BPv7 networks may be deployed in a variety of networking environments and BPSec security blocks require a way to adapt to the characteristics of these environments. Security contexts provide this adaptability as they act as an interface between cipher suites bundle information.

Designing security contexts is a complex activity whose success is fundamental to the correct and secure application of BPSec. This chapter explores concepts related to this design.

After reading this chapter you will be able to:

11.1 Overview

A security context represents a standard way of combining Bundle Protocol Agent (BPA) policy and configuration, bundle information, and cipher suite algorithms to process cryptographic materials appropriately for a particular network environment and/or information type. Just as there are several networking environments in which BPv7 bundles may be used, there will be several BPSec security contexts defined to enable securing those environments.

The need to design new security contexts might come from the need to interface with a new cipher suite or to combine algorithms from multiple cipher suites in unique ways. ...