Draft revised IP security option
RFC 1038
| Document | Type |
RFC - Unknown
(January 1988; No errata)
Obsoleted by RFC 1108
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 1038 (Unknown) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group M. St. Johns
Request for Comments: 1038 IETF
January 1988
Draft Revised IP Security Option
Status of this Memo
This RFC is a pre-publication draft of the revised Internet Protocol
Security Option. This draft reflects the version as approved by
the Protocol Standards Steering Group. It is provided for
informational purposes only. The final version of this document will
be available from Navy Publications and should not differ from
this document in any major fashion.
This document will be published as a change to the MIL-STD 1777,
"Internet Protocol". Distribution of this memo is unlimited.
9.3.13.1 Internet Options Defined.
The following internet options are defined:
CLASS NUMBER LENGTH DESCRIPTION
_____ ______ ______ ___________
0 00000 - End of Option list: This option occupies
only 1 octet; it has no length octet.
0 00001 - No Operation: This option occupies only 1
octet; it has no length octet.
0 00010 var. Basic Security: Used to carry security
level and accrediting authority flags.
0 00011 var. Loose Source Routing: Used to route the
datagram based on information supplied by
the source.
0 00101 var. Extended Security: Used to carry additional
security information as required by
registered authorities.
0 01001 var. Strict Source Routing: Used to route the
datagram based on information supplied by
the source.
0 00111 var. Record Route: Used to trace the route a
datagram takes.
0 01000 4 Stream ID: Used to carry the stream
identifier.
2 00100 var. Internet Timestamp: Used to accumulate
timing information in transit.
St. Johns [Page 1]
RFC 1038 Draft Revised IP Security Option January 1988
9.3.15.3 DoD Basic Security.
Option type: 130 Option length: variable; minimum length: 4
The option identifies the U.S. security level to which the datagram
is to be protected, and the accrediting authorities whose protection
rules apply to each datagram.
The option is used by accredited trusted components of an internet
to:
a. Validate the datagram as appropriate for transmission from the
source.
b. Guarantee that the route taken by the datagram (including the
destination) is protected to the level required by all
indicated accrediting authorities.
c. Supply common label information required by computer security
models.
This option must be copied on fragmentation. This option appears
at most once in a datagram.
The format of this option is as follows:
+--------------+-----------+-------------+-------------//----------+
| 10000010 | XXXXXXXX | SSSSSSSS | AAAAAAA[1] AAAAAAA0 |
| | | | [0] |
+--------------+-----------+-------------+-------------//----------+
TYPE = 130 LENGTH CLASSIFICATION PROTECTION
VARIABLE PROTECTION AUTHORITY
LEVEL FLAGS
FIGURE 10-A. SECURITY OPTION FORMAT
9.3.15.3.1 Length.
The length of the option is variable. The minimum length option is
4.
9.3.15.3.2 Classification Protection Level.
This field specifies the U.S. classification level to which the
datagram should be protected. The information in the datagram should
be assumed to be at this level until and unless it is regraded in
accordance with the procedures of all indicated protecting
St. Johns [Page 2]
RFC 1038 Draft Revised IP Security Option January 1988
authorities. This field specifies one of the four U.S.
classification levels, and is encoded as follows:
11011110 - Top Secret
10101101 - Secret
01111010 - Confidential
01010101 - Unclassified
9.3.15.3.3 Protection Authorities Flags.
This field indicates the National Access Program(s) with accrediting
authority whose rules apply to the protection of the datagram.
a. Field Length: This field is variable in length. The low-
order bit (Bit 7) of each octet is encoded as "zero" if it is the
Show full document text