RFC 1636 (rfc1636) - Page 2 of 52

Report of IAB Workshop on Security in the Internet Architecture - February 8-10, 1994

Alternative Format: Original Text Document
< Previous
Next >
RFC 1636                  IAB Workshop Report                  June 1994


Table of Contents

   1. INTRODUCTION ..................................................  2
   2. OVERVIEW ......................................................  4
      2.1  Strategic and Political Issues ...........................  4
      2.2  Security Issues ..........................................  4
      2.3  DNS Names for Certificates ...............................  7
   3. FIREWALL ARCHITECTURE .........................................  9
      3.1  Introduction .............................................  9
      3.2  Application-Layer Firewalls .............................. 11
      3.3  IP-Layer Firewalls ....................................... 12
   4. SECURE QOS FORWARDING ......................................... 21
      4.1  The Requirement for Setup ................................ 21
      4.2  Securing the Setup Process. .............................. 22
      4.3  Validating an LLID ....................................... 24
      4.4  Dynamics of Setup ........................................ 28
      4.5  Receiver-Initiated Setup ................................. 30
      4.6  Other Issues ............................................. 30
   5. AN AUTHENTICATION SERVICE ..