IP Security Policy (IPSP) Requirements
RFC 3586
|
Document |
Type |
|
RFC - Proposed Standard
(August 2003; No errata)
|
|
Last updated |
|
2015-10-14
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
htmlized
bibtex
|
Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
IESG |
IESG state |
|
RFC 3586 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
Steven Bellovin
|
|
Send notices to |
|
(None)
|
Network Working Group M. Blaze
Request for Comments: 3586 AT&T Labs - Research
Category: Standards Track A. Keromytis
Columbia University
M. Richardson
Sandelman Software Works
L. Sanchez
Xapiens Corporation
August 2003
IP Security Policy (IPSP) Requirements
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This document describes the problem space and solution requirements
for developing an IP Security Policy (IPSP) configuration and
management framework. The IPSP architecture provides a scalable,
decentralized framework for managing, discovering and negotiating the
host and network security policies that govern access, authorization,
authentication, confidentiality, data integrity, and other IP
Security properties. This document highlights such architectural
components and presents their functional requirements.
Table of Contents
1. Introduction.................................................. 2
1.1. Terminology............................................. 2
1.2. Security Policy and IPsec............................... 2
2. The IP Security Policy Problem Space.......................... 3
3. Requirements for an IP Security Policy Configuration and
Management Framework.......................................... 5
3.1. General Requirements.................................... 5
3.2. Description and Justification........................... 5
3.2.1. Policy Model.................................... 5
3.2.2. Security Gateway Discovery...................... 6
Blaze, et al. Standards Track [Page 1]
RFC 3586 IP Security Policy (IPSP) Requirements August 2003
3.2.3. Policy Specification Language................... 6
3.2.4. Distributed policy.............................. 6
3.2.5. Policy Discovery................................ 6
3.2.6. Security Association Resolution................. 6
3.2.7. Compliance Checking............................. 7
4. Security Considerations....................................... 7
5. IANA Considerations........................................... 7
6. Intellectual Property Statement............................... 7
7. References.................................................... 8
7.1. Normative References.................................... 8
7.2. Informative References.................................. 8
8. Disclaimer.................................................... 8
9. Acknowledgements.............................................. 8
10. Authors' Addresses............................................ 9
11. Full Copyright Statement...................................... 10
1. Introduction
1.1. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
1.2. Security Policy and IPsec
Network-layer security now enjoys broad popularity as a tool for
protecting Internet traffic and resources. Security at the network
layer can be used as a tool for at least two kinds of security
architecture:
a) Security gateways. Security gateways (including "firewalls") at
the edges of networks use IPsec [RFC-2401] to enforce access
control, protect the confidentiality and authenticity of network
traffic entering and leaving a network, and to provide gateway
services for virtual private networks (VPNs).
b) Secure end-to-end communication. Hosts use IPsec to implement
host-level access control, to protect the confidentiality and
authenticity of network traffic exchanged with the peer hosts with
which they communicate, and to join virtual private networks.
On one hand, IPsec provides an excellent basis for a very wide range
of protection schemes; on the other hand, this wide range of
applications for IPsec creates complex management tasks that become
Show full document text