Physical Link Security Type of Service
RFC 1455

Document Type RFC - Experimental (May 1993; No errata)
Obsoleted by RFC 2474
Was draft-eastlake-linksectos (individual)
Author Donald Eastlake 
Last updated 2013-03-02
Stream Legacy stream
Formats plain text html pdf htmlized (tools) htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 1455 (Experimental)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                   D. Eastlake, III
Request for Comments: 1455                 Digital Equipment Corporation
                                                                May 1993

                 Physical Link Security Type of Service

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  Discussion and suggestions for improvement are requested.
   Please refer to the current edition of the "IAB Official Protocol
   Standards" for the standardization state and status of this protocol.
   Distribution of this memo is unlimited.


   This RFC documents an experimental protocol providing a Type of
   Service (TOS) to request maximum physical link security.  This is an
   addition to the types of service enumerated in RFC 1349: Type of
   Service in the Internet Protocol Suite.  The new TOS requests the
   network to provide what protection it can against surreptitious
   observation by outside agents of traffic so labeled.  The purpose is
   protection against traffic analysis and as an additional possible
   level of data confidentiality.  This TOS is consistent with all other
   defined types of service for IP version 4 in that it is based on link
   level characteristics and will not provide any particular guaranteed
   level of service.

1. Nature of Requirement

   This Internet Protocol addition addresses two potential security
   requirements: resistance to traffic analysis and confidentiality.
   These are described in the two subsections below followed by a
   discussion of why links have different levels of physical security so
   that it is meaningful to request that more secure links be used.

1.1 Traffic Analysis

   At this time all Internet Protocol (IP) packets must have most of
   their header information, including the "from" and "to" addresses, in
   the clear.  This is required for routers to properly handle the
   traffic even if a higher level protocol fully encrypts all bytes in
   the packet after the IP header.  This renders even end-to-end
   encrypted IP packets subject to traffic analysis if the data stream
   can be observed.  While traffic statistics are normally less
   sensitive than the data content of packets, in some cases activities
   of hosts or users are deducible from traffic information.

Eastlake                                                        [Page 1]
RFC 1455                   Link Security TOS                    May 1993

   It is essential that routers have access to header information, so it
   is hard to protect traffic statistics from an adversary with inside
   access to the network.  However, use of more secure physical links
   will make traffic observation by entities outside of the network more
   difficult thus improving protection from traffic analysis.

   No doubt users would like to be able to request a guaranteed level of
   link security, just as they would like to be able to request a
   guaranteed bandwidth or delay through the network.  However, such
   guarantees require a resource reservation and/or policy routing
   scheme and are beyond the scope of the current IP Type of Service

   Although the TOS field is provided in all current Internet packets
   and routing based on TOS is provided in routing protocols such as
   OSPF [See 5,6,7], there is no realistic chance that all of the
   Internet will implement this additional TOS any time in the
   foreseeable future.  Nevertheless, users concerned about traffic
   analysis need to be able to request that the physical security of the
   links over which their packets will be pass be maximized in
   preference to other link characteristics.  The proposed TOS provides
   this capability.

1.2 Confidentiality

   Use of physical links with greater physical security provides a layer
   of protection for the confidentiality of the data in the packets as
   well as traffic analysis protection.  If the content of the packets
   are otherwise protected by end-to-end encryption, using secure links
   makes it harder for an external adversary to obtain the encrypted
   data to attack.  If the content of the packets is unencrypted plain
   text, secure links may provide the only protection of data

   There are cases where end-to-end encryption can not be used.
   Examples include paths which incorporate links within nations which
   restrict encryption, such as France or Australia, and paths which
   incorporate an amateur radio link, where encryption is prohibited.
   In these cases, link security is generally the only type of
   confidentiality available.  The proposed TOS will provide a way of
   requesting the best that the network can do for the security of such
   unencrypted data.

   This TOS is required for improved confidentiality, especially in
   cases where encryption can not be used, despite the fact that it does
   not provide the guarantees that many users would like.  See
Show full document text