Security Architecture for the Internet Protocol
01 Aug 1995-Vol. 1825, pp 1-101
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).
Abstract: This document describes an updated version of the "Security
Architecture for IP", which is designed to provide security services
for traffic at the IP layer. This document obsoletes RFC 2401
(November 1998). [STANDARDS-TRACK]
Citations
More filters
TL;DR: He great Internet explosion during the past two years is largely fueled by the prospect of performing business online, but consumers and businesses alike seem wary of this new medium for conducting business on a large scale.
Abstract: HE great Internet explosion during the past two years is largely fueled by the prospect of performing business online. Prophets tell of the day when even the most mundane transactions will be handled through the Internet, along with the most sophisticated bank transfers in use today. The Internet can bring down physical barriers to commerce, almost immediately giving even the smallest business access to untapped markets around the world. By the same token, consumers can conduct business and make purchases from organizations previously unavailable to them. Armed with these goals, individuals have flocked to the Internet, and most businesses have set out to set up storefronts on the Internet and its WorldWide Web. Just about every major business in the U.S., perhaps in the world, has a home page on the Internet on which can be found information about their services and products. Despite the forecasts, however, consumers and businesses alike seem wary of this new medium for conducting business on a large scale. Given the potential for both consumers and businesses, why the apprehension? Insecurity The original Internet was designed for research, not as a commercial environment. As such, it operated A n i s h B h i m a n i Consumers as well as businesses wary of exposing secret financial data through the Internet's frail protection select from numerous patchwork security options incorporating protocols that may or may not turn out to be adopted as standards.
327 citations
[...]
01 Mar 1999
TL;DR: This document describes a method by which a Service Provider with an IP backbone may provide VPNs (Virtual Private Networks) for its customers in a manner which is simple for the enterprise, while still scalable and flexible for the Service Provider.
Abstract: This document describes a method by which a Service Provider with an IP backbone may provide VPNs (Virtual Private Networks) for its customers. MPLS (Multiprotocol Label Switching) is used for forwarding packets over the backbone, and BGP (Border Gateway Protocol) is used for distributing routes over the backbone. The primary goal of this method is to support the outsourcing of IP backbone services for enterprise networks. It does so in a manner which is simple for the enterprise, while still scalable and flexible for the Service Provider, and while allowing the Service Provider to add value. These techniques can also be used to provide a VPN which itself provides IP service to customers.
327 citations
Patent•
18 Oct 2002TL;DR: In this article, a matching and classification utility system comprising a kind of Commerce Utility System is used to perform the matching, narrowcasting, classifying and/or selecting process, non-limiting examples of which include software objects.
Abstract: Rights management information is used at least in part in a matching, narrowcasting, classifying and/or selecting process. A matching and classification utility system comprising a kind of Commerce Utility System is used to perform the matching, narrowcasting, classifying and/or selecting. The matching and classification utility system may match, narrowcast, classify and/or select people and/or things, non-limiting examples of which include software objects. The Matching and Classification Utility system may use any pre-existing classification schemes, including at least some rights management information and/or other qualitative and/or parameter data indicating and/or defining classes, classification systems, class hierarchies, category schemes, class assignments, category assignments, and/or class membership. The Matching and Classification Utility may also use at least some rights management information together with any artificial intelligence, expert system, statistical, computational, manual, or any other means to define new classes, class hierarchies, classification systems, category schemes, and/or assign persons, things, and/or groups of persons and/or things to at least one class.
325 citations
TL;DR: It is shown how quantum key distribution techniques can be employed within realistic, highly secure communications systems, using the internet architecture for a specific example.
Abstract: We show how quantum key distribution (QKD) techniques can be employed within realistic, highly secure communications systems, using the internet architecture for a specific example. We also discuss how certain drawbacks in existing QKD point-to-point links can be mitigated by building QKD networks, where such networks can be composed of trusted relays or untrusted photonic switches.
324 citations
23 Aug 1999
TL;DR: This paper presents an operating system security architecture that solves the problems of controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights.
Abstract: Operating systems must be flexible in their support for security policies, providing sufficient mechanisms for supporting the wide variety of real-world security policies. Such flexibility requires controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights. Previous systems are lacking in at least one of these areas. In this paper we present an operating system security architecture that solves these problems. Control over propagation is provided by ensuring that the security policy is consulted for every security decision. This control is achieved without significant performance degradation through the use of a security decision caching mechanism that ensures a consistent view of policy decisions. Both fine-grained access rights and revocation support are provided by mechanisms that are directly integrated into the service-providing components of the system. The architecture is described through its prototype implementation in the Flask microkernel-based operating system, and the policy flexibility of the prototype is evaluated. We present initial evidence that the architecture's impact on both performance and code complexity is modest. Moreover, our architecture is applicable to many other types of operating systems and environments.
321 citations
References
More filters
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
14,980 citations
01 Mar 1997
TL;DR: This document defines these words as they should be interpreted in IETF documents as well as providing guidelines for authors to incorporate this phrase near the beginning of their document.
Abstract: In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document:
3,501 citations
PARC1
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Abstract: Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the basis for protocols.
2,671 citations
01 Dec 1995
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.
Abstract: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
2,112 citations
[...]
01 Sep 1981
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
Abstract: IP is a network layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed. IP is documented in RFC 791 and is the primary network layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum transmission unit (MTU) sizes.
1,967 citations