the order in which they must appear. The encoding
         of these fields <span class="bcp14">MUST</span> be in accordance with the
         canonical forms provided in <a href="#CanonBundle" class="xref">Section 4</a>.<a href="#section-3.6-2" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlNewline" id="section-3.6-3">
          <dt id="section-3.6-3.1">Security Targets:</dt>
          <dd style="margin-left: 3.0em" id="section-3.6-3.2">
               This field identifies the block(s) targeted by the
               security operation(s) represented by this security
               block. Each target block is represented by its unique
               block number. This field <span class="bcp14">SHALL</span> be
               represented by a Concise Binary Object Representation
               (CBOR) array of data items. Each target within this
               CBOR array <span class="bcp14">SHALL</span> be represented by a
               CBOR unsigned integer. This array <span class="bcp14">MUST</span>
               have at least one entry and each entry
               <span class="bcp14">MUST</span> represent the block number of a
               block that exists in the bundle. There <span class="bcp14">MUST NOT</span> be duplicate entries in this array. The
               order of elements in this list has no semantic meaning
               outside of the context of this block. Within the block,
               the ordering of targets must match the ordering of
               results associated with these targets.<a href="#section-3.6-3.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-3.6-3.3">Security Context Id:</dt>
          <dd style="margin-left: 3.0em" id="section-3.6-3.4">
               This field identifies the security context used to
               implement the security service represented by this
               block and applied to each security target. This field
               <span class="bcp14">SHALL</span> be represented by a CBOR unsigned
               integer. The values for this Id should come from the
               registry defined in <a href="#SecCtx" class="xref">Section 11.3</a>.<a href="#section-3.6-3.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-3.6-3.5">Security Context Flags:</dt>
          <dd style="margin-left: 3.0em" id="section-3.6-3.6">
            <p id="section-3.6-3.6.1">
               This field identifies which optional fields are present
               in the security block. This field <span class="bcp14">SHALL</span>
               be represented as a CBOR unsigned integer whose
               contents shall be interpreted as a bit field. Each bit
               in this bit field indicates the presence (bit set to 1)
               or absence (bit set to 0) of optional data in the
               security block. The association of bits to security
               block data is defined as follows.<a href="#section-3.6-3.6.1" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.6-3.6.2">
              <dt id="section-3.6-3.6.2.1">Bit 0</dt>
              <dd style="margin-left: 5.0em" id="section-3.6-3.6.2.2"> (the least-significant bit, 0x01): "Security context 
                     parameters present" flag.<a href="#section-3.6-3.6.2.2" class="pilcrow">¶</a>
</dd>
              <dd class="break"></dd>
<dt id="section-3.6-3.6.2.3">Bit &gt;0</dt>
              <dd style="margin-left: 5.0em" id="section-3.6-3.6.2.4">Reserved<a href="#section-3.6-3.6.2.4" class="pilcrow">¶</a>
</dd>
            <dd class="break"></dd>
</dl>
<p id="section-3.6-3.6.3">

               Implementations <span class="bcp14">MUST</span> set reserved bits
               to 0 when writing this field and <span class="bcp14">MUST</span>
               ignore the values of reserved bits when reading this
               field.  For unreserved bits, a value of 1 indicates
               that the associated security block field
               <span class="bcp14">MUST</span> be included in the security
               block. A value of 0 indicates that the associated
               security block field <span class="bcp14">MUST NOT</span> be in the
               security block.<a href="#section-3.6-3.6.3" class="pilcrow">¶</a></p>
</dd>
          <dd class="break"></dd>
<dt id="section-3.6-3.7">Security Source:</dt>
          <dd style="margin-left: 3.0em" id="section-3.6-3.8">
               This field identifies the BPA that inserted the security block 
               in the bundle. Also, any node ID of the node of which the BPA 
               is a component.  This field <span class="bcp14">SHALL</span> be 
               represented by a CBOR array in accordance with the rules in
               <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> for 
               representing endpoint IDs (EIDs).<a href="#section-3.6-3.8" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-3.6-3.9">Security Context Parameters (Optional):</dt>
          <dd style="margin-left: 3.0em" id="section-3.6-3.10">
            <p id="section-3.6-3.10.1">
               This field captures one or more security context parameters 
               that should be used when processing 
               the security service described by this security block. This 
               field <span class="bcp14">SHALL</span> be represented by a CBOR array.  Each entry in this
               array is a single security context parameter.  A single  
               parameter <span class="bcp14">SHALL</span> also be represented as a CBOR array comprising 
               a 2-tuple of the Id and value of the parameter, as follows.<a href="#section-3.6-3.10.1" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.6-3.10.2">
              <dt id="section-3.6-3.10.2.1">Parameter Id:</dt>
              <dd style="margin-left: 1.5em" id="section-3.6-3.10.2.2">This field identifies which  
                     parameter is being specified. This field <span class="bcp14">SHALL</span> be 
                     represented as a CBOR unsigned integer.  Parameter Ids 
                     are selected as described in <a href="#parmresult" class="xref">Section 3.10</a>.<a href="#section-3.6-3.10.2.2" class="pilcrow">¶</a>
</dd>
              <dd class="break"></dd>
<dt id="section-3.6-3.10.2.3">Parameter Value:</dt>
              <dd style="margin-left: 1.5em" id="section-3.6-3.10.2.4">This field captures the value 
                     associated with this parameter. This field <span class="bcp14">SHALL</span> be 
                     represented by the applicable CBOR representation of the 
                     parameter, in accordance with <a href="#parmresult" class="xref">Section 3.10</a>.<a href="#section-3.6-3.10.2.4" class="pilcrow">¶</a>
</dd>
            <dd class="break"></dd>
</dl>
<p id="section-3.6-3.10.3">

               The logical layout of the parameters array is 
               illustrated in <a href="#parms_tbl" class="xref">Figure 1</a>.<a href="#section-3.6-3.10.3" class="pilcrow">¶</a></p>
<span id="name-security-context-parameters"></span><div id="parms_tbl">
<figure id="figure-1">
              <div class="alignCenter art-text artwork" id="section-3.6-3.10.4.1">
<pre>
+----------------+----------------+     +----------------+
|  Parameter 1   |  Parameter 2   | ... |  Parameter N   |
+------+---------+------+---------+     +------+---------+
|  Id  |  Value  |  Id  |  Value  |     |  Id  |  Value  |
+------+---------+------+---------+     +------+---------+</pre>
</div>
<figcaption><a href="#figure-1" class="selfRef">Figure 1</a>:
<a href="#name-security-context-parameters" class="selfRef">Security Context Parameters</a>
              </figcaption></figure>
</div>
</dd>
          <dd class="break"></dd>
<dt id="section-3.6-3.11">Security Results:</dt>
          <dd style="margin-left: 3.0em" id="section-3.6-3.12">
            <p id="section-3.6-3.12.1">
               This field captures the results of applying a security service
               to the security targets of the security block. This field <span class="bcp14">SHALL</span> 
               be represented as a CBOR array of target results. Each entry in 
               this array represents the set of security results for a 
               specific security target. The target results <span class="bcp14">MUST</span> be ordered 
               identically to the Security Targets field of the security block.
               This means that the first set of target results in this array 
               corresponds to the first entry in the Security Targets field of 
               the security block, and so on. There <span class="bcp14">MUST</span> be one entry in this 
               array for each entry in the Security Targets field of the 
               security block.<a href="#section-3.6-3.12.1" class="pilcrow">¶</a></p>
<p id="section-3.6-3.12.2">
               The set of security results for a target is also represented as 
               a CBOR array of individual results. An individual result is 
               represented as a CBOR array comprising a 2-tuple of a result Id and a result value, 
               defined as follows.<a href="#section-3.6-3.12.2" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.6-3.12.3">
              <dt id="section-3.6-3.12.3.1">Result Id:</dt>
              <dd style="margin-left: 1.5em" id="section-3.6-3.12.3.2">This field identifies which security result is 
                     being specified. Some security results capture the 
                     primary output of a cipher suite. Other security results 
                     contain additional annotative information from cipher 
                     suite processing. This field <span class="bcp14">SHALL</span> be represented as a 
                     CBOR unsigned integer.  Security result Ids will be as 
                     specified in <a href="#parmresult" class="xref">Section 3.10</a>.<a href="#section-3.6-3.12.3.2" class="pilcrow">¶</a>
</dd>
              <dd class="break"></dd>
<dt id="section-3.6-3.12.3.3">Result Value:</dt>
              <dd style="margin-left: 1.5em" id="section-3.6-3.12.3.4">This field captures the value associated 
                     with the result. This field <span class="bcp14">SHALL</span> be represented by the 
                     applicable CBOR representation of the result value, in 
                     accordance with <a href="#parmresult" class="xref">Section 3.10</a>.<a href="#section-3.6-3.12.3.4" class="pilcrow">¶</a>
</dd>
            <dd class="break"></dd>
</dl>
<p id="section-3.6-3.12.4"> 

               The logical layout of the security results array is illustrated
               in <a href="#res_tbl" class="xref">Figure 2</a>. In this figure, there are N 
               security targets for this security block. The first security 
               target contains M results and the Nth security target contains 
               K results.<a href="#section-3.6-3.12.4" class="pilcrow">¶</a></p>
<span id="name-security-results"></span><div id="res_tbl">
<figure id="figure-2">
              <div class="alignCenter art-text artwork" id="section-3.6-3.12.5.1">
<pre>
+--------------------------+     +---------------------------+
|          Target 1        |     |         Target N          |
+----------+----+----------+     +---------------------------+
| Result 1 |    | Result M | ... | Result 1 |    |  Result K |
+----+-----+ .. +----+-----+     +---+------+ .. +----+------+
| Id |Value|    | Id |Value|     | Id |Value|    | Id | Value|
+----+-----+    +----+-----+     +----+-----+    +----+------+</pre>
</div>
<figcaption><a href="#figure-2" class="selfRef">Figure 2</a>:
<a href="#name-security-results" class="selfRef">Security Results</a>
              </figcaption></figure>
</div>
</dd>
        <dd class="break"></dd>
</dl>
</section>
</div>
<div id="BIB">
<section id="section-3.7">
        <h3 id="name-block-integrity-block">
<a href="#section-3.7" class="section-number selfRef">3.7. </a><a href="#name-block-integrity-block" class="section-name selfRef">Block Integrity Block</a>
        </h3>
<p id="section-3.7-1">
         A BIB is a BP extension block with the following characteristics.<a href="#section-3.7-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.7-2.1">
               The block type code value is as specified in 
               <a href="#BlockType" class="xref">Section 11.1</a>.<a href="#section-3.7-2.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.7-2.2">
               The block-type-specific data field follows the structure of the 
               ASB.<a href="#section-3.7-2.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.7-2.3">
               A security target listed in the Security Targets field <span class="bcp14">MUST NOT</span>
               reference a security block defined in this specification (e.g., 
               a BIB or a BCB).<a href="#section-3.7-2.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.7-2.4">
               The security context <span class="bcp14">MUST</span> utilize an authentication mechanism or 
               an error detection mechanism.<a href="#section-3.7-2.4" class="pilcrow">¶</a>
</li>
        </ul>
<p id="section-3.7-3">
         Notes:<a href="#section-3.7-3" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.7-4.1">
               Designers <span class="bcp14">SHOULD</span> carefully consider the effect of setting flags that either discard the 
               block or delete the bundle in the event that this block cannot 
               be processed.<a href="#section-3.7-4.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.7-4.2">
               Since OP(bib-integrity, target) is allowed only once in a bundle
               per target, it is <span class="bcp14">RECOMMENDED</span> that users wishing to support
               multiple integrity-protection mechanisms for the same target define a
               multi-result security context. Such a context could generate
               multiple security results for the same security target using different 
               integrity-protection mechanisms or different configurations for the
               same integrity-protection mechanism.<a href="#section-3.7-4.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.7-4.3">
               A BIB is used to verify the plaintext integrity of its security
               target. However, a single BIB <span class="bcp14">MAY</span> include security results for
               blocks other than its security target when doing so establishes a 
               needed relationship between the BIB security target and other blocks 
               in the bundle (such as the primary block).<a href="#section-3.7-4.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.7-4.4">
               Security information <span class="bcp14">MAY</span> be checked at any hop on the
               way to the bundle destination that has access to the required keying
               information, in accordance with <a href="#interact" class="xref">Section 3.9</a>.<a href="#section-3.7-4.4" class="pilcrow">¶</a>
</li>
        </ul>
</section>
</div>
<div id="BCB">
<section id="section-3.8">
        <h3 id="name-block-confidentiality-block">
<a href="#section-3.8" class="section-number selfRef">3.8. </a><a href="#name-block-confidentiality-block" class="section-name selfRef">Block Confidentiality Block</a>
        </h3>
<p id="section-3.8-1">         
         A BCB is a BP extension block with the following characteristics.<a href="#section-3.8-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.8-2.1">
               The block type code value is as specified in 
               <a href="#BlockType" class="xref">Section 11.1</a>.<a href="#section-3.8-2.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.8-2.2">
            <p id="section-3.8-2.2.1">
               The block processing control flags value can be set to
               whatever values are required by local policy with the
               following exceptions:<a href="#section-3.8-2.2.1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.8-2.2.2.1"> 
               BCBs <span class="bcp14">MUST</span>
               have the "Block must be replicated in every fragment"
               flag set if one of the targets is the payload
               block. Having that BCB in each fragment indicates to a
               receiving node that the payload portion of each
               fragment represents ciphertext.<a href="#section-3.8-2.2.2.1" class="pilcrow">¶</a>
</li>
              <li class="normal" id="section-3.8-2.2.2.2">
              BCBs <span class="bcp14">MUST NOT</span> have the "Block must be removed from bundle
               if it can't be processed" flag set. Removing a BCB from
               a bundle without decrypting its security targets
               removes information from the bundle necessary for their
               later decryption.<a href="#section-3.8-2.2.2.2" class="pilcrow">¶</a>
</li>
            </ul>
</li>
          <li class="normal" id="section-3.8-2.3">
               The block-type-specific data fields follow the structure of the 
               ASB.<a href="#section-3.8-2.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.8-2.4"> 
               A security target listed in the Security Targets field
               can reference the payload block, a non-security
               extension block, or a BIB. A BCB <span class="bcp14">MUST NOT</span> include another BCB as a security target. A
               BCB <span class="bcp14">MUST NOT</span> target the primary block. A
               BCB <span class="bcp14">MUST NOT</span> target a BIB unless
               it shares a security target with that BIB.<a href="#section-3.8-2.4" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.8-2.5">
               Any security context used by a BCB <span class="bcp14">MUST</span> utilize a confidentiality
               cipher that provides authenticated encryption with
               associated data (AEAD).<a href="#section-3.8-2.5" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.8-2.6">
               Additional information created by a cipher suite (such as
               an authentication tag) can be placed either in a 
               security result field or in the generated ciphertext. The 
               determination of where to place this information is a function of the 
               cipher suite and security context used.<a href="#section-3.8-2.6" class="pilcrow">¶</a>
</li>
        </ul>
<p id="section-3.8-3">
         The BCB modifies the contents of its security target(s).  When a BCB
         is applied, the security target body data are encrypted "in-place".
