Report of IAB Workshop on Security in the Internet Architecture - February 8-10, 1994
RFC 1636

Document Type RFC - Informational (June 1994; No errata)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Unknown
RFC Editor Note (None)
IESG IESG state RFC 1636 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          R. Braden
Request for Comments: 1636                                           ISI
Category: Informational                                         D. Clark
                                     MIT Laboratory for Computer Science
                                                              S. Crocker
                                       Trusted Information Systems, Inc.
                                                              C. Huitema
                                                        INRIA, IAB Chair
                                                               June 1994

                       Report of IAB Workshop on

                 Security in the Internet Architecture

                          February 8-10, 1994

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   This document is a report on an Internet architecture workshop,
   initiated by the IAB and held at USC Information Sciences Institute
   on February 8-10, 1994.  This workshop generally focused on security
   issues in the Internet architecture.

   This document should be regarded as a set of working notes containing
   ideas about security that were developed by Internet experts in a
   broad spectrum of areas, including routing, mobility, realtime
   service, and provider requirements, as well as security.  It contains
   some significant diversity of opinions on some important issues.
   This memo is offered as one input in the process of developing viable
   security mechanisms and procedures for the Internet.

Braden, Clark, Crocker & Huitema                                [Page 1]
RFC 1636                  IAB Workshop Report                  June 1994

Table of Contents

   1. INTRODUCTION ..................................................  2
   2. OVERVIEW ......................................................  4
      2.1  Strategic and Political Issues ...........................  4
      2.2  Security Issues ..........................................  4
      2.3  DNS Names for Certificates ...............................  7
   3. FIREWALL ARCHITECTURE .........................................  9
      3.1  Introduction .............................................  9
      3.2  Application-Layer Firewalls .............................. 11
      3.3  IP-Layer Firewalls ....................................... 12
   4. SECURE QOS FORWARDING ......................................... 21
      4.1  The Requirement for Setup ................................ 21
      4.2  Securing the Setup Process. .............................. 22
      4.3  Validating an LLID ....................................... 24
      4.4  Dynamics of Setup ........................................ 28
      4.5  Receiver-Initiated Setup ................................. 30
      4.6  Other Issues ............................................. 30
   5. AN AUTHENTICATION SERVICE ..................................... 35
      5.1  Names and Credentials .................................... 36
      5.2  Identity-Based Authorization ............................. 37
      5.3  Choosing Credentials ..................................... 38
   6. OTHER ISSUES .................................................. 39
      6.1  Privacy and Authentication of Multicast Groups ........... 39
      6.2  Secure Plug-and-Play a Must .............................. 41
      6.3  A Short-Term Confidentiality Mechanism ................... 42
   7. CONCLUSIONS ................................................... 44
      7.1  Suggested Short-Term Actions ............................. 44
      7.2  Suggested Medium-Term Actions ............................ 46
      7.3  Suggested Long-Term Actions .............................. 46
   APPENDIX A -- Workshop Organization .............................. 48
   Security Considerations .......................................... 52
   Authors' Addresses ............................................... 52

1. INTRODUCTION

   The Internet Architecture Board (IAB) holds occasional workshops
   designed to consider long-term issues and strategies for the
   Internet, and to suggest future directions for the Internet
   architecture.  This long-term planning function of the IAB is
   complementary to the ongoing engineering efforts performed by working
   groups of the Internet Engineering Task Force (IETF), under the
   leadership of the Internet Engineering Steering Group (IESG) and area
   directorates.

   An IAB-initiated workshop on the role of security in the Internet
   Architecture was held on February 8-10, 1994 at the Information
   Sciences Institute of the University of Southern California, in
Show full document text