Browse Prior Art Database

Security Architecture for the Internet Protocol (RFC1825)

IP.com Disclosure Number: IPCOM000004083D
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 19 page(s) / 53K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Atkinson: AUTHOR

Abstract

This memo describes the security mechanisms for IP version 4 (IPv4) and IP version 6 (IPv6) and the services that they provide. Each security mechanism is specified in a separate document. This document also describes key management requirements for systems implementing those security mechanisms. This document is not an overall Security Architecture for the Internet and is instead focused on IP-layer security.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 5% of the total text.

Network Working Group R. Atkinson

Request for Comments: 1825 Naval Research Laboratory

Category: Standards Track August 1995

Security Architecture for the Internet Protocol

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

1. INTRODUCTION

This memo describes the security mechanisms for IP version 4 (IPv4)

and IP version 6 (IPv6) and the services that they provide. Each

security mechanism is specified in a separate document. This

document also describes key management requirements for systems

implementing those security mechanisms. This document is not an

overall Security Architecture for the Internet and is instead focused

on IP-layer security.

1.1 Technical Definitions

This section provides a few basic definitions that are applicable to

this document. Other documents provide more definitions and

background information [VK83, HA94].

Authentication

The property of knowing that the data received is the same as

the data that was sent and that the claimed sender is in fact

the actual sender.

Integrity

The property of ensuring that data is transmitted from source

to destination without undetected alteration.

Confidentiality

The property of communicating such that the intended

recipients know what was being sent but unintended

parties cannot determine what was sent.

Encryption

A mechanism commonly used to provide confidentiality.

Non-repudiation

The property of a receiver being able to prove that the sender

of some data did in fact send the data even though the sender

might later desire to deny ever having sent that data.

SPI

Acronym for "Security Parameters Index". An unstructured

opaque index which is used in conjunction with the

Destination Address to identify a particular Security

Association.

Security Association

The set of security information relating to a given network

connection or set of connections. This is described in

detail below.

Traffic Analysis

The analysis of network traffic flow for the purpose of

...