Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

U.S (RFC1108)

IP.com Disclosure Number: IPCOM000001917D
Original Publication Date: 1991-Nov-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 14 page(s) / 39K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

Department of Defense Security Options for the Internet Protocol. S. Kent: AUTHOR

Abstract

This RFC specifies the U.S. Department of Defense Basic Security Option and the top-level description of the Extended Security Option for use with the Internet Protocol. This RFC obsoletes RFC 1038 "Revised IP Security Option", dated January 1988.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group S. Kent

Request for Comments: 1108 BBN Communications

Obsoletes: RFC 1038 November 1991

U.S. Department of Defense

Security Options for the Internet Protocol

Status of this Memo

This RFC specifies an IAB standards track protocol for the Internet

community, and requests discussion and suggestions for improvements.

Please refer to the current edition of the "IAB Official Protocol

Standards" for the standardization state and status of this protocol.

Distribution of this memo is unlimited.

Abstract

This RFC specifies the U.S. Department of Defense Basic Security

Option and the top-level description of the Extended Security Option

for use with the Internet Protocol. This RFC obsoletes RFC 1038

"Revised IP Security Option", dated January 1988.

1. DoD Security Options Defined

The following two internet protocol options are defined for use on

Department of Defense (DoD) common user data networks:

CF CLASS # TYPE LENGTH DESCRIPTION

1 0 2 130 var. DoD Basic Security: Used to carry the

classification level and protection

authority flags.

1 0 5 133 var. DoD Extended Security: Used to carry

additional security information as

required by registered authorities.

CF = Copy on Fragmentation

2. DoD Basic Security Option

This option identifies the U.S. classification level at which the

datagram is to be protected and the authorities whose protection

rules apply to each datagram.

This option is used by end systems and intermediate systems of an

internet to:

a. Transmit from source to destination in a network standard

representation the common security labels required by computer

security models,

b. Validate the datagram as appropriate for transmission from

the source and delivery to the destination,

c. Ensure that the route taken by the datagram is protected to

the level required by all protection authorities indicated on

the datagram. In order to provide this facility in a general

Internet environment, interior and exterior gateway protocols

must be augmented to include security label information in

support of routing control.

The DoD Basic Security option must be copied on fragmentation. This

option appears at most once in a datagram. Some security systems

require this to be the first option if more than one option is

carried in the IP header, but this is not a generic requirement

levied by this specification.

The format of the DoD Basic Security option is as follows:

+------------+------------+------------+-------------//----------+

| 10000010 | XXXXXXXX | SSSSSSSS | AAAAAAA[1] AAAAAAA0 |

...