summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc1038.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc1038.txt')
-rw-r--r--doc/rfc/rfc1038.txt395
1 files changed, 395 insertions, 0 deletions
diff --git a/doc/rfc/rfc1038.txt b/doc/rfc/rfc1038.txt
new file mode 100644
index 0000000..0d6c60c
--- /dev/null
+++ b/doc/rfc/rfc1038.txt
@@ -0,0 +1,395 @@
+
+
+
+
+
+
+Network Working Group M. St. Johns
+Request for Comments: 1038 IETF
+ January 1988
+
+
+ Draft Revised IP Security Option
+
+
+Status of this Memo
+
+ This RFC is a pre-publication draft of the revised Internet Protocol
+ Security Option. This draft reflects the version as approved by
+ the Protocol Standards Steering Group. It is provided for
+ informational purposes only. The final version of this document will
+ be available from Navy Publications and should not differ from
+ this document in any major fashion.
+
+ This document will be published as a change to the MIL-STD 1777,
+ "Internet Protocol". Distribution of this memo is unlimited.
+
+9.3.13.1 Internet Options Defined.
+
+ The following internet options are defined:
+
+ CLASS NUMBER LENGTH DESCRIPTION
+ _____ ______ ______ ___________
+
+ 0 00000 - End of Option list: This option occupies
+ only 1 octet; it has no length octet.
+ 0 00001 - No Operation: This option occupies only 1
+ octet; it has no length octet.
+ 0 00010 var. Basic Security: Used to carry security
+ level and accrediting authority flags.
+ 0 00011 var. Loose Source Routing: Used to route the
+ datagram based on information supplied by
+ the source.
+ 0 00101 var. Extended Security: Used to carry additional
+ security information as required by
+ registered authorities.
+ 0 01001 var. Strict Source Routing: Used to route the
+ datagram based on information supplied by
+ the source.
+ 0 00111 var. Record Route: Used to trace the route a
+ datagram takes.
+ 0 01000 4 Stream ID: Used to carry the stream
+ identifier.
+ 2 00100 var. Internet Timestamp: Used to accumulate
+ timing information in transit.
+
+
+
+St. Johns [Page 1]
+
+RFC 1038 Draft Revised IP Security Option January 1988
+
+
+9.3.15.3 DoD Basic Security.
+
+ Option type: 130 Option length: variable; minimum length: 4
+
+ The option identifies the U.S. security level to which the datagram
+ is to be protected, and the accrediting authorities whose protection
+ rules apply to each datagram.
+
+ The option is used by accredited trusted components of an internet
+ to:
+
+ a. Validate the datagram as appropriate for transmission from the
+ source.
+
+ b. Guarantee that the route taken by the datagram (including the
+ destination) is protected to the level required by all
+ indicated accrediting authorities.
+
+ c. Supply common label information required by computer security
+ models.
+
+ This option must be copied on fragmentation. This option appears
+ at most once in a datagram.
+
+ The format of this option is as follows:
+
+
+ +--------------+-----------+-------------+-------------//----------+
+ | 10000010 | XXXXXXXX | SSSSSSSS | AAAAAAA[1] AAAAAAA0 |
+ | | | | [0] |
+ +--------------+-----------+-------------+-------------//----------+
+ TYPE = 130 LENGTH CLASSIFICATION PROTECTION
+ VARIABLE PROTECTION AUTHORITY
+ LEVEL FLAGS
+
+ FIGURE 10-A. SECURITY OPTION FORMAT
+
+9.3.15.3.1 Length.
+
+ The length of the option is variable. The minimum length option is
+ 4.
+
+9.3.15.3.2 Classification Protection Level.
+
+ This field specifies the U.S. classification level to which the
+ datagram should be protected. The information in the datagram should
+ be assumed to be at this level until and unless it is regraded in
+ accordance with the procedures of all indicated protecting
+
+
+
+St. Johns [Page 2]
+
+RFC 1038 Draft Revised IP Security Option January 1988
+
+
+ authorities. This field specifies one of the four U.S.
+ classification levels, and is encoded as follows:
+
+ 11011110 - Top Secret
+ 10101101 - Secret
+ 01111010 - Confidential
+ 01010101 - Unclassified
+
+9.3.15.3.3 Protection Authorities Flags.
+
+ This field indicates the National Access Program(s) with accrediting
+ authority whose rules apply to the protection of the datagram.
