Browse Prior Art Database

Strong Security Requirements for Internet Engineering Task Force Standard Protocols (RFC3365)

IP.com Disclosure Number: IPCOM000009358D
Original Publication Date: 2002-Aug-01
Included in the Prior Art Database: 2002-Aug-20
Document File: 9 page(s) / 16K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Schiller: AUTHOR

Abstract

It is the consensus of the IETF that IETF standard protocols MUST make use of appropriate strong security mechanisms. This document describes the history and rationale for this doctrine and establishes this doctrine as a best current practice.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 18% of the total text.

Network Working Group                                        J. Schiller

Request for Comments: 3365         Massachusetts Institute of Technology

BCP: 61                                                      August 2002

Category: Best Current Practice

                   Strong Security Requirements for

           Internet Engineering Task Force Standard Protocols

Status of this Memo

   This document specifies an Internet Best Current Practices for the

   Internet Community, and requests discussion and suggestions for

   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   It is the consensus of the IETF that IETF standard protocols MUST

   make use of appropriate strong security mechanisms.  This document

   describes the history and rationale for this doctrine and establishes

   this doctrine as a best current practice.

Table of Contents

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .   2

   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   2

   3.  Security Services . . . . . . . . . . . . . . . . . . . . . .   2

   4.  The Properties of the Internet. . . . . . . . . . . . . . . .   3

   5.  IETF Security Technology. . . . . . . . . . . . . . . . . . .   3

   6.  The Danvers Doctrine. . . . . . . . . . . . . . . . . . . . .   4

   7.  MUST is for Implementors. . . . . . . . . . . . . . . . . . .   5

   8.  Is Encryption a MUST? . . . . . . . . . . . . . . . . . . . .   5

   9.  Crypto Seems to Have a Bad Name . . . . . . . . . . . . . . .   6

   10. Security Considerations . . . . . . . . . . . . . . . . . . .   6

   11. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6

   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .   7

   13. Author's Address  . . . . . . . . . . . . . . . . . . . . . .   7

   14. Full Copyright Statement  . . . . . . . . . . . . . . . . . .   8

Schiller                 Best Current Practice                  [Page 1]

RFC 3365            Encryption Security Requirements         August 2002

1.  Introduction

   The purpose of this document is to document the IETF consensus on

   security requirements for protocols as well as to provide the

   background and motivation for them.

   The Internet is a global network of independently managed networks

   and hosts.  As such there is no central authority responsible for the

   operation of the network.  There is no central authority responsible

   for the provision of security across the network either.

   Security needs to be provided end-to-end or host to host.  The IETF's

   security role is to ensure that IETF standard protocols have the

   necessary features to provide appropriate security fo...