         Following encryption, the security target block-type-specific data 
         field contains ciphertext, not plaintext.<a href="#section-3.8-3" class="pilcrow">¶</a></p>
<p id="section-3.8-4">Notes:<a href="#section-3.8-4" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.8-5.1">
               It is <span class="bcp14">RECOMMENDED</span> that designers carefully 
               consider the effect of setting flags that delete the bundle in 
               the event that this block cannot be processed.<a href="#section-3.8-5.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.8-5.2">
               The BCB block processing control flags can be set independently
               from the processing control flags of the security target(s). The
               setting of such flags should be an implementation/policy 
               decision for the encrypting node.<a href="#section-3.8-5.2" class="pilcrow">¶</a>
</li>
        </ul>
</section>
</div>
<div id="interact">
<section id="section-3.9">
        <h3 id="name-block-interactions">
<a href="#section-3.9" class="section-number selfRef">3.9. </a><a href="#name-block-interactions" class="section-name selfRef">Block Interactions</a>
        </h3>
<p id="section-3.9-1">
         The security block types defined in this specification are
         designed to be as independent as possible.
   However, there are some cases where security blocks may share a
   security target; this sharing creates processing dependencies.<a href="#section-3.9-1" class="pilcrow">¶</a></p>
<p id="section-3.9-2">
  If a BCB and a BIB share a security target, an undesirable 
         condition occurs: a waypoint would be unable to validate the BIB 
         because the shared security target has been encrypted by the BCB.
         To address this situation, the 
         following processing rules <span class="bcp14">MUST</span> be followed:<a href="#section-3.9-2" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.9-3.1">
               When adding a BCB to a bundle, if some (or all) of the
               security targets of the BCB match all of the
               security targets of an existing BIB, then the existing
               BIB <span class="bcp14">MUST</span> also be encrypted.  This can be
               accomplished either by adding a new BCB that targets
               the existing BIB or by adding the BIB to the list of
               security targets for the BCB. Deciding which way to
               represent this situation is a matter of security
               policy.<a href="#section-3.9-3.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.9-3.2">
               When adding a BCB to a bundle, if some (or all) of the
               security targets of the BCB match some (but not all) of
               the security targets of a BIB, then that BIB
               <span class="bcp14">MUST</span> be altered in the following
               way. Any security results in the BIB associated with
               the BCB security targets <span class="bcp14">MUST</span> be removed
               from the BIB and placed in a new BIB. This newly
               created BIB <span class="bcp14">MUST</span> then be encrypted.  The
               encryption of the new BIB can be accomplished either by
               adding a new BCB that targets the new BIB or by adding
               the new BIB to the list of security targets for the
               BCB.  Deciding which way to represent this situation is
               a matter of security policy.<a href="#section-3.9-3.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.9-3.3">
               A BIB <span class="bcp14">MUST NOT</span> be added for a security
               target that is already the security target of a BCB as
               this would cause ambiguity in block processing order.<a href="#section-3.9-3.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.9-3.4">
               A BIB integrity value <span class="bcp14">MUST NOT</span> be
               checked if the BIB is the security target of an
               existing BCB. In this case, the BIB data is encrypted.<a href="#section-3.9-3.4" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.9-3.5">
               A BIB integrity value <span class="bcp14">MUST NOT</span> be
               checked if the security target associated with that
               value is also the security target of a BCB. In such a
               case, the security target data contains ciphertext as
               it has been encrypted.<a href="#section-3.9-3.5" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-3.9-3.6">
               As mentioned in <a href="#BIB" class="xref">Section 3.7</a>,
               a BIB <span class="bcp14">MUST NOT</span> have a BCB as its
               security target.<a href="#section-3.9-3.6" class="pilcrow">¶</a>
</li>
        </ul>
<p id="section-3.9-4">
         These restrictions on block interactions impose a necessary
         ordering when applying security operations within a
         bundle. Specifically, for a given security target, BIBs
         <span class="bcp14">MUST</span> be added before BCBs.  This ordering
         <span class="bcp14">MUST</span> be preserved in cases where the current
         BPA is adding all of the security blocks for the bundle or
         where the BPA is a waypoint adding new security blocks to a
         bundle that already contains security blocks.<a href="#section-3.9-4" class="pilcrow">¶</a></p>
<p id="section-3.9-5">
         In cases where a security source wishes to calculate both a
         plaintext integrity-protection mechanism and encrypt a security target,
         a BCB with a security context that generates an
         integrity-protection mechanism as one or more additional
         security results <span class="bcp14">MUST</span> be used instead of
         adding both a BIB and then a BCB for the security target at
         the security source.<a href="#section-3.9-5" class="pilcrow">¶</a></p>
</section>
</div>
<div id="parmresult">
<section id="section-3.10">
        <h3 id="name-parameter-and-result-identi">
<a href="#section-3.10" class="section-number selfRef">3.10. </a><a href="#name-parameter-and-result-identi" class="section-name selfRef">Parameter and Result Identification</a>
        </h3>
<p id="section-3.10-1">
         Each security context <span class="bcp14">MUST</span> define its own
         context parameters and results.  Each defined parameter and
         result is represented as the tuple of an identifier and a
         value. Identifiers are always represented as a CBOR unsigned
         integer. The CBOR encoding of values is as defined by the
         security context specification.<a href="#section-3.10-1" class="pilcrow">¶</a></p>
<p id="section-3.10-2">
         Identifiers <span class="bcp14">MUST</span> be unique for a given
         security context but do not need to be unique amongst all
         security contexts.<a href="#section-3.10-2" class="pilcrow">¶</a></p>
<p id="section-3.10-3">
         An example of a security context can be found in <span>[<a href="#RFC9173" class="xref">RFC9173</a>]</span>.<a href="#section-3.10-3" class="pilcrow">¶</a></p>
</section>
</div>
<div id="bsp_example">
<section id="section-3.11">
        <h3 id="name-bpsec-block-examples">
<a href="#section-3.11" class="section-number selfRef">3.11. </a><a href="#name-bpsec-block-examples" class="section-name selfRef">BPSec Block Examples</a>
        </h3>
<p id="section-3.11-1">
         This section provides two examples of BPSec blocks applied to
         bundles. In the first example, a single node adds several
         security operations to a bundle. In the second example, a
         waypoint node received the bundle created in the first
         example and adds additional security operations. In both
         examples, the first column represents blocks within a bundle
         and the second column represents the block number for the
         block, using the terminology B1...Bn for the purpose of
         illustration.<a href="#section-3.11-1" class="pilcrow">¶</a></p>
<section id="section-3.11.1">
          <h4 id="name-example-1-constructing-a-bu">
<a href="#section-3.11.1" class="section-number selfRef">3.11.1. </a><a href="#name-example-1-constructing-a-bu" class="section-name selfRef">Example 1: Constructing a Bundle with Security</a>
          </h4>
<p id="section-3.11.1-1">
            In this example, a bundle has four non-security-related
            blocks: the primary block (B1), two extension blocks
            (B4, B5), and a payload block (B6). The bundle source
            wishes to provide an integrity signature of the plaintext
            associated with the primary block, the second extension
            block, and the payload. The bundle source also wishes to
            provide confidentiality for the first extension block.