+
+ a. Field Length: This field is variable in length. The low-
+ order bit (Bit 7) of each octet is encoded as "zero" if it is the
+ final octet in the field, or as "one" if there are additional
+ octets. Currently, only one octet is needed for this field
+ (because there are less than seven authorities), and the final bit
+ of the first octet is coded as "zero".
+
+ b. Source Flags: The first seven bits (Bits 0 through 6) in each
+ octet are source flags which are each associated with an authority
+ as indicated below. The bit corresponding to an authority is
+ "one" if the datagram is to be protected in accordance with the
+ rules of that authority.
+
+9.3.15.3.4 Usage Rules.
+
+ Use of the option requires that a host be aware of 1) the
+ classification level, or levels, at which it is permitted to operate,
+ and 2) the protection authorities responsible for its certification.
+ The achievement of this is implementation dependent. Rules for use
+ of the option for different types of hosts are given below.
+
+9.3.15.3.4.1 Unclassified Hosts, including gateways.
+
+ a. Output: Unclassified hosts may either use or not use the
+ option. If it is used, classification level must be unclassified,
+ bit 0 of the accreditation field (GENSER) must be one, and all
+ other bits of the accreditation field must be 0. While use of the
+ option is permitted, it is recommended that unclassified hosts
+ interested in maximizing interoperability with existing non-
+ compliant implementations not use the option.
+
+ b. Input: Unclassified hosts should accept for further
+ processing IP datagrams without the option. If the option is
+ present on an incoming IP datagram, then the datagram is accepted
+ for further processing only if the classification level is
+
+
+
+St. Johns [Page 3]
+
+RFC 1038 Draft Revised IP Security Option January 1988
+
+
+ unclassified, bit 0 of the accreditation field (GENSER) is one,
+ and all other bits of the accreditation field are zero.
+ Otherwise, the out-of-range procedure is followed.
+
+9.3.15.3.4.2 Hosts accredited in the Dedicated, System-High, or
+Compartmented Modes at a classification level higher than unclassified.
+
+ a. Output. The use of the option is mandatory. The
+ classification level should be the dedicated level for dedicated
+ hosts and the system-high level for system-high and compartmented
+ hosts. The accrediting authority flags should be one for all
+ authorities which have accredited the hosts, and zero for all
+ other authorities.
+
+ b. Input. If 1) the option is present, 2) the classification
+ level matches the host classification level, and 3) the
+ accrediting authority flags for all accrediting authorities of the
+ receiving host are one, and all others are zero, the IP datagram
+ should be accepted for further processing. Otherwise, the out-
+ of-range procedure is followed.
+
+9.3.15.3.4.3 Hosts accredited in the Multi-Level or Controlled Mode for
+network transmission.
+
+ a. Output. The use of the option is mandatory. The
+ classification level of an IP datagram should be within the range
+ of levels for which the host is accredited. The protection
+ authorities flags should be one for all authorities under whose
+ rules the datagram should be protected.
+
+ b. Input. In the specific case where a multi-level or controlled
+ host is accredited to directly interface with an unclassified
+ environment, the host may accept IP datagrams without a basic
+ security option. Such datagrams should be assumed to be
+ implicitly labelled unclassified, GENSER, and should be so
+ labelled explicitly if they are later output. In all other cases,
+ the IP datagrams should have the basic security option on input,
+ and the out-of-range procedure should be followed if it is not.
+
+ There are two cases to be considered where the option is present.
+ The first case is where the system environment permits the values in
+ the option to be trusted to be correct for some range of values; the
+ second is where the values cannot be trusted to be correct. For each
+ multi-level or controlled host, every input channel for IP datagrams
+ must be considered and classed appropriately. If a channel does have
+ a trusted range, then the values of both the classification level and
+ the protection authorities are checked to insure that they fall
+ within that range and the range of accredited values for the
+
+
+
+St. Johns [Page 4]
+
+RFC 1038 Draft Revised IP Security Option January 1988
+
+
+ receiving host. If within both ranges, the IP datagram is accepted
+ for further processing; otherwise the out-of-range procedure is
+ followed. If the label cannot be trusted, then the receiving host
+ must possess some accredited means of knowing what the correct
+ marking should be (e.g., a trusted channel to a system-high host at a
+ known level). On receipt of an IP datagram, the host compares the
+ actual values in the option to the correct values. If the values
+ match, the datagram is accepted for further processing; otherwise,
+ the out-of-range procedure is followed.
