Security Architecture for the Internet Protocol (RFC1825)
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2019-Feb-12
Internet Society Requests For Comment (RFCs)
This memo describes the security mechanisms for IP version 4 (IPv4) and IP version 6 (IPv6) and the services that they provide. [STANDARDS-TRACK]
Network Working Group R. Atkinson Request for Comments: 1825 Naval Research Laboratory Category: Standards Track August 1995
Security Architecture for the Internet Protocol
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
This memo describes the security mechanisms for IP version 4 (IPv4) and IP version 6 (IPv6) and the services that they provide. Each security mechanism is specified in a separate document. This document also describes key management requirements for systems implementing those security mechanisms. This document is not an overall Security Architecture for the Internet and is instead focused on IP-layer security.
1.1 Technical Definitions
This section provides a few basic definitions that are applicable to this document. Other documents provide more definitions and background information [VK83, HA94].
Authentication The property of knowing that the data received is the same as the data that was sent and that the claimed sender is in fact the actual sender.
Integrity The property of ensuring that data is transmitted from source to destination without undetected alteration.
Confidentiality The property of communicating such that the intended recipients know what was being sent but unintended parties cannot determine what was sent.
Encryption A mechanism commonly used to provide confidentiality.
Atkinson Standards Track [Page 1]
RFC 1825 Security Architecture for IP August 1995
Non-repudiation The property of a receiver being able to prove that the sender of some data did in fact send the data even though the sender might later desire to deny ever having sent that data.
SPI Acronym for "Security Parameters Index". An unstructured opaque index which is used in conjunction with the Destination Address to identify a particular Security Association.
Security Association The set of security information relating to a given network connection or set of connections. This is described in detail below.
Traffic Analysis The analysis of network traffic flow for the purpose of deducing information that is useful to an adversary. Examples of such information are frequency of transmission, the identities of the conversing parties, sizes of packets, Flow Identifiers used, etc. [Sch94].
1.2 Requirements Terminology
In this document, the words that are used to define the significance of each particular requirement are usually capitalised. These words are:
This word or the adjective "REQUIRED" means that the item is an absolute requirement of the specification.
This word or the adjective "RECOMMENDED" means that there might exist valid reasons in particular circumstances to ignore this item, but the full implications...