Security Architecture for the Internet Protocol (RFC1825)
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2000-Sep-13
Internet Society Requests For Comment (RFCs)
AbstractThis memo describes the security mechanisms for IP version 4 (IPv4) and IP version 6 (IPv6) and the services that they provide. Each security mechanism is specified in a separate document. This document also describes key management requirements for systems implementing those security mechanisms. This document is not an overall Security Architecture for the Internet and is instead focused on IP-layer security.
Network Working Group R. Atkinson
Request for Comments: 1825 Naval Research Laboratory
Category: Standards Track August 1995
Security Architecture for the Internet Protocol
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
This memo describes the security mechanisms for IP version 4 (IPv4)
and IP version 6 (IPv6) and the services that they provide. Each
security mechanism is specified in a separate document. This
document also describes key management requirements for systems
implementing those security mechanisms. This document is not an
overall Security Architecture for the Internet and is instead focused
on IP-layer security.
1.1 Technical Definitions
This section provides a few basic definitions that are applicable to
this document. Other documents provide more definitions and
background information [VK83, HA94].
The property of knowing that the data received is the same as
the data that was sent and that the claimed sender is in fact
the actual sender.
The property of ensuring that data is transmitted from source
to destination without undetected alteration.
The property of communicating such that the intended
recipients know what was being sent but unintended
parties cannot determine what was sent.
A mechanism commonly used to provide confidentiality.
The property of a receiver being able to prove that the sender
of some data did in fact send the data even though the sender
might later desire to deny ever having sent that data.
Acronym for "Security Parameters Index". An unstructured
opaque index which is used in conjunction with the
Destination Address to identify a particular Security
The set of security information relating to a given network
connection or set of connections. This is described in
The analysis of network traffic flow for the purpose of
deducing information that is useful to an adversary.
Examples of such information are frequency of transmission,
the identities of the conversing parties, sizes of packets,
Flow Identifiers used, etc. [Sch94].
1.2 Requirements Terminology
In this document, the words that are used to define the significance
of each particular requirement are usually ca...