            The resultant bundle is illustrated in <a href="#bsp_ex1" class="xref">Figure 3</a> and the security
            actions are described below.<a href="#section-3.11.1-1" class="pilcrow">¶</a></p>
<span id="name-security-at-bundle-creation"></span><div id="bsp_ex1">
<figure id="figure-3">
            <div class="alignCenter art-text artwork" id="section-3.11.1-2.1">
<pre>
              Block in Bundle                ID
+==========================================+====+
|              Primary Block               | B1 |
+------------------------------------------+----+
|                    BIB                   | B2 |
|   OP(bib-integrity, targets = B1, B5, B6)|    |
+------------------------------------------+----+
|                    BCB                   | B3 |
|    OP(bcb-confidentiality, target = B4)  |    |
+------------------------------------------+----+
|       Extension Block (encrypted)        | B4 |
+------------------------------------------+----+
|              Extension Block             | B5 |
+------------------------------------------+----+
|               Payload Block              | B6 |
+------------------------------------------+----+</pre>
</div>
<figcaption><a href="#figure-3" class="selfRef">Figure 3</a>:
<a href="#name-security-at-bundle-creation" class="selfRef">Security at Bundle Creation</a>
            </figcaption></figure>
</div>
<p id="section-3.11.1-3">
            The following security actions were applied to this bundle at its
            time of creation.<a href="#section-3.11.1-3" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.11.1-4.1">
                  An integrity signature applied to the canonical form of the
                  primary block (B1), the canonical form of the block-type-specific data field
                  of the second extension block (B5), and the canonical form of the 
                  payload block (B6). This is accomplished by a single BIB (B2)
                  with multiple targets. A single BIB is used in this case
                  because all three targets share a security source, security 
                  context, and security context parameters. Had this not been 
                  the case, multiple BIBs could have been added instead.<a href="#section-3.11.1-4.1" class="pilcrow">¶</a>
</li>
            <li class="normal" id="section-3.11.1-4.2">
                  Confidentiality for the first extension block (B4). This is
                  accomplished by a BCB (B3). Once applied, the block-type-specific data 
                  field of extension block B4 is encrypted. The BCB <span class="bcp14">MUST</span>
                  hold an authentication tag for the ciphertext either
                  in the ciphertext that now populates the first extension
                  block or as a security result in the BCB itself, depending
                  on which security context is used to form the BCB. A plaintext
                  integrity signature may also exist as a security result in
                  the BCB if one is provided by the selected confidentiality
                  security context.<a href="#section-3.11.1-4.2" class="pilcrow">¶</a>
</li>
          </ul>
</section>
<section id="section-3.11.2">
          <h4 id="name-example-2-adding-more-secur">
<a href="#section-3.11.2" class="section-number selfRef">3.11.2. </a><a href="#name-example-2-adding-more-secur" class="section-name selfRef">Example 2: Adding More Security at a New Node</a>
          </h4>
<p id="section-3.11.2-1">
            Consider that the bundle as it is illustrated in <a href="#bsp_ex1" class="xref">Figure 3</a> is now received by a
            waypoint node that wishes to encrypt the second extension
            block and the bundle payload.  The waypoint security
            policy is to allow existing BIBs for these blocks to
            persist, as they may be required as part of the security
            policy at the bundle destination.<a href="#section-3.11.2-1" class="pilcrow">¶</a></p>
<p id="section-3.11.2-2">
            The resultant bundle is illustrated in <a href="#bsp_ex2" class="xref">Figure 4</a> 
            and the security actions are described below. Note that block IDs 
            provided here are ordered solely for the purpose of this example 
            and are not meant to impose an ordering for block creation. The
            ordering of blocks added to a bundle <span class="bcp14">MUST</span> always be in compliance
            with <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span>.<a href="#section-3.11.2-2" class="pilcrow">¶</a></p>
<span id="name-security-at-bundle-forwardi"></span><div id="bsp_ex2">
<figure id="figure-4">
            <div class="alignCenter art-text artwork" id="section-3.11.2-3.1">
<pre>
              Block in Bundle                ID
+==========================================+====+
|              Primary Block               | B1 |
+------------------------------------------+----+
|                    BIB                   | B2 |
|      OP(bib-integrity, target = B1)      |    |
+------------------------------------------+----+
|                    BIB (encrypted)       | B7 |
|      OP(bib-integrity, targets = B5, B6) |    |
+------------------------------------------+----+
|                    BCB                   | B8 |
|OP(bcb-confidentiality,targets = B5,B6,B7)|    |
+------------------------------------------+----+
|                    BCB                   | B3 |
|    OP(bcb-confidentiality, target = B4)  |    |
+------------------------------------------+----+
|       Extension Block (encrypted)        | B4 |
+------------------------------------------+----+
|       Extension Block (encrypted)        | B5 |
+------------------------------------------+----+
|         Payload Block (encrypted)        | B6 |
+------------------------------------------+----+</pre>
</div>
<figcaption><a href="#figure-4" class="selfRef">Figure 4</a>:
<a href="#name-security-at-bundle-forwardi" class="selfRef">Security at Bundle Forwarding</a>
            </figcaption></figure>
</div>
<p id="section-3.11.2-4">
            The following security actions were applied to this bundle prior to
            its forwarding from the waypoint node.<a href="#section-3.11.2-4" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-3.11.2-5.1">
                  Since the waypoint node wishes to encrypt the 
                  block-type-specific data field of blocks B5 and B6,
                  it <span class="bcp14">MUST</span> also encrypt the block-type-specific data field of
                  the BIBs providing plaintext integrity
                  over those blocks. However, BIB B2 could not be encrypted 
                  in its entirety because it also held a signature for the
                  primary block (B1). Therefore, a new BIB (B7) is created and
                  security results associated with B5 and B6 are moved out
                  of BIB B2 and into BIB B7.<a href="#section-3.11.2-5.1" class="pilcrow">¶</a>
</li>
            <li class="normal" id="section-3.11.2-5.2">
                  Now that there is no longer confusion about which plaintext
                  integrity signatures must be encrypted, a BCB is added to the
                  bundle with the security targets being the second extension
                  block (B5) and the payload (B6) as well as the newly created
                  BIB holding their plaintext integrity signatures (B7). A 
                  single new BCB is used in this case because all three 
                  targets share a security source, security context, and 
                  security context parameters. Had this not been the case, 
                  multiple BCBs could have been added instead.<a href="#section-3.11.2-5.2" class="pilcrow">¶</a>
</li>
          </ul>
</section>
</section>
</div>
</section>
</div>
<div id="CanonBundle">
<section id="section-4">
      <h2 id="name-canonical-forms">
<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-canonical-forms" class="section-name selfRef">Canonical Forms</a>
      </h2>
<p id="section-4-1">
      Security services require consistency and determinism in how information 
      is presented to cipher suites at security sources, verifiers, and acceptors. 
      For example, integrity services require that the same target 
      information (e.g., the same bits in the same order) is provided to the 
      cipher suite when generating an original signature and when validating a
      signature. Canonicalization algorithms transcode the contents of a security
      target into a canonical form.<a href="#section-4-1" class="pilcrow">¶</a></p>
<p id="section-4-2">
      Canonical forms are used to generate input to a security context for 
      security processing at a BP node. If the values of a security target are
      unchanged, then the canonical form of that target will be the same even
      if the encoding of those values for wire transmission is different.<a href="#section-4-2" class="pilcrow">¶</a></p>
<p id="section-4-3">
      BPSec operates on data fields within bundle blocks
      (e.g., the block-type-specific data field). In their canonical form, these
      fields <span class="bcp14">MUST</span> include their own CBOR encoding and <span class="bcp14">MUST NOT</span> include any
      other encapsulating CBOR encoding. 
      For example, the canonical form of the block-type-specific data field
      is a CBOR byte string existing within the CBOR array containing the fields of 
      the extension block. The entire CBOR byte string is considered the canonical
      block-type-specific data field. The CBOR array
      framing is not considered part of the field.<a href="#section-4-3" class="pilcrow">¶</a></p>
<p id="section-4-4">
      The canonical form of the primary block is as specified in <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> with
      the following constraint.<a href="#section-4-4" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-4-5.1">
            CBOR values from the primary block <span class="bcp14">MUST</span> be canonicalized using the rules for Deterministically Encoded CBOR,
            as specified in <span>[<a href="#RFC8949" class="xref">RFC8949</a>]</span>.<a href="#section-4-5.1" class="pilcrow">¶</a>
</li>
      </ul>
<p id="section-4-6">
      All non-primary blocks share the same block structure and are 
      canonicalized as specified in <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> with 
      the following constraints.<a href="#section-4-6" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-4-7.1">
            CBOR values from the non-primary block <span class="bcp14">MUST</span> be canonicalized using the rules for Deterministically Encoded CBOR,
            as specified in <span>[<a href="#RFC8949" class="xref">RFC8949</a>]</span>.<a href="#section-4-7.1" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-4-7.2">
            Only the block-type-specific data field may be provided to a cipher suite for
            encryption as part of a confidentiality security service. Other fields within a non-primary block
            <span class="bcp14">MUST NOT</span> be encrypted or decrypted and <span class="bcp14">MUST NOT</span> be included in the canonical form used by the 
            cipher suite for encryption and decryption.
      An integrity-protection mechanism <span class="bcp14">MAY</span> be applied to these other 
      fields as supported by the security context. For example, these 
      fields might be treated as associated authenticated data.<a href="#section-4-7.2" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-4-7.3">            
            Reserved and unassigned flags in the block processing control flags field <span class="bcp14">MUST</span> be set to 0 in 
            a canonical form as it is not known if those flags will change in transit.<a href="#section-4-7.3" class="pilcrow">¶</a>
</li>
      </ul>
<p id="section-4-8">
      Security contexts <span class="bcp14">MAY</span> define their own canonicalization algorithms and require the use of those algorithms 
      over the ones provided in this specification. In the event of conflicting canonicalization algorithms, algorithms 
      defined in a security context take precedence over this specification when constructing canonical forms for that
      security context.<a href="#section-4-8" class="pilcrow">¶</a></p>
</section>
</div>
<div id="SecProc">
<section id="section-5">
      <h2 id="name-security-processing">
<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-security-processing" class="section-name selfRef">Security Processing</a>
      </h2>
<p id="section-5-1">
      This section describes the security aspects of bundle processing.<a href="#section-5-1" class="pilcrow">¶</a></p>
<div id="BundleRX">
<section id="section-5.1">
        <h3 id="name-bundles-received-from-other">
<a href="#section-5.1" class="section-number selfRef">5.1. </a><a href="#name-bundles-received-from-other" class="section-name selfRef">Bundles Received from Other Nodes</a>
        </h3>
<p id="section-5.1-1">
         Security blocks must be processed in a specific order when received
         by a BP node. The processing order is as follows.<a href="#section-5.1-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-5.1-2.1">
               When BIBs and BCBs share a security target, BCBs <span class="bcp14">MUST</span> be 
               evaluated first and BIBs second.<a href="#section-5.1-2.1" class="pilcrow">¶</a>
</li>
        </ul>
<section id="section-5.1.1">
          <h4 id="name-receiving-bcbs">
<a href="#section-5.1.1" class="section-number selfRef">5.1.1. </a><a href="#name-receiving-bcbs" class="section-name selfRef">Receiving BCBs</a>
          </h4>
<p id="section-5.1.1-1">
            If a received bundle contains a BCB, the receiving node <span class="bcp14">MUST</span>
            determine whether it is the security acceptor for any of
            the security operations in the BCB. If so, the node <span class="bcp14">MUST</span>
            process those operations and remove any operation-specific
            information from the BCB prior to delivering data to an application at the node 
            or forwarding the bundle. If processing a security operation fails, 
            the target <span class="bcp14">SHALL</span> be processed according to the security policy. 
            A bundle status report indicating the failure <span class="bcp14">MAY</span> be generated. 
