Bundle Protocol Security (BPSec) defines the mechanisms necessary to implement security in Bundle Protocol version 7 (BPv7) networks. Some of those mechanisms, such as extension block definitions for the Block Integrity Block (BIB) and Block Confidentiality Block (BCB), are common across all BPv7 networks. Other mechanisms, such as security policies and security contexts are expected to be customized for particular implementations.

Two exemplar security contexts are documented in the “Default Security Contexts for BPSec” specification, Request for Comments (RFC) 9173 [1]. These security contexts provide a minimal security capability appropriate for use over the Internet. One security context is given for the bib-integrity service and another is given for the bcb-confidentiality service.

The security contexts of RFC 9173 serve two purposes. First, they provide an example for BPv7 network security designers to expand upon for particular use cases, requirements, or other constraints. Second, they provide a basic level of protection that while optional to use, is mandatory to implement in a BPA.

To ensure interoperability among various implementations, all BPSec implementations MUST support at least the current, mandatory security context(s) defined in IETF Standards Track RFCs. As of this writing, that BP mandatory security context is specified in [RFC9173], but the mandatory security context(s) might change over time in accordance with usual ...