B.1 Overview

This appendix details some of the processing steps taken by Bundle Protocol Agents (BPAs) as they generate and receive security blocks. Understanding these steps is beneficial for BPA software developers, security context designers, and those building configurations and policies as part of operating Bundle Protocol version 7 (BPv7) networks.

This appendix is segmented into three subsections, defined as follows.

1. Processing single-target, single-result security contexts.
2. Processing single-target, multiple-result security contexts.
3. Processing multiple security sources (with multiple security contexts).

These subsections each provide reference scenarios relating to the use of the bcb-confidentiality security service, bib-integrity security service, or both. They also enumerate processing steps associated with actions taken at security sources, security verifiers, and security acceptors as required by Bundle Protocol Security (BPSec). Finally, common error conditions that may arise during those steps are listed and these error conditions are mapped to recommended responses.

B.2 Single-Target Single-Result Security Contexts

Single-Target, Single-Result (STSR) security contexts represent a 1-1 mapping of target blocks and cipher suite invocations. This does not mean that such a security context only produces a single cipher suite output value, it simply means that the security service is applied exactly once per target block. A ...