RFC 1108 (rfc1108) - Page 3 of 17


U



Alternative Format: Original Text Document



RFC 1108                U.S. DOD Security Option           November 1991


2.3.  Classification Level

        Field Length:  One Octet

   This field specifies the (U.S.) classification level at which the
   datagram must be protected.  The information in the datagram must be
   protected at this level.  The field is encoded as shown in Table 1
   and the order of values in this table defines the ordering for
   comparison purposes.  The bit string values in this table were chosen
   to achieve a minimum Hamming distance of four (4) between any two
   valid values.  This specific assignment of classification level names
   to values has been defined for compatibility with security devices
   which have already been developed and deployed.

   "Reserved" values in the table must be treated as invalid until such
   time they are assigned to named classification levels in a successor
   to this document.  A datagram containing a value for this field which
   is either not in this table or which is listed as "reserved" is in
   error and must be processed according to the "out-of-range"
   procedures defined in section 2.8.1.

   A classification level value from the Basic Security Option in a
   datagram may be checked for equality against any of the (assigned)
   values in Table 1 by performing a simple bit string comparison.
   However, because of the sparseness of the classification level
   encodings, range checks involving a value from this field must not be
   performed based solely using arithmetic comparisons (as such
   comparisons would encompass invalid and or unassigned values within
   the range).  The details of how ordered comparisons are performed for
   this field within a system is a local matter, subject to the
   requirements set forth in this paragraph.

                    Table 1.  Classification Level Encodings

                         Value              Name

                        00000001   -   (Reserved 4)
                        00111101   -   Top Secret
                        01011010   -   Secret
                        10010110   -   Confidential
                        01100110   -   (Reserved 3)
                        11001100   -   (Reserved 2)
                        10101011   -   Unclassified
                        11110001   -   (Reserved 1)







Kent