Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
Source file repositories/reference/linux-study-clean/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
File Facts
- System
- Linux kernel
- Corpus path
Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt- Extension
.txt- Size
- 28638 bytes
- Lines
- 792
- Domain
- Support Tooling And Documentation
- Bucket
- Documentation
- Inferred role
- Support Tooling And Documentation: documentation
- Status
- atlas-only
Why This File Exists
Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
- Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.
Dependency Surface
- No C-style include directives detected by the generator.
Detected Declarations
- No top-level syscall, struct, function, initcall, or export declaration detected by the generator.
Annotated Snippet
IETF CIPSO Working Group
16 July, 1992
COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
1. Status
This Internet Draft provides the high level specification for a Commercial
IP Security Option (CIPSO). This draft reflects the version as approved by
the CIPSO IETF Working Group. Distribution of this memo is unlimited.
This document is an Internet Draft. Internet Drafts are working documents
of the Internet Engineering Task Force (IETF), its Areas, and its Working
Groups. Note that other groups may also distribute working documents as
Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other documents
at any time. It is not appropriate to use Internet Drafts as reference
material or to cite them other than as a "working draft" or "work in
progress."
Please check the I-D abstract listing contained in each Internet Draft
directory to learn the current status of this or any other Internet Draft.
2. Background
Currently the Internet Protocol includes two security options. One of
these options is the DoD Basic Security Option (BSO) (Type 130) which allows
IP datagrams to be labeled with security classifications. This option
provides sixteen security classifications and a variable number of handling
restrictions. To handle additional security information, such as security
categories or compartments, another security option (Type 133) exists and
is referred to as the DoD Extended Security Option (ESO). The values for
the fixed fields within these two options are administered by the Defense
Information Systems Agency (DISA).
Computer vendors are now building commercial operating systems with
mandatory access controls and multi-level security. These systems are
no longer built specifically for a particular group in the defense or
intelligence communities. They are generally available commercial systems
for use in a variety of government and civil sector environments.
The small number of ESO format codes can not support all the possible
applications of a commercial security option. The BSO and ESO were
designed to only support the United States DoD. CIPSO has been designed
to support multiple security policies. This Internet Draft provides the
format and procedures required to support a Mandatory Access Control
security policy. Support for additional security policies shall be
defined in future RFCs.
Internet Draft, Expires 15 Jan 93 [PAGE 1]
CIPSO INTERNET DRAFT 16 July, 1992
Annotation
- Atlas domain: Support Tooling And Documentation / Documentation.
- Implementation status: atlas-only.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.