Do you plan to support DNP3-SAv6 when it is released?

[Cody Morgan]

Hi all, 

I have a question for Adam, but if anyone else has information, please share. I'm interested in any information about the topic.
I have read the paper on DNP3-SAv5: 

http://www.cs.dartmouth.edu/~sergey/langsec/papers/crain-bratus-bolt-on-dnp3sa.pdf

It seems many of these concerns have been addressed with DNP3-SAv6, according to the overview: 

https://www.dnp.org/Portals/0/Public%20Documents/Overview%20of%20DNP3%20Security%20Version%206%202020-01-21.pdf?ver=2020-01-24-183856-633 

I have not found any more information on DNP3-SAv6, but it seems to address many of your concerns. It is implemented as a new layer between the Transport Layer and the Application Layer, which I believe is something you have suggested in the past. 

That being said, do you think DNP3-SAv6 adequately addresses your concerns with DNP3-SA? Do you plan to add support for this in opendnp3? 

Thanks,

Cody

[Adam Crain]

Hi Cody,

SAv6 addresses all of my most important architectural concerns. Any remaining complaints

aren't things that really detract from the security by adding too much complexity.

That said, we won't be implementing this in opendnp3.  This is the first time I've mentioned this on

the list, but we're developing our next gen protocol drivers in Rust with generated bindings

for C, C++, .NET, Java etc.

Opendnp3 3.0 will be the final release series for this project. Existing users here shouldn't panic tho. Here's

what we plan:

- The project will transition to "maintenance mode". We will continue fixing bugs or interop issues that may crop up over time

- We won't be adding any more features unless asked to do so by an existing commercial client

I know it's probably not what users want to hear, but it's necessary for us to take our work to the next level.

Our experience writing protocol implementations in Rust has been amazing. We have a DNP3 master working with more

feature support than opendnp3 already, and it's literally 1/4 of the lines of code and much simpler.

Writing asynchronous code in C++ that scales is *really* hard to get right. Rust makes it trivial with async/await.

We'll be a making these libraries publicly available under a non-commercial license, with traditional commercial 

licenses available for purchase. So they'll be "open" and freely available for evaluation, but not technically "open source"

since OSS specifically has no commercial/non-commercial distinction.

So, we do plan to implement SAv6, but only in our commercial Rust implementation of DNP3. We hope to participate in 

some interop events the UG has planned in Q3/Q4 this year wrt to SAv6.

-Adam

[Cody Morgan]

Thanks Adam!

Is there anywhere I can go to find information and keep up with the development of the new libraries? 

[Adam Crain]

We'll be launching a new website/brand in the 2-3 months. I'll be sure to notify the list, social media, etc.