            When all security operations for a BCB have been removed from
            the BCB, the BCB <span class="bcp14">MUST</span> be removed from the bundle.<a href="#section-5.1.1-1" class="pilcrow">¶</a></p>
<p id="section-5.1.1-2">
            If the receiving node is the destination of the bundle,
            the node <span class="bcp14">MUST</span> decrypt any BCBs remaining in
            the bundle. If the receiving node is not the destination
            of the bundle, the node <span class="bcp14">MUST</span> process the
            BCB if directed to do so as a matter of security policy.<a href="#section-5.1.1-2" class="pilcrow">¶</a></p>
<p id="section-5.1.1-3">
            If the security policy of a node specifies that a node
            should have applied confidentiality to a specific security
            target and no such BCB is present in the bundle, then the
            node <span class="bcp14">MUST</span> process this security target in
            accordance with the security policy. It is
            <span class="bcp14">RECOMMENDED</span> that the node remove the
            security target from the bundle because the
            confidentiality (and possibly the integrity) of the
            security target cannot be guaranteed. If the removed
            security target is the payload block, the bundle
            <span class="bcp14">MUST</span> be discarded.<a href="#section-5.1.1-3" class="pilcrow">¶</a></p>
<p id="section-5.1.1-4">
            If an encrypted payload block cannot be decrypted (i.e.,
            the ciphertext cannot be authenticated), then the bundle
            <span class="bcp14">MUST</span> be discarded and processed no
            further. If an encrypted security target other than the
            payload block cannot be decrypted, then the associated
            security target and all security blocks associated with
            that target <span class="bcp14">MUST</span> be discarded and processed
            no further. In both cases, requested status reports (see
            <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span>)
            <span class="bcp14">MAY</span> be generated to reflect bundle or block
            deletion.<a href="#section-5.1.1-4" class="pilcrow">¶</a></p>
<p id="section-5.1.1-5">
            When a BCB is decrypted, the recovered plaintext for each
            security target <span class="bcp14">MUST</span> replace the ciphertext in each of the 
            security targets' block-type-specific data fields. If the
            plaintext is of a different size than the ciphertext, the framing of the CBOR byte
            string of this field must be updated to ensure this field
            remains a valid CBOR byte string. The length of the recovered plaintext 
            is known by the decrypting security context.<a href="#section-5.1.1-5" class="pilcrow">¶</a></p>
<p id="section-5.1.1-6">
            If a BCB contains multiple security operations, each operation processed
            by the node <span class="bcp14">MUST</span> be treated as if the security operation 
            has been represented by a single BCB with a single
            security operation for the purposes of report generation and policy 
            processing.<a href="#section-5.1.1-6" class="pilcrow">¶</a></p>
</section>
<section id="section-5.1.2">
          <h4 id="name-receiving-bibs">
<a href="#section-5.1.2" class="section-number selfRef">5.1.2. </a><a href="#name-receiving-bibs" class="section-name selfRef">Receiving BIBs</a>
          </h4>
<p id="section-5.1.2-1">
            If a received bundle contains a BIB, the receiving node
            <span class="bcp14">MUST</span> determine whether it is the security
            acceptor for any of the security operations in the BIB. If
            so, the node <span class="bcp14">MUST</span> process those operations
            and remove any operation-specific information from the BIB
            prior to delivering data to an application at the node or
            forwarding the bundle. If processing a security operation
            fails, the target <span class="bcp14">SHALL</span> be processed
            according to the security policy. A bundle status report
            indicating the failure <span class="bcp14">MAY</span> be
            generated. When all security operations for a BIB have
            been removed from the BIB, the BIB <span class="bcp14">MUST</span> be
            removed from the bundle.<a href="#section-5.1.2-1" class="pilcrow">¶</a></p>
<p id="section-5.1.2-2">
            A BIB <span class="bcp14">MUST NOT</span> be processed if the security
            target of the BIB is also the security target of a BCB in
            the bundle. Given the order of operations mandated by this
            specification, when both a BIB and a BCB share a security
            target, it means that the security target must have been
            encrypted after it was integrity signed; therefore, the
            BIB cannot be verified until the security target has been
            decrypted by processing the BCB.<a href="#section-5.1.2-2" class="pilcrow">¶</a></p>
<p id="section-5.1.2-3">
            If the security policy of a node specifies that a node
            should have applied integrity to a specific security
            target and no such BIB is present in the bundle, then the
            node <span class="bcp14">MUST</span> process this security target in
            accordance with the security policy. It is
            <span class="bcp14">RECOMMENDED</span> that the node remove the
            security target from the bundle if the security target is
            not the payload or primary block. If the security target
            is the payload or primary block, the bundle
            <span class="bcp14">MAY</span> be discarded. This action can occur at
            any node that has the ability to verify an integrity
            signature, not just the bundle destination.<a href="#section-5.1.2-3" class="pilcrow">¶</a></p>
<p id="section-5.1.2-4">
            If a receiving node is not the security acceptor of a
            security operation in a BIB, it <span class="bcp14">MAY</span> attempt
            to verify the security operation anyway to prevent
            forwarding corrupt data. If the verification fails, the
            node <span class="bcp14">SHALL</span> process the security target in
            accordance with local security policy.
            If a payload integrity check fails at a waypoint, it is
            <span class="bcp14">RECOMMENDED</span> that it be processed in the 
            same way as a failure of a payload 
            integrity check at the bundle destination.  If 
            the check passes, the node <span class="bcp14">MUST NOT</span> remove
            the security operation from the BIB prior to forwarding.<a href="#section-5.1.2-4" class="pilcrow">¶</a></p>
<p id="section-5.1.2-5">
            If a BIB contains multiple security operations, each operation processed
            by the node <span class="bcp14">MUST</span> be treated as if the security operation 
            has been represented by a single BIB with a single
            security operation for the purposes of report generation and policy 
            processing.<a href="#section-5.1.2-5" class="pilcrow">¶</a></p>
</section>
</section>
</div>
<div id="FragRe">
<section id="section-5.2">
        <h3 id="name-bundle-fragmentation-and-re">
<a href="#section-5.2" class="section-number selfRef">5.2. </a><a href="#name-bundle-fragmentation-and-re" class="section-name selfRef">Bundle Fragmentation and Reassembly</a>
        </h3>
<p id="section-5.2-1">
         If it is necessary for a node to fragment a bundle payload, and 
         security services have been applied to that bundle, the fragmentation 
         rules described in <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span> <span class="bcp14">MUST</span> be 
         followed. As defined there and summarized here for completeness, only 
         the payload block can be fragmented; security blocks, like all 
         extension blocks, can never be fragmented.<a href="#section-5.2-1" class="pilcrow">¶</a></p>
<p id="section-5.2-2"> 
         Due to the complexity of payload-block fragmentation, including the
         possibility of fragmenting payload-block fragments, integrity and
         confidentiality operations are not to be applied to a bundle
         representing a fragment. Specifically, a BCB or BIB <span class="bcp14">MUST NOT</span> be
         added to a bundle if the "Bundle is a fragment" flag is set in the
         bundle processing control flags field.<a href="#section-5.2-2" class="pilcrow">¶</a></p>
<p id="section-5.2-3">
         Security processing in the presence of payload-block fragmentation may
         be handled by other mechanisms outside of the BPSec protocol or 
         by applying BPSec blocks in coordination with an encapsulation 
         mechanism. A node should apply any confidentiality
         protection prior to performing any fragmentation.<a href="#section-5.2-3" class="pilcrow">¶</a></p>
</section>
</div>
</section>
</div>
<div id="KeyMgmt">
<section id="section-6">
      <h2 id="name-key-management">
<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-key-management" class="section-name selfRef">Key Management</a>
      </h2>
<p id="section-6-1">
      There exists a myriad of ways to establish, communicate, and
      otherwise manage key information in DTN. Certain DTN
      deployments might follow established protocols for key
      management, whereas other DTN deployments might require new and
      novel approaches. BPSec assumes that key management is handled
      as a separate part of network management; this specification
      neither defines nor requires a specific strategy for key management.<a href="#section-6-1" class="pilcrow">¶</a></p>
</section>
</div>
<div id="PolCons">
<section id="section-7">
      <h2 id="name-security-policy-considerati">
<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-security-policy-considerati" class="section-name selfRef">Security Policy Considerations</a>
      </h2>
<p id="section-7-1">         
      When implementing BPSec, several policy decisions must be
      considered. This section describes key policies that affect the
      generation, forwarding, and receipt of bundles that are secured using
      this specification. No single set of policy decisions is envisioned to 
      work for all secure DTN deployments.<a href="#section-7-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-7-2.1">
            If a bundle is received that contains combinations of
            security operations that are disallowed by this
            specification, the BPA must determine how to handle the
            bundle: the bundle may be discarded, the block affected by
            the security operation may be discarded, or one security
            operation may be favored over another.<a href="#section-7-2.1" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-7-2.2">
            BPAs in the network must understand what security operations they
            should apply to bundles. This decision may be based on the source 
            of the bundle, the destination of the bundle, or some other 
            information related to the bundle.<a href="#section-7-2.2" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-7-2.3">
            If a waypoint has been configured to add a security
            operation to a bundle, and the received bundle already has
            the security operation applied, then the receiver must
            understand what to do. The receiver may discard the
            bundle, discard the security target and associated BPSec
            blocks, replace the security operation, or take some other
            action.<a href="#section-7-2.3" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-7-2.4">
            It is <span class="bcp14">RECOMMENDED</span> that security operations
            be applied to every block in a bundle and that the default
            behavior of a BPA be to use the security services
            defined in this specification. Designers should only
            deviate from the use of security operations when the
            deviation can be justified -- such as when doing so causes
            downstream errors when processing blocks whose contents
            must be inspected or changed at one or more hops along the
            path.<a href="#section-7-2.4" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-7-2.5">
            BCB security contexts can alter the size of extension
            blocks and the payload block. Security policy
            <span class="bcp14">SHOULD</span> consider how changes to the size of
            a block could negatively effect bundle processing (e.g.,
            calculating storage needs and scheduling transmission
            times).<a href="#section-7-2.5" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-7-2.6">
          <p id="section-7-2.6.1">
            Adding a BIB to a security target that has already been encrypted
            by a BCB is not allowed. If this condition is likely to be 
            encountered, there are (at least) three possible policies that 
            could handle this situation.<a href="#section-7-2.6.1" class="pilcrow">¶</a></p>
<ol start="1" type="1" class="normal type-1" id="section-7-2.6.2">
<li id="section-7-2.6.2.1">
                  At the time of encryption, a security context can be 
                  selected that computes a plaintext integrity-protection mechanism 
                  that is included as a security context result field.<a href="#section-7-2.6.2.1" class="pilcrow">¶</a>
</li>
            <li id="section-7-2.6.2.2">
                  The encrypted block may be replicated as a new block with
                  a new block number and may be given integrity protection.<a href="#section-7-2.6.2.2" class="pilcrow">¶</a>
</li>
            <li id="section-7-2.6.2.3">   
                  An encapsulation scheme may be applied to encapsulate the
                  security target (or the entire bundle) such that the 
                  encapsulating structure is, itself, no longer the security 
                  target of a BCB and may therefore be the security target of 
                  a BIB.<a href="#section-7-2.6.2.3" class="pilcrow">¶</a>
</li>
          </ol>
</li>
        <li class="normal" id="section-7-2.7">
            Security policy <span class="bcp14">SHOULD</span> address whether cipher 
            suites whose ciphertext is larger than the initial 
            plaintext are permitted and, if so, for what types of blocks. 
            Changing the size of a block may cause processing difficulties for 
            networks that calculate block offsets into bundles or predict 
            transmission times or storage availability as a function of bundle 
            size. In other cases, changing the size of a payload as part of 
            encryption has no significant impact.<a href="#section-7-2.7" class="pilcrow">¶</a>
</li>
      </ul>
<div id="ReasonCodes">
<section id="section-7.1">
        <h3 id="name-security-reason-codes">
<a href="#section-7.1" class="section-number selfRef">7.1. </a><a href="#name-security-reason-codes" class="section-name selfRef">Security Reason Codes</a>
        </h3>
<p id="section-7.1-1">
         BPAs must process blocks and bundles in
         accordance with both BP policy and BPSec policy.  The decision to
         receive, forward, deliver, or delete a bundle may be communicated to
         the report-to address of the bundle in the form of a status report,
         as a method of tracking the progress of the bundle through the
         network.  The status report for a bundle may be augmented with a
         "reason code" explaining why the particular action was taken on the
         bundle.<a href="#section-7.1-1" class="pilcrow">¶</a></p>
<p id="section-7.1-2">
         This section describes a set of reason codes associated with the
         security processing of a bundle. The communication of security-related
         status reports might reduce the security of a network if these reports
         are intercepted by unintended recipients. BPSec policy <span class="bcp14">SHOULD</span> specify
         the conditions in which sending security reason codes are appropriate.          
