IP Security Policy (IPSP) Requirements
RFC 3586

Document Type RFC - Proposed Standard (August 2003; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3586 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Steven Bellovin
Send notices to (None)
Network Working Group                                           M. Blaze
Request for Comments: 3586                          AT&T Labs - Research
Category: Standards Track                                   A. Keromytis
                                                     Columbia University
                                                           M. Richardson
                                                Sandelman Software Works
                                                              L. Sanchez
                                                     Xapiens Corporation
                                                             August 2003

                 IP Security Policy (IPSP) Requirements

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document describes the problem space and solution requirements
   for developing an IP Security Policy (IPSP) configuration and
   management framework.  The IPSP architecture provides a scalable,
   decentralized framework for managing, discovering and negotiating the
   host and network security policies that govern access, authorization,
   authentication, confidentiality, data integrity, and other IP
   Security properties.  This document highlights such architectural
   components and presents their functional requirements.

Table of Contents

   1.  Introduction..................................................  2
       1.1.  Terminology.............................................  2
       1.2.  Security Policy and IPsec...............................  2
   2.  The IP Security Policy Problem Space..........................  3
   3.  Requirements for an IP Security Policy Configuration and
       Management Framework..........................................  5
       3.1.  General Requirements....................................  5
       3.2.  Description and Justification...........................  5
             3.2.1.  Policy Model....................................  5
             3.2.2.  Security Gateway Discovery......................  6

Blaze, et al.               Standards Track                     [Page 1]
RFC 3586         IP Security Policy (IPSP) Requirements      August 2003

             3.2.3.  Policy Specification Language...................  6
             3.2.4.  Distributed policy..............................  6
             3.2.5.  Policy Discovery................................  6
             3.2.6.  Security Association Resolution.................  6
             3.2.7.  Compliance Checking.............................  7
   4.  Security Considerations.......................................  7
   5.  IANA Considerations...........................................  7
   6.  Intellectual Property Statement...............................  7
   7.  References....................................................  8
       7.1.  Normative References....................................  8
       7.2.  Informative References..................................  8
   8.  Disclaimer....................................................  8
   9.  Acknowledgements..............................................  8
   10. Authors' Addresses............................................  9
   11. Full Copyright Statement...................................... 10

1.  Introduction

1.1.  Terminology

   The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

1.2.  Security Policy and IPsec

   Network-layer security now enjoys broad popularity as a tool for
   protecting Internet traffic and resources.  Security at the network
   layer can be used as a tool for at least two kinds of security
   architecture:

   a) Security gateways.  Security gateways (including "firewalls") at
      the edges of networks use IPsec [RFC-2401] to enforce access
      control, protect the confidentiality and authenticity of network
      traffic entering and leaving a network, and to provide gateway
      services for virtual private networks (VPNs).

   b) Secure end-to-end communication.  Hosts use IPsec to implement
      host-level access control, to protect the confidentiality and
      authenticity of network traffic exchanged with the peer hosts with
      which they communicate, and to join virtual private networks.

   On one hand, IPsec provides an excellent basis for a very wide range
   of protection schemes; on the other hand, this wide range of
   applications for IPsec creates complex management tasks that become
Show full document text