Report of IAB Workshop on Security in the Internet Architecture - February 8-10, 1994
RFC 1636
Document | Type |
RFC - Informational
(June 1994; No errata)
Was draft-iab-sec-arch-workshop (individual)
|
|
---|---|---|---|
Authors | Steve Crocker , David Clark , Robert Braden , Christian Huitema | ||
Last updated | 2013-03-02 | ||
Stream | Legacy | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | Legacy state | (None) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | RFC 1636 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
Network Working Group R. Braden Request for Comments: 1636 ISI Category: Informational D. Clark MIT Laboratory for Computer Science S. Crocker Trusted Information Systems, Inc. C. Huitema INRIA, IAB Chair June 1994 Report of IAB Workshop on Security in the Internet Architecture February 8-10, 1994 Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This document is a report on an Internet architecture workshop, initiated by the IAB and held at USC Information Sciences Institute on February 8-10, 1994. This workshop generally focused on security issues in the Internet architecture. This document should be regarded as a set of working notes containing ideas about security that were developed by Internet experts in a broad spectrum of areas, including routing, mobility, realtime service, and provider requirements, as well as security. It contains some significant diversity of opinions on some important issues. This memo is offered as one input in the process of developing viable security mechanisms and procedures for the Internet. Braden, Clark, Crocker & Huitema [Page 1] RFC 1636 IAB Workshop Report June 1994 Table of Contents 1. INTRODUCTION .................................................. 2 2. OVERVIEW ...................................................... 4 2.1 Strategic and Political Issues ........................... 4 2.2 Security Issues .......................................... 4 2.3 DNS Names for Certificates ............................... 7 3. FIREWALL ARCHITECTURE ......................................... 9 3.1 Introduction ............................................. 9 3.2 Application-Layer Firewalls .............................. 11 3.3 IP-Layer Firewalls ....................................... 12 4. SECURE QOS FORWARDING ......................................... 21 4.1 The Requirement for Setup ................................ 21 4.2 Securing the Setup Process. .............................. 22 4.3 Validating an LLID ....................................... 24 4.4 Dynamics of Setup ........................................ 28 4.5 Receiver-Initiated Setup ................................. 30 4.6 Other Issues ............................................. 30 5. AN AUTHENTICATION SERVICE ..................................... 35 5.1 Names and Credentials .................................... 36 5.2 Identity-Based Authorization ............................. 37 5.3 Choosing Credentials ..................................... 38 6. OTHER ISSUES .................................................. 39 6.1 Privacy and Authentication of Multicast Groups ........... 39 6.2 Secure Plug-and-Play a Must .............................. 41 6.3 A Short-Term Confidentiality Mechanism ................... 42 7. CONCLUSIONS ................................................... 44 7.1 Suggested Short-Term Actions ............................. 44 7.2 Suggested Medium-Term Actions ............................ 46 7.3 Suggested Long-Term Actions .............................. 46 APPENDIX A -- Workshop Organization .............................. 48 Security Considerations .......................................... 52 Authors' Addresses ............................................... 52 1. INTRODUCTION The Internet Architecture Board (IAB) holds occasional workshops designed to consider long-term issues and strategies for the Internet, and to suggest future directions for the Internet architecture. This long-term planning function of the IAB is complementary to the ongoing engineering efforts performed by working groups of the Internet Engineering Task Force (IETF), under the leadership of the Internet Engineering Steering Group (IESG) and area directorates. An IAB-initiated workshop on the role of security in the Internet Architecture was held on February 8-10, 1994 at the Information Sciences Institute of the University of Southern California, in Braden, Clark, Crocker & Huitema [Page 2] RFC 1636 IAB Workshop Report June 1994Show full document text