         Examples of appropriate conditions for the use of security reason codes
         could include the following.<a href="#section-7.1-2" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-7.1-3.1">
               When the report-to address is verified as unchanged
               from the bundle source.  This can occur by placing an
               appropriate BIB on the bundle primary block.<a href="#section-7.1-3.1" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-7.1-3.2">
               When the block containing a status report with a
               security reason code is encrypted by a BCB.<a href="#section-7.1-3.2" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-7.1-3.3">
               When a status report containing a security reason code
               is only sent for security issues relating to bundles
               and/or blocks associated with non-operational user data
               or test data.<a href="#section-7.1-3.3" class="pilcrow">¶</a>
</li>
          <li class="normal" id="section-7.1-3.4">
               When a status report containing a security reason code
               is only sent for security issues associated with
               non-operational security contexts, or security contexts
               using non-operational configurations, such as test
               keys.<a href="#section-7.1-3.4" class="pilcrow">¶</a>
</li>
        </ul>
<p id="section-7.1-4">
         Security reason codes are assigned in accordance with <a href="#secreasoncode" class="xref">Section 11.2</a> and are as
         described below.<a href="#section-7.1-4" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlNewline" id="section-7.1-5">
          <dt id="section-7.1-5.1">Missing security operation:</dt>
          <dd style="margin-left: 3.0em" id="section-7.1-5.2">
               This reason code indicates that a bundle was missing
               one or more required security operations.  This reason
               code is typically used by a security verifier or
               security acceptor.<a href="#section-7.1-5.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-7.1-5.3">Unknown security operation:</dt>
          <dd style="margin-left: 3.0em" id="section-7.1-5.4">
               This reason code indicates that one or more security
               operations present in a bundle cannot be understood by
               the security verifier or security acceptor for the
               operation.  For example, this reason code may be used
               if a security block references an unknown security
               context identifier or security context parameter. This
               reason code should not be used for security operations
               for which the node is not a security verifier or
               security acceptor; there is no requirement that all
               nodes in a network understand all security contexts,
               security context parameters, and security services for
               every bundle in a network.<a href="#section-7.1-5.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-7.1-5.5">Unexpected security operation:</dt>
          <dd style="margin-left: 3.0em" id="section-7.1-5.6">   
               This reason code indicates that a receiving node is neither a 
               security verifier nor a security acceptor for at least one
               security operation in a bundle. This reason code should not
               be seen as an error condition: not every node is a security
               verifier or security acceptor for every security operation in 
               every bundle. In certain networks, this reason code may be 
               useful in identifying misconfigurations of security policy.<a href="#section-7.1-5.6" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-7.1-5.7">Failed security operation:</dt>
          <dd style="margin-left: 3.0em" id="section-7.1-5.8">   
               This reason code indicates that one or more security
               operations in a bundle failed to process as expected
               for reasons other than misconfiguration. This may occur
               when a security-source is unable to add a security
               block to a bundle.  This may occur if the target of a
               security operation fails to verify using the defined
               security context at a security verifier.  This may also
               occur if a security operation fails to be processed
               without error at a security acceptor.<a href="#section-7.1-5.8" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-7.1-5.9">Conflicting security operation:</dt>
          <dd style="margin-left: 3.0em" id="section-7.1-5.10">   
               This reason code indicates that two or more security
               operations in a bundle are not conformant with the
               BPSec specification and that security processing was
               unable to proceed because of a BPSec protocol
               violation.<a href="#section-7.1-5.10" class="pilcrow">¶</a>
</dd>
        <dd class="break"></dd>
</dl>
</section>
</div>
</section>
</div>
<div id="SecCons">
<section id="section-8">
      <h2 id="name-security-considerations">
<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
      </h2>
<p id="section-8-1">
      Given the nature of DTN applications, it is expected that
      bundles may traverse a variety of environments and devices that
      each pose unique security risks and requirements on the
      implementation of security within BPSec.  For this reason, it
      is important to introduce key threat models and describe the
      roles and responsibilities of the BPSec protocol in protecting
      the confidentiality and integrity of the data against those
      threats. This section provides additional discussion on security
      threats that BPSec will face and describes how BPSec security
      mechanisms operate to mitigate these threats.<a href="#section-8-1" class="pilcrow">¶</a></p>
<p id="section-8-2">      
      The threat model described here is assumed to have a set of
      capabilities identical to those described by the Internet Threat
      Model in <span>[<a href="#RFC3552" class="xref">RFC3552</a>]</span>, but the
      BPSec threat model is scoped to illustrate threats specific to
      BPSec operating within DTN environments; therefore, it focuses on
      on-path attackers (OPAs). In doing so, it is assumed that the
      delay-tolerant network (or significant portions of the delay-tolerant network) are completely under
      the control of an attacker.<a href="#section-8-2" class="pilcrow">¶</a></p>
<div id="SecConsAttack">
<section id="section-8.1">
        <h3 id="name-attacker-capabilities-and-o">
<a href="#section-8.1" class="section-number selfRef">8.1. </a><a href="#name-attacker-capabilities-and-o" class="section-name selfRef">Attacker Capabilities and Objectives</a>
        </h3>
<p id="section-8.1-1">
         BPSec was designed to protect against OPA threats that may
         have access to a bundle during transit from its source,
         Alice, to its destination, Bob.
  An OPA node, Olive, is a
         noncooperative node operating on the delay-tolerant network between Alice and
         Bob that has the ability to receive bundles, examine bundles,
         modify bundles, forward bundles, and generate bundles at will
         in order to compromise the confidentiality or integrity of
         data within the delay-tolerant network.  There are three classes of OPA nodes
         that are differentiated based on their access to
         cryptographic material:<a href="#section-8.1-1" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-8.1-2">
          <dt id="section-8.1-2.1">Unprivileged Node:</dt>
          <dd style="margin-left: 1.5em" id="section-8.1-2.2">Olive has not been provisioned
               within the secure environment and only has access to
               cryptographic material that has been publicly shared.<a href="#section-8.1-2.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-8.1-2.3">Legitimate Node:</dt>
          <dd style="margin-left: 1.5em" id="section-8.1-2.4">Olive is within the secure environment;
               therefore,  Olive has access to cryptographic material
               that has been provisioned to Olive (i.e., K<sub>M</sub>) as well
               as material that has been publicly shared.<a href="#section-8.1-2.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-8.1-2.5">Privileged Node:</dt>
          <dd style="margin-left: 1.5em" id="section-8.1-2.6">Olive is a privileged node within the
               secure environment; therefore, Olive has access to
               cryptographic material that has been provisioned to
               Olive, Alice, and/or Bob (i.e., K<sub>M</sub>, K<sub>A</sub>, and/or K<sub>B</sub>) as
               well as material that has been publicly shared.<a href="#section-8.1-2.6" class="pilcrow">¶</a>
</dd>
        <dd class="break"></dd>
</dl>
<p id="section-8.1-3">               
         If Olive is operating as a privileged node, this is
         tantamount to compromise; BPSec does not provide mechanisms
         to detect or remove Olive from the delay-tolerant network or BPSec secure
         environment.  It is up to the BPSec implementer or the
         underlying cryptographic mechanisms to provide appropriate
         capabilities if they are needed.  It should also be noted
         that if the implementation of BPSec uses a single set of
         shared cryptographic material for all nodes, a legitimate
         node is equivalent to a privileged node because K<sub>M</sub> == K<sub>A</sub> ==
         K<sub>B</sub>. For this reason, sharing cryptographic material in this
         way is not recommended.<a href="#section-8.1-3" class="pilcrow">¶</a></p>
<p id="section-8.1-4"> 
         A special case of the legitimate node is when Olive is either
         Alice or Bob (i.e., K<sub>M</sub> == K<sub>A</sub> or K<sub>M</sub> == K<sub>B</sub>).  In this case,
         Olive is able to impersonate traffic as either Alice or Bob,
         respectively, which means that traffic to and from that node
         can be decrypted and encrypted, respectively.  Additionally,
         messages may be signed as originating from one of the
         endpoints.<a href="#section-8.1-4" class="pilcrow">¶</a></p>
</section>
</div>
<div id="SecConsBehave">
<section id="section-8.2">
        <h3 id="name-attacker-behaviors-and-bpse">
<a href="#section-8.2" class="section-number selfRef">8.2. </a><a href="#name-attacker-behaviors-and-bpse" class="section-name selfRef">Attacker Behaviors and BPSec Mitigations</a>
        </h3>
<section id="section-8.2.1">
          <h4 id="name-eavesdropping-attacks">
<a href="#section-8.2.1" class="section-number selfRef">8.2.1. </a><a href="#name-eavesdropping-attacks" class="section-name selfRef">Eavesdropping Attacks</a>
          </h4>
<p id="section-8.2.1-1">
            Once Olive has received a bundle, she is able to examine
            the contents of that bundle and attempt to recover any
            protected data or cryptographic keying material from the
            blocks contained within.  The protection mechanism that
            BPSec provides against this action is the BCB, which
            encrypts the contents of its security target, providing
            confidentiality of the data.  Of course, it should be
            assumed that Olive is able to attempt offline recovery of
            encrypted data, so the cryptographic mechanisms selected
            to protect the data should provide a suitable level of
            protection.<a href="#section-8.2.1-1" class="pilcrow">¶</a></p>
<p id="section-8.2.1-2">         
            When evaluating the risk of eavesdropping attacks, it is
            important to consider the lifetime of bundles on DTN.
            Depending on the network, bundles may persist for days or
            even years.  Long-lived bundles imply that the data exists
            in the network for a longer period of time and, thus,
            there may be more opportunities to capture those
            bundles. Additionally, the implication is that long-lived bundles store information within that remains relevant and sensitive for long enough that, once
            captured, there is sufficient time to crack encryption
            associated with the bundle. If a bundle does persist on
            the network for years and the cipher suite used for a BCB
            provides inadequate protection, Olive may be able to
            recover the protected data either before that bundle
            reaches its intended destination or before the information
            in the bundle is no longer considered sensitive.<a href="#section-8.2.1-2" class="pilcrow">¶</a></p>
<p id="section-8.2.1-3">
            NOTE: Olive is not limited by the bundle lifetime and may
            retain a given bundle indefinitely.<a href="#section-8.2.1-3" class="pilcrow">¶</a></p>
<p id="section-8.2.1-4">
            NOTE: Irrespective of whether BPSec is used, traffic
            analysis will be possible.<a href="#section-8.2.1-4" class="pilcrow">¶</a></p>
</section>
<section id="section-8.2.2">
          <h4 id="name-modification-attacks">
<a href="#section-8.2.2" class="section-number selfRef">8.2.2. </a><a href="#name-modification-attacks" class="section-name selfRef">Modification Attacks</a>
          </h4>
<p id="section-8.2.2-1">
            As a node participating in the delay-tolerant network between Alice and Bob,
            Olive will also be able to modify the received bundle,
            including non-BPSec data such as the primary block,
            payload blocks, or block processing control flags as
            defined in <span>[<a href="#RFC9171" class="xref">RFC9171</a>]</span>.
            Olive will be able to undertake activities including
            modification of data within the blocks, replacement of
            blocks, addition of blocks, or removal of blocks.  Within
            BPSec, both the BIB and BCB provide integrity-protection
            mechanisms to detect or prevent data manipulation attempts
            by Olive.<a href="#section-8.2.2-1" class="pilcrow">¶</a></p>
<p id="section-8.2.2-2">            
            The BIB provides that protection to another block that is
            its security target.  The cryptographic mechanisms used to
            generate the BIB should be strong against collision
            attacks, and Olive should not have access to the
            cryptographic material used by the originating node to
            generate the BIB (e.g., K<sub>A</sub>). If both of these conditions
            are true, Olive will be unable to modify the security
            target or the BIB, and thus she cannot lead Bob to validate the security
            target as originating from Alice.<a href="#section-8.2.2-2" class="pilcrow">¶</a></p>
<p id="section-8.2.2-3">
            Since BPSec security operations are implemented by placing
            blocks in a bundle, there is no in-band mechanism for
            detecting or correcting certain cases where Olive removes
            blocks from a bundle. If Olive removes a BCB, but keeps
            the security target, the security target remains encrypted
            and there is a possibility that there may no longer be
            sufficient information to decrypt the block at its
            destination.  If Olive removes both a BCB (or BIB) and its
            security target, there is no evidence left in the bundle of
            the security operation. Similarly, if Olive removes the
            BIB, but not the security target, there is no evidence left
            in the bundle of the security operation.  In each of these
            cases, the implementation of BPSec must be combined with
            policy configuration at endpoints in the network that
            describe the expected and required security operations
            that must be applied on transmission and that are expected to
            be present on receipt.  This or other similar out-of-band
            information is required to correct for removal of security
            information in the bundle.<a href="#section-8.2.2-3" class="pilcrow">¶</a></p>
<p id="section-8.2.2-4">
            A limitation of the BIB may exist within the
            implementation of BIB validation at the destination node.
