Browse Prior Art Database

Strong Security Requirements for Internet Engineering Task Force Standard Protocols (RFC3365)

IP.com Disclosure Number: IPCOM000009358D
Original Publication Date: 2002-Aug-01
Included in the Prior Art Database: 2002-Aug-20
Document File: 9 page(s) / 16K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Schiller: AUTHOR

Abstract

It is the consensus of the IETF that IETF standard protocols MUST make use of appropriate strong security mechanisms. This document describes the history and rationale for this doctrine and establishes this doctrine as a best current practice.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 18% of the total text.

Network Working Group� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � J. Schiller

Request for Comments: 3365� � � � � � � � Massachusetts Institute of Technology

BCP: 61� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � August 2002

Category: Best Current Practice

� � � � � � � � � � � � � � � � � � Strong Security Requirements for

� � � � � � � � � � Internet Engineering Task Force Standard Protocols

Status of this Memo

� � This document specifies an Internet Best Current Practices for the

� � Internet Community, and requests discussion and suggestions for

� � improvements.� Distribution of this memo is unlimited.

Copyright Notice

� � Copyright (C) The Internet Society (2002).� All Rights Reserved.

Abstract

� � It is the consensus of the IETF that IETF standard protocols MUST

� � make use of appropriate strong security mechanisms.� This document

� � describes the history and rationale for this doctrine and establishes

� � this doctrine as a best current practice.

Table of Contents

� � 1.� Introduction. . . . . . . . . . . . . . . . . . . . . . . . .� � 2

� � 2.� Terminology . . . . . . . . . . . . . . . . . . . . . . . . .� � 2

� � 3.� Security Services . . . . . . . . . . . . . . . . . . . . . .� � 2

� � 4.� The Properties of the Internet. . . . . . . . . . . . . . . .� � 3

� � 5.� IETF Security Technology. . . . . . . . . . . . . . . . . . .� � 3

� � 6.� The Danvers Doctrine. . . . . . . . . . . . . . . . . . . . .� � 4

� � 7.� MUST is for Implementors. . . . . . . . . . . . . . . . . . .� � 5

� � 8.� Is Encryption a MUST? . . . . . . . . . . . . . . . . . . . .� � 5

� � 9.� Crypto Seems to Have a Bad Name . . . . . . . . . . . . . . .� � 6

� � 10. Security Considerations . . . . . . . . . . . . . . . . . . .� � 6

� � 11. Acknowledgements� . . . . . . . . . . . . . . . . . . . . . .� � 6

� � 12. References� . . . . . . . . . . . . . . . . . . . . . . . . .� � 7

� � 13. Author's Address� . . . . . . . . . . . . . . . . . . . . . .� � 7

� � 14. Full Copyright Statement� . . . . . . . . . . . . . . . . . .� � 8

Schiller� � � � � � � � � � � � � � � � Best Current Practice� � � � � � � � � � � � � � � � � [Page 1]

RFC 3365� � � � � � � � � � � Encryption Security Requirements� � � � � � � � August 2002

1.� Introduction

� � The purpose of this document is to document the IETF consensus on

� � security requirements for protocols as well as to provide the

� � background and motivation for them.

� � The Internet is a global network of independently managed networks

� � and hosts.� As such there is no central authority responsible for the

� � operation of the network.� There is no central authority responsible

� � for the provision of security across the network either.

� � Security needs to be provided end-to-end or host to host.� The IETF's

� � security role is to ensure that IETF standard protocols have the

� � necessary features to provide appropriate security fo...