Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt

Source file repositories/reference/linux-study-clean/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt

File Facts

System
Linux kernel
Corpus path
Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt
Extension
.txt
Size
28638 bytes
Lines
792
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

IETF CIPSO Working Group
16 July, 1992



                 COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)



1.    Status

This Internet Draft provides the high level specification for a Commercial
IP Security Option (CIPSO).  This draft reflects the version as approved by
the CIPSO IETF Working Group.  Distribution of this memo is unlimited.

This document is an Internet Draft.  Internet Drafts are working documents
of the Internet Engineering Task Force (IETF), its Areas, and its Working
Groups. Note that other groups may also distribute working documents as
Internet Drafts.

Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other documents
at any time.  It is not appropriate to use Internet Drafts as reference
material or to cite them other than as a "working draft" or "work in
progress."

Please check the I-D abstract listing contained in each Internet Draft
directory to learn the current status of this or any other Internet Draft.




2.    Background

Currently the Internet Protocol includes two security options.  One of
these options is the DoD Basic Security Option (BSO) (Type 130) which allows
IP datagrams to be labeled with security classifications.  This option
provides sixteen security classifications and a variable number of handling
restrictions.  To handle additional security information, such as security
categories or compartments, another security option (Type 133) exists and
is referred to as the DoD Extended Security Option (ESO).  The values for
the fixed fields within these two options are administered by the Defense
Information Systems Agency (DISA).

Computer vendors are now building commercial operating systems with
mandatory access controls and multi-level security.  These systems are
no longer built specifically for a particular group in the defense or
intelligence communities.  They are generally available commercial systems
for use in a variety of government and civil sector environments.

The small number of ESO format codes can not support all the possible
applications of a commercial security option.  The BSO and ESO were
designed to only support the United States DoD.  CIPSO has been designed
to support multiple security policies.  This Internet Draft provides the
format and procedures required to support a Mandatory Access Control
security policy.  Support for additional security policies shall be
defined in future RFCs.




Internet Draft, Expires 15 Jan 93                                 [PAGE 1]



CIPSO INTERNET DRAFT                                         16 July, 1992

Annotation

Implementation Notes