            If Olive is a legitimate node within the delay-tolerant network, the BIB
            generated by Alice with K<sub>A</sub> can be replaced with a new BIB
            generated with K<sub>M</sub> and forwarded to Bob.  If Bob is only
            validating that the BIB was generated by a legitimate
            user, Bob will acknowledge the message as originating from
            Olive instead of Alice. Validating a BIB indicates only
            that the BIB was generated by a holder of the relevant
            key; it does not provide any guarantee that the bundle or
            block was created by the same entity. In order to provide
            verifiable integrity checks, the BCB should require an
            encryption scheme that is Indistinguishable under adaptive
            Chosen Ciphertext Attack (IND-CCA2) secure. Such an
            encryption scheme will guard against signature
            substitution attempts by Olive. In this case, Alice
            creates a BIB with the protected data block as the
            security target and then creates a BCB with both the BIB
            and protected data block as its security targets.<a href="#section-8.2.2-4" class="pilcrow">¶</a></p>
</section>
<div id="SecConsTopAtck">
<section id="section-8.2.3">
          <h4 id="name-topology-attacks">
<a href="#section-8.2.3" class="section-number selfRef">8.2.3. </a><a href="#name-topology-attacks" class="section-name selfRef">Topology Attacks</a>
          </h4>
<p id="section-8.2.3-1">
             If Olive is in an OPA position within the delay-tolerant network, she is able
             to influence how any bundles that come to her may pass
             through the network.  Upon receiving and processing a
             bundle that must be routed elsewhere in the network,
             Olive has three options as to how to proceed: not forward
             the bundle, forward the bundle as intended, or forward
             the bundle to one or more specific nodes within the
             network.<a href="#section-8.2.3-1" class="pilcrow">¶</a></p>
<p id="section-8.2.3-2">             
            Attacks that involve rerouting the bundles throughout the
            network are essentially a special case of the modification
            attacks described in this section, one where the attacker is
            modifying fields within the primary block of the bundle.
            Given that BPSec cannot encrypt the contents of the
            primary block, alternate methods must be used to prevent
            this situation. These methods may include requiring BIBs
            for primary blocks, using encapsulation, or otherwise
            strategically manipulating primary block data. The
            details of any such mitigation technique are specific to
            the implementation of the deploying network and are outside of
            the scope of this document.<a href="#section-8.2.3-2" class="pilcrow">¶</a></p>
<p id="section-8.2.3-3">
            Furthermore, routing rules and policies may be useful in
            enforcing particular traffic flows to prevent topology
            attacks.  While these rules and policies may utilize some
            features provided by BPSec, their definition is beyond the
            scope of this specification.<a href="#section-8.2.3-3" class="pilcrow">¶</a></p>
</section>
</div>
<section id="section-8.2.4">
          <h4 id="name-message-injection">
<a href="#section-8.2.4" class="section-number selfRef">8.2.4. </a><a href="#name-message-injection" class="section-name selfRef">Message Injection</a>
          </h4>
<p id="section-8.2.4-1">                   
            Olive is also able to generate new bundles and transmit
            them into the delay-tolerant network at will.
     These bundles may be either 1)
            copies or slight modifications of previously observed
            bundles (i.e., a replay attack) or 2) entirely new bundles
            generated based on the Bundle Protocol, BPSec, or other
            bundle-related protocols.  With these attacks, Olive's
            objectives may vary, but may be targeting either the
            Bundle Protocol or application-layer protocols conveyed by
            the Bundle Protocol. The target could also be the storage
            and computing capabilities of the nodes running the bundle or
            application-layer protocols (e.g., a denial of service to
            flood on the storage of the store-and-forward mechanism or
            a computation that would process the bundles and perhaps
            prevent other activities).<a href="#section-8.2.4-1" class="pilcrow">¶</a></p>
<p id="section-8.2.4-2">           
            BPSec relies on cipher suite capabilities to prevent
            replay or forged message attacks.  A BCB used with
            appropriate cryptographic mechanisms may provide replay
            protection under certain circumstances.  Alternatively,
            application data itself may be augmented to include
            mechanisms to assert data uniqueness and then be protected
            with a BIB, a BCB, or both along with other block data. In
            such a case, the receiving node would be able to validate
            the uniqueness of the data.<a href="#section-8.2.4-2" class="pilcrow">¶</a></p>
<p id="section-8.2.4-3">
            For example, a BIB may be used to validate the integrity
            of a bundle's primary block, which includes a timestamp
            and lifetime for the bundle. If a bundle is replayed
            outside of its lifetime, then the replay attack will fail
            as the bundle will be discarded. Similarly, additional
            blocks, such as the Bundle Age, may be signed and validated
            to identify replay attacks. Finally, security context
            parameters within BIBs and BCBs may include
            anti-replay mechanisms such as session identifiers,
            nonces, and dynamic passwords as supported by network
            characteristics.<a href="#section-8.2.4-3" class="pilcrow">¶</a></p>
</section>
</section>
</div>
</section>
</div>
<div id="sec_ctx">
<section id="section-9">
      <h2 id="name-security-context-considerat">
<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-security-context-considerat" class="section-name selfRef">Security Context Considerations</a>
      </h2>
<section id="section-9.1">
        <h3 id="name-mandating-security-contexts">
<a href="#section-9.1" class="section-number selfRef">9.1. </a><a href="#name-mandating-security-contexts" class="section-name selfRef">Mandating Security Contexts</a>
        </h3>
<p id="section-9.1-1">
         Because of the diversity of networking scenarios and node
         capabilities that may utilize BPSec, there is a risk that a
         single security context mandated for every possible BPSec
         implementation is not feasible. For example, a security
         context appropriate for a resource-constrained node with
         limited connectivity may be inappropriate for use in a
         well-resourced, well-connected node.<a href="#section-9.1-1" class="pilcrow">¶</a></p>
<p id="section-9.1-2">
         This does not mean that the use of BPSec in a particular
         network is meant to happen without security contexts for
         interoperability and default behavior. Network designers must
         identify the minimal set of security contexts necessary for
         functions in their network. For example, a default set of
         security contexts could be created for use over the
         terrestrial Internet, and they could be required by any BPSec implementation
         communicating over the terrestrial Internet.<a href="#section-9.1-2" class="pilcrow">¶</a></p>
<p id="section-9.1-3">
         To ensure interoperability among various implementations, all
         BPSec implementations <span class="bcp14">MUST</span> support at least
         the current, mandatory security context(s) defined in IETF Standards Track 
         RFCs.  As of this writing, that BP mandatory security
         context is specified in <span>[<a href="#RFC9173" class="xref">RFC9173</a>]</span>, but the mandatory security context(s)
         might change over time in accordance with usual IETF
         processes.  Such changes are likely to occur in the future
         if/when flaws are discovered in the applicable cryptographic
         algorithms, for example.<a href="#section-9.1-3" class="pilcrow">¶</a></p>
<p id="section-9.1-4">
         Additionally, BPSec implementations need to support the
         security contexts that are required by the BP
         networks in which they are deployed.<a href="#section-9.1-4" class="pilcrow">¶</a></p>
<p id="section-9.1-5">
         If a node serves as a gateway between two or more networks,
         the BPSec implementation at that node needs to support the
         union of security contexts mandated in those networks.<a href="#section-9.1-5" class="pilcrow">¶</a></p>
<p id="section-9.1-6">
         BPSec has been designed to allow for a diversity of security
         contexts and for new contexts to be defined over time. The
         use of different security contexts does not change the BPSec
         protocol itself, and the definition of new security contexts
         <span class="bcp14">MUST</span> adhere to the requirements of such
         contexts as presented in this section and generally in this
         specification.<a href="#section-9.1-6" class="pilcrow">¶</a></p>
<p id="section-9.1-7">
         Implementers should monitor the state of security context
         specifications to check for future updates and replacement.<a href="#section-9.1-7" class="pilcrow">¶</a></p>
</section>
<section id="section-9.2">
        <h3 id="name-identification-and-configur">
<a href="#section-9.2" class="section-number selfRef">9.2. </a><a href="#name-identification-and-configur" class="section-name selfRef">Identification and Configuration</a>
        </h3>
<p id="section-9.2-1">
         Security blocks uniquely identify the security context to be
         used in the processing of their security services. The
         security context for a security block <span class="bcp14">MUST</span> be
         uniquely identifiable and <span class="bcp14">MAY</span> use parameters
         for customization.<a href="#section-9.2-1" class="pilcrow">¶</a></p>
<p id="section-9.2-2">
         To reduce the number of security contexts used in a network,
         security context designers should make security contexts
         customizable through the definition of security context
         parameters. For example, a single security context could be
         associated with a single cipher suite and security context
         parameters could be used to configure the use of this
         security context with different key lengths and different key
         management options without needing to define separate
         security contexts for each possible option.<a href="#section-9.2-2" class="pilcrow">¶</a></p>
<p id="section-9.2-3">
         A single security context may be used in the application of
         more than one security service. This means that a security
         context identifier <span class="bcp14">MAY</span> be used with a BIB,
         with a BCB, or with any other BPSec-compliant security block.