+
+9.3.15.3.4.4 Out-Of-Range Procedure.
+
+ If an IP datagram is received which does not meet the input
+ requirements, then:
+
+ a) The data field should be overwritten with ones.
+
+ b) If the problem is a missing required Basic or Extended security
+ option, an ICMP "parameter problem" message is sent to the
+ originating host with the code field set to 1 (one) to indicate
+ "missing required option" and the pointer field set to the option
+ type of the missing option. Otherwise, an ICMP "parameter
+ problem" message is sent to the originating host with code field
+ set to 0 (zero) and with the pointer field pointing to the
+ position of the out-of-range security option.
+
+ c) If the receiving host has an interface to a local security
+ officer or equivalent, the problem should be identified across
+ that interface in an appropriate way.
+
+9.3.15.3.4.5 Trusted Intermediary Procedure.
+
+ Certain devices in the internet may act as intermediaries to validate
+ that communications between two hosts are authorized, based on a
+ combination of knowledge of the hosts and the values in the IP
+ security option. These devices may receive IP datagrams which are in
+ range for the intermediate device, but are either not within the
+ acceptable range for the sender, or for the ultimate receiver. In
+ the former case, the datagram should be treated as described above
+ for an out-of-range option. In the latter case, a "destination
+ unreachable" ICMP message should be sent, with the code value of 10
+ (ten), indicating "Communication with Destination Host
+ Administratively Prohibited".
+
+
+
+
+
+
+
+
+St. Johns [Page 5]
+
+RFC 1038 Draft Revised IP Security Option January 1988
+
+
+9.3.15.4 DoD Extended Security Option
+
+ Option type: 133 Option length: variable
+
+ This option permits additional security related information, beyond
+ that present in the Basic Security Option, to be supplied in an IP
+ datagram to meet the needs of registered authorities. If this option
+ is required by an authority for a specific system, it must be
+ specified explicitly in any Request for Proposal. It is not
+ otherwise required. This option must be copied on fragmentation.
+ This option may appear multiple times within a datagram.
+
+ The format for this option is as follows:
+
+ +------------+-------------+-------------+--------//-------+
+ | 10000101 | 000LLLLL | AAAAAAAA | add sec info |
+ +------------+-------------+-------------+--------//-------+
+ type = 133 LENGTH = Var. ADDITIONAL ADDITIONAL
+ SECURITY SECURITY
+ INFO INFO
+ AUTHORITY
+ CODE
+
+ FIGURE 10-B.
+
+9.3.15.4.1 Additional Security Info Authority Code.
+
+ length = 8 bits
+
+ The values of this field are assigned by DCA Code R130, Washington,
+ D.C. 20305-2000. Each value corresponds to a requestor who, once
+ assigned, becomes the authority for the remainder of the option
+ definition for that value.
+
+9.3.15.4.2 Additional Security Information.
+
+ length - variable
+
+ This field contains any additional security information as specified
+ by the authority.
+
+
+
+
+
+
+
+
+
+
+
+St. Johns [Page 6]
+
+RFC 1038 Draft Revised IP Security Option January 1988
+
+
+ BIT
+ NUMBER AUTHORITY
+
+ 0 GENSER
+
+ 1 SIOP
+
+ 2 DSCCS-SPINTCOM
+
+ 3 DSCCS-CRITICOM
+
+ 4-7 Unassigned
+
+ AUTHORITY SOURCE OF ANNEX DESCRIBING
+ CURRENT CODING OF ADDITIONAL
+ SECURITY INFORMATION
+
+ GENSER
+ National Access Program, less SIOP Defense Communications
+ Agency
+ ATTN: Code R130
+ Washington, DC 20305
+
+ SIOP
+ National Access Program Department of Defense
+ Organization of the
+ Joint Chiefs of Staff
+ Attn: J6T
+ Washington, DC
+
+ DSCCS-SPINTCOM
+ National Access Program Defense Intelligence Agency
+ Attn: DSE4
+ Bolling AFB, MD
+
+ DSCCS-CRITICOM
+ National Access Program National Security Agency
+ 9800 Savage Road
+ Attn: T03
+ Ft. Meade, MD 20755-6000
+
+
+
+
+
+
+
+
+
+
+
+St. Johns [Page 7]
+ \ No newline at end of file