         The definition of a security context <span class="bcp14">MUST</span>
         identify which security services may be used with the
         security context, how security context parameters are
         interpreted as a function of the security operation being
         supported, and which security results are produced for each
         security service.<a href="#section-9.2-3" class="pilcrow">¶</a></p>
<p id="section-9.2-4">
         Network operators must determine the number, type, and
         configuration of security contexts in a system. Networks with
         rapidly changing configurations may define relatively few
         security contexts with each context customized with multiple
         parameters. For networks with more stability, or an increased
         need for confidentiality, a larger number of contexts can be
         defined with each context supporting few, if any, parameters.<a href="#section-9.2-4" class="pilcrow">¶</a></p>
<span id="name-security-context-examples"></span><div id="sec_ctx_ex">
<table class="center" id="table-1">
          <caption>
<a href="#table-1" class="selfRef">Table 1</a>:
<a href="#name-security-context-examples" class="selfRef">Security Context Examples</a>
          </caption>
<thead>
            <tr>
              <th class="text-center" rowspan="1" colspan="1">Context Type</th>
              <th class="text-center" rowspan="1" colspan="1">Parameters</th>
              <th class="text-center" rowspan="1" colspan="1">Definition</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">Key Exchange AES</td>
              <td class="text-center" rowspan="1" colspan="1">Encrypted Key, IV</td>
              <td class="text-center" rowspan="1" colspan="1">AES-GCM-256 cipher suite with
              provided ephemeral key encrypted with a predetermined
              key encryption key and cleartext initialization
              vector.</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">Pre-Shared Key AES</td>
              <td class="text-center" rowspan="1" colspan="1">IV</td>
              <td class="text-center" rowspan="1" colspan="1">AES-GCM-256 cipher suite with
              predetermined key and predetermined key-rotation
              policy.</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">Out-of-Band AES</td>
              <td class="text-center" rowspan="1" colspan="1">None</td>
              <td class="text-center" rowspan="1" colspan="1">AES-GCM-256 cipher suite with all
              info predetermined.</td>
            </tr>
          </tbody>
        </table>
</div>
</section>
<section id="section-9.3">
        <h3 id="name-authorship">
<a href="#section-9.3" class="section-number selfRef">9.3. </a><a href="#name-authorship" class="section-name selfRef">Authorship</a>
        </h3>
<p id="section-9.3-1">
         Developers or implementers should consider the diverse
         performance and conditions of networks on which the Bundle
         Protocol (and, therefore, BPSec) will operate. Specifically,
         the delay and capacity of DTNs can vary
         substantially. Developers should consider these conditions to
         better describe the conditions in which those contexts will
         operate or exhibit vulnerability, and selection of these
         contexts for implementation should be made with consideration
         for this reality. There are key differences that may limit
         the opportunity for a security context to leverage existing
         cipher suites and technologies that have been developed for
         use in more reliable networks:<a href="#section-9.3-1" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-9.3-2">
          <dt id="section-9.3-2.1">Data Lifetime:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-2.2">Depending on the application environment, 
               bundles may persist on the network for extended periods of 
               time, perhaps even years. Cryptographic algorithms should be 
               selected to ensure protection of data against attacks for a 
               length of time reasonable for the application.<a href="#section-9.3-2.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-2.3">One-Way Traffic:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-2.4">Depending on the application
          environment, it is possible that only a one-way connection
          may exist between two endpoints, or if a two-way connection
          does exist, the round-trip time may be extremely large. This
          may limit the utility of session key generation mechanisms,
          such as Diffie-Hellman, as a two-way handshake may not be
          feasible or reliable.<a href="#section-9.3-2.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-2.5">Opportunistic Access:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-2.6">Depending on the application environment, 
               a given endpoint may not be guaranteed to be accessible within 
               a certain amount of time.  This may make asymmetric 
               cryptographic architectures that rely on a key distribution 
               center or other trust center impractical under certain 
               conditions.<a href="#section-9.3-2.6" class="pilcrow">¶</a>
</dd>
        <dd class="break"></dd>
</dl>
<p id="section-9.3-3">
       When developing security contexts for use with BPSec, the following 
       information <span class="bcp14">SHOULD</span> be considered for inclusion in these specifications.<a href="#section-9.3-3" class="pilcrow">¶</a></p>
<span class="break"></span><dl class="dlParallel" id="section-9.3-4">
          <dt id="section-9.3-4.1">Security Context Parameters:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-4.2">Security contexts
          <span class="bcp14">MUST</span> define their parameter Ids, the data
          types of those parameters, and their CBOR encoding.<a href="#section-9.3-4.2" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-4.3">Security Results:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-4.4">Security contexts
          <span class="bcp14">MUST</span> define their security result Ids, the
          data types of those results, and their CBOR encoding.<a href="#section-9.3-4.4" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-4.5">New Canonicalizations:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-4.6">Security contexts may
            define new canonicalization algorithms as necessary.<a href="#section-9.3-4.6" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-4.7">Ciphertext Size:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-4.8">
            <p id="section-9.3-4.8.1">Security contexts
            <span class="bcp14">MUST</span> state whether their associated cipher
            suites generate ciphertext (to include any authentication
            information) that is of a different size than the input
            plaintext.<a href="#section-9.3-4.8.1" class="pilcrow">¶</a></p>
<p id="section-9.3-4.8.2">
               If a security context does not wish to alter the size of the 
               plaintext, it should place overflow bytes and authentication tags
               in security result fields.<a href="#section-9.3-4.8.2" class="pilcrow">¶</a></p>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-4.9">Block Header Information:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-4.10">Security contexts
          <span class="bcp14">SHOULD</span> include block header information that
          is considered to be immutable for the block. This
          information <span class="bcp14">MAY</span> include the block type code,
          block number, CRC type, and CRC field (if present or if
          missing and unlikely to be added later), and possibly
          certain block processing control flags.  Designers should
          input these fields as additional data for integrity
          protection when these fields are expected to remain
          unchanged over the path the block will take from the
          security source to the security acceptor.  Security contexts
          considering block header information <span class="bcp14">MUST</span>
          describe expected behavior when these fields fail their
          integrity verification.<a href="#section-9.3-4.10" class="pilcrow">¶</a>
</dd>
          <dd class="break"></dd>
<dt id="section-9.3-4.11">Handling CRC Fields:</dt>
          <dd style="margin-left: 1.5em" id="section-9.3-4.12">Security contexts may
          include algorithms that alter the contexts of their security
          target block, such as the case when encrypting the
          block-type-specific data of a target block as part of a BCB
          confidentiality service. Security context specifications
          <span class="bcp14">SHOULD</span> address how preexisting CRC type and
          CRC value fields be handled. For example, a BCB security
          context could remove the plaintext CRC value from its
          target upon encryption and replace or recalculate the value
          upon decryption.<a href="#section-9.3-4.12" class="pilcrow">¶</a>
</dd>
        <dd class="break"></dd>
</dl>
</section>
</section>
</div>
<div id="Extensions">
<section id="section-10">
      <h2 id="name-defining-other-security-blo">
<a href="#section-10" class="section-number selfRef">10. </a><a href="#name-defining-other-security-blo" class="section-name selfRef">Defining Other Security Blocks</a>
      </h2>
<p id="section-10-1">
      Other Security Blocks (OSBs) may be defined and used in addition to the 
      security blocks identified in this specification.
      BIB, BCB, and any future OSBs can coexist within a bundle and can be 
      considered in conformance with BPSec if all of the following requirements 
      are met by any future identified security blocks.<a href="#section-10-1" class="pilcrow">¶</a></p>
<ul class="normal">
<li class="normal" id="section-10-2.1">
            OSBs <span class="bcp14">MUST NOT</span> reuse any enumerations 
            identified in this specification, to include the block type codes 
            for BIB and BCB.<a href="#section-10-2.1" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-10-2.2">
            An OSB definition <span class="bcp14">MUST</span> state whether it can
            be the target of a BIB or a BCB. The definition
            <span class="bcp14">MUST</span> also state whether the OSB can target
            a BIB or a BCB.<a href="#section-10-2.2" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-10-2.3">
            An OSB definition <span class="bcp14">MUST</span> provide a
            deterministic processing order in the event that a bundle
            is received containing BIBs, BCBs, and OSBs.  This
            processing order <span class="bcp14">MUST NOT</span> alter the BIB and
            BCB processing orders identified in this specification.<a href="#section-10-2.3" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-10-2.4">
            An OSB definition <span class="bcp14">MUST</span> provide a
            canonicalization algorithm if the default algorithm for
            non-primary-block canonicalization cannot be
            used to generate a deterministic input for a cipher 
            suite. This requirement can be waived if the OSB is
            defined so as to never be the security target of a BIB or
            a BCB.<a href="#section-10-2.4" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-10-2.5">
            An OSB definition <span class="bcp14">MUST NOT</span> require any
            behavior of a BPSec BPA that is in conflict with the
            behavior identified in this specification.  In particular,
            the security processing requirements imposed by this
            specification must be consistent across all BPSec BPAs in
            a network.<a href="#section-10-2.5" class="pilcrow">¶</a>
</li>
        <li class="normal" id="section-10-2.6">
            The behavior of an OSB when dealing with fragmentation
            must be specified and <span class="bcp14">MUST NOT</span> lead to
            ambiguous processing states. In particular, an OSB
            definition should address how to receive and process an
            OSB in a bundle fragment that may or may not also contain
            its security target.  An OSB definition should also
            address whether an OSB may be added to a bundle marked as
            a fragment.<a href="#section-10-2.6" class="pilcrow">¶</a>
</li>
      </ul>
<p id="section-10-3">
      Additionally, policy considerations for the management,
      monitoring, and configuration associated with blocks
      <span class="bcp14">SHOULD</span> be included in any OSB definition.<a href="#section-10-3" class="pilcrow">¶</a></p>
<p id="section-10-4">
      NOTE: The burden of showing compliance with processing rules is
      placed upon the specifications defining new security blocks, and
      the identification of such blocks shall not, alone, require
      maintenance of this specification.<a href="#section-10-4" class="pilcrow">¶</a></p>
</section>
</div>
<div id="IANA">
<section id="section-11">
      <h2 id="name-iana-considerations">
<a href="#section-11" class="section-number selfRef">11. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
      </h2>
<p id="section-11-1">
      This specification includes fields that require registries managed by
      IANA.<a href="#section-11-1" class="pilcrow">¶</a></p>
<div id="BlockType">
<section id="section-11.1">
        <h3 id="name-bundle-block-types">
<a href="#section-11.1" class="section-number selfRef">11.1. </a><a href="#name-bundle-block-types" class="section-name selfRef">Bundle Block Types</a>
        </h3>
<p id="section-11.1-1">
         This specification allocates two block types from the
         existing "Bundle Block Types" registry defined in <span>[<a href="#RFC6255" class="xref">RFC6255</a>]</span>.<a href="#section-11.1-1" class="pilcrow">¶</a></p>
<span id="name-additional-entries-for-the-"></span><div id="iana_table">
<table class="center" id="table-2">
          <caption>
<a href="#table-2" class="selfRef">Table 2</a>:
<a href="#name-additional-entries-for-the-" class="selfRef">Additional Entries for the "Bundle Block Types" Registry</a>
          </caption>
<thead>
            <tr>
              <th class="text-center" rowspan="1" colspan="1">Value</th>
              <th class="text-center" rowspan="1" colspan="1">Description</th>
              <th class="text-center" rowspan="1" colspan="1">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">11</td>
              <td class="text-center" rowspan="1" colspan="1">Block Integrity</td>
              <td class="text-center" rowspan="1" colspan="1">This document</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">12</td>
              <td class="text-center" rowspan="1" colspan="1">Block Confidentiality</td>
              <td class="text-center" rowspan="1" colspan="1">This document</td>
            </tr>
          </tbody>
        </table>
</div>
<p id="section-11.1-3">
         The "Bundle Block Types" registry notes whether a block type is 
         meant for use in BP version 6, BP version 7 (BPv7), or both.  The two block types
         defined in this specification are meant for use with BPv7.<a href="#section-11.1-3" class="pilcrow">¶</a></p>
</section>
</div>
<div id="secreasoncode">
<section id="section-11.2">
        <h3 id="name-bundle-status-report-reason">
<a href="#section-11.2" class="section-number selfRef">11.2. </a><a href="#name-bundle-status-report-reason" class="section-name selfRef">Bundle Status Report Reason Codes</a>
        </h3>
<p id="section-11.2-1">
         This specification allocates five reason codes from the
         existing "Bundle Status Report Reason Codes" registry defined
         in <span>[<a href="#RFC6255" class="xref">RFC6255</a>]</span>.<a href="#section-11.2-1" class="pilcrow">¶</a></p>
<span id="name-additional-entries-for-the-b"></span><table class="center" id="table-3">
          <caption>
<a href="#table-3" class="selfRef">Table 3</a>:
<a href="#name-additional-entries-for-the-b" class="selfRef">Additional Entries for the "Bundle Status Report Reason Codes" Registry</a>
          </caption>
<thead>
            <tr>
              <th class="text-center" rowspan="1" colspan="1">BP Version</th>
              <th class="text-center" rowspan="1" colspan="1">Value</th>
              <th class="text-center" rowspan="1" colspan="1">Description</th>
              <th class="text-center" rowspan="1" colspan="1">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">7</td>
              <td class="text-center" rowspan="1" colspan="1">12</td>
              <td class="text-center" rowspan="1" colspan="1">Missing security operation</td>
              <td class="text-center" rowspan="1" colspan="1">This document, <a href="#ReasonCodes" class="xref">Section 7.1</a> </td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">7</td>
              <td class="text-center" rowspan="1" colspan="1">13</td>
              <td class="text-center" rowspan="1" colspan="1">Unknown security operation</td>
              <td class="text-center" rowspan="1" colspan="1">This document, <a href="#ReasonCodes" class="xref">Section 7.1</a>
</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">7</td>
              <td class="text-center" rowspan="1" colspan="1">14</td>
              <td class="text-center" rowspan="1" colspan="1">Unexpected security operation</td>
              <td class="text-center" rowspan="1" colspan="1">This document, <a href="#ReasonCodes" class="xref">Section 7.1</a>
</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">7</td>
              <td class="text-center" rowspan="1" colspan="1">15</td>
              <td class="text-center" rowspan="1" colspan="1">Failed security operation</td>
              <td class="text-center" rowspan="1" colspan="1">This document, <a href="#ReasonCodes" class="xref">Section 7.1</a>
</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">7</td>
              <td class="text-center" rowspan="1" colspan="1">16</td>
              <td class="text-center" rowspan="1" colspan="1">Conflicting security operation</td>
              <td class="text-center" rowspan="1" colspan="1">This document, <a href="#ReasonCodes" class="xref">Section 7.1</a>
</td>
            </tr>
          </tbody>
        </table>
</section>
</div>
<div id="SecCtx">
<section id="section-11.3">
        <h3 id="name-security-context-identifier">
<a href="#section-11.3" class="section-number selfRef">11.3. </a><a href="#name-security-context-identifier" class="section-name selfRef">Security Context Identifiers</a>
        </h3>
<p id="section-11.3-1">
         BPSec has a Security Context Identifier field for which
         IANA has created a new registry
         named "BPSec Security Context Identifiers". Initial values
         for this registry are given below.<a href="#section-11.3-1" class="pilcrow">¶</a></p>
<p id="section-11.3-2">
         The registration policy for this registry is Specification
         Required (see <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>).<a href="#section-11.3-2" class="pilcrow">¶</a></p>
<p id="section-11.3-3">
         The value range: signed 16-bit integer.<a href="#section-11.3-3" class="pilcrow">¶</a></p>
<span id="name-bpsec-security-context-iden"></span><div id="sec_ctx_table">
<table class="center" id="table-4">
          <caption>
<a href="#table-4" class="selfRef">Table 4</a>:
<a href="#name-bpsec-security-context-iden" class="selfRef">"BPSec Security Context Identifier" Registry</a>
          </caption>
<thead>
            <tr>
              <th class="text-center" rowspan="1" colspan="1">Value</th>
              <th class="text-center" rowspan="1" colspan="1">Description</th>
              <th class="text-center" rowspan="1" colspan="1">Reference</th>
            </tr>
          </thead>
          <tbody>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">&lt; 0 </td>
              <td class="text-center" rowspan="1" colspan="1">Reserved</td>
              <td class="text-center" rowspan="1" colspan="1">This document</td>
            </tr>
            <tr>
              <td class="text-center" rowspan="1" colspan="1">0</td>
              <td class="text-center" rowspan="1" colspan="1">Reserved</td>
              <td class="text-center" rowspan="1" colspan="1">This document</td>
            </tr>
          </tbody>
        </table>
</div>
<p id="section-11.3-5">
         Negative security context identifiers are reserved for local/site-specific uses.
         The use of 0 as a security context identifier is for nonoperational testing purposes only.<a href="#section-11.3-5" class="pilcrow">¶</a></p>
</section>
</div>
</section>
</div>
<section id="section-12">
      <h2 id="name-references">
<a href="#section-12" class="section-number selfRef">12. </a><a href="#name-references" class="section-name selfRef">References</a>
      </h2>
<section id="section-12.1">
        <h3 id="name-normative-references">
<a href="#section-12.1" class="section-number selfRef">12.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
        </h3>
<dl class="references">
<dt id="RFC2119">[RFC2119]</dt>
        <dd>
<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc2119">https://www.rfc-editor.org/info/rfc2119</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC3552">[RFC3552]</dt>
        <dd>
<span class="refAuthor">Rescorla, E.</span> and <span class="refAuthor">B. Korver</span>, <span class="refTitle">"Guidelines for Writing RFC Text on Security Considerations"</span>, <span class="seriesInfo">BCP 72</span>, <span class="seriesInfo">RFC 3552</span>, <span class="seriesInfo">DOI 10.17487/RFC3552</span>, <time datetime="2003-07" class="refDate">July 2003</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc3552">https://www.rfc-editor.org/info/rfc3552</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6255">[RFC6255]</dt>
        <dd>
<span class="refAuthor">Blanchet, M.</span>, <span class="refTitle">"Delay-Tolerant Networking Bundle Protocol IANA Registries"</span>, <span class="seriesInfo">RFC 6255</span>, <span class="seriesInfo">DOI 10.17487/RFC6255</span>, <time datetime="2011-05" class="refDate">May 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6255">https://www.rfc-editor.org/info/rfc6255</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8174">[RFC8174]</dt>
        <dd>
<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8174">https://www.rfc-editor.org/info/rfc8174</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8949">[RFC8949]</dt>
        <dd>
<span class="refAuthor">Bormann, C.</span> and <span class="refAuthor">P. Hoffman</span>, <span class="refTitle">"Concise Binary Object Representation (CBOR)"</span>, <span class="seriesInfo">STD 94</span>, <span class="seriesInfo">RFC 8949</span>, <span class="seriesInfo">DOI 10.17487/RFC8949</span>, <time datetime="2020-12" class="refDate">December 2020</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8949">https://www.rfc-editor.org/info/rfc8949</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC9171">[RFC9171]</dt>
        <dd>
<span class="refAuthor">Burleigh, S.</span>, <span class="refAuthor">Fall, K.</span>, and <span class="refAuthor">E. Birrane, III</span>, <span class="refTitle">"Bundle Protocol Version 7"</span>, <span class="seriesInfo">RFC 9171</span>, <span class="seriesInfo">DOI 10.17487/RFC9171</span>, <time datetime="2022-01" class="refDate">January 2022</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc9171">https://www.rfc-editor.org/info/rfc9171</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC9173">[RFC9173]</dt>
      <dd>
<span class="refAuthor">Birrane, III, E.</span>, <span class="refAuthor">White, A.</span>, and <span class="refAuthor">S. Heiner</span>, <span class="refTitle">"Default Security Contexts for Bundle Protocol Security (BPSec)"</span>, <span class="seriesInfo">RFC 9173</span>, <span class="seriesInfo">DOI 10.17487/RFC9173</span>, <time datetime="2022-01" class="refDate">January 2022</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc9173">https://www.rfc-editor.org/info/rfc9173</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
<section id="section-12.2">
        <h3 id="name-informative-references">
<a href="#section-12.2" class="section-number selfRef">12.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
        </h3>
<dl class="references">
<dt id="RFC4838">[RFC4838]</dt>
        <dd>
<span class="refAuthor">Cerf, V.</span>, <span class="refAuthor">Burleigh, S.</span>, <span class="refAuthor">Hooke, A.</span>, <span class="refAuthor">Torgerson, L.</span>, <span class="refAuthor">Durst, R.</span>, <span class="refAuthor">Scott, K.</span>, <span class="refAuthor">Fall, K.</span>, and <span class="refAuthor">H. Weiss</span>, <span class="refTitle">"Delay-Tolerant Networking Architecture"</span>, <span class="seriesInfo">RFC 4838</span>, <span class="seriesInfo">DOI 10.17487/RFC4838</span>, <time datetime="2007-04" class="refDate">April 2007</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc4838">https://www.rfc-editor.org/info/rfc4838</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC6257">[RFC6257]</dt>
        <dd>
<span class="refAuthor">Symington, S.</span>, <span class="refAuthor">Farrell, S.</span>, <span class="refAuthor">Weiss, H.</span>, and <span class="refAuthor">P. Lovell</span>, <span class="refTitle">"Bundle Security Protocol Specification"</span>, <span class="seriesInfo">RFC 6257</span>, <span class="seriesInfo">DOI 10.17487/RFC6257</span>, <time datetime="2011-05" class="refDate">May 2011</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc6257">https://www.rfc-editor.org/info/rfc6257</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8126">[RFC8126]</dt>
      <dd>
<span class="refAuthor">Cotton, M.</span>, <span class="refAuthor">Leiba, B.</span>, and <span class="refAuthor">T. Narten</span>, <span class="refTitle">"Guidelines for Writing an IANA Considerations Section in RFCs"</span>, <span class="seriesInfo">BCP 26</span>, <span class="seriesInfo">RFC 8126</span>, <span class="seriesInfo">DOI 10.17487/RFC8126</span>, <time datetime="2017-06" class="refDate">June 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/info/rfc8126">https://www.rfc-editor.org/info/rfc8126</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
</section>
<div id="contr">
<section id="appendix-A">
      <h2 id="name-acknowledgments">
<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
      </h2>
<p id="appendix-A-1">The following participants contributed technical material, use cases,
      and useful thoughts on the overall approach to this security
      specification:  <span class="contact-name">Scott Burleigh</span> of the IPNGROUP, <span class="contact-name">Angela Hennessy</span> of the Laboratory for Telecommunications
      Sciences, <span class="contact-name">Amy Alford</span> and  <span class="contact-name">Cherita Corbett</span> of the Johns Hopkins
      University Applied Physics Laboratory (JHU/APL), and <span class="contact-name">Angela Dalton</span> of AMD Research.<a href="#appendix-A-1" class="pilcrow">¶</a></p>
<p id="appendix-A-2">Additionally, <span class="contact-name">Benjamin Kaduk</span> of Akamai Technologies provided a detailed technical review that resulted in a stronger and more precise specification.<a href="#appendix-A-2" class="pilcrow">¶</a></p>
</section>
</div>
<div id="authors-addresses">
<section id="appendix-B">
      <h2 id="name-authors-addresses">
<a href="#name-authors-addresses" class="section-name selfRef">Authors' Addresses</a>
      </h2>
<address class="vcard">
        <div dir="auto" class="left"><span class="fn nameRole">Edward J. Birrane, III</span></div>
<div dir="auto" class="left"><span class="org">The Johns Hopkins University Applied Physics Laboratory</span></div>
<div dir="auto" class="left"><span class="street-address">11100 Johns Hopkins Rd.</span></div>
<div dir="auto" class="left">
<span class="locality">Laurel</span>, <span class="region">MD</span> <span class="postal-code">20723</span>
</div>
<div dir="auto" class="left"><span class="country-name">United States of America</span></div>
<div class="tel">
<span>Phone:</span>
<a href="tel:+1%20443%20778%207423" class="tel">+1 443 778 7423</a>
</div>
<div class="email">
<span>Email:</span>
<a href="mailto:Edward.Birrane@jhuapl.edu" class="email">Edward.Birrane@jhuapl.edu</a>
</div>
</address>
<address class="vcard">
        <div dir="auto" class="left"><span class="fn nameRole">Kenneth McKeever</span></div>
<div dir="auto" class="left"><span class="org">The Johns Hopkins University Applied Physics Laboratory</span></div>
<div dir="auto" class="left"><span class="street-address">11100 Johns Hopkins Rd.</span></div>
<div dir="auto" class="left">
<span class="locality">Laurel</span>, <span class="region">MD</span> <span class="postal-code">20723</span>
</div>
<div dir="auto" class="left"><span class="country-name">United States of America</span></div>
<div class="tel">
<span>Phone:</span>
<a href="tel:+1%20443%20778%202237" class="tel">+1 443 778 2237</a>
</div>
<div class="email">
<span>Email:</span>
<a href="mailto:Ken.McKeever@jhuapl.edu" class="email">Ken.McKeever@jhuapl.edu</a>
</div>
</address>
</section>
</div>
<script>const toc = document.getElementById("toc");
toc.querySelector("h2").addEventListener("click", e => {
  toc.classList.toggle("active");
});
toc.querySelector("nav").addEventListener("click", e => {
  toc.classList.remove("active");
});
</script>
</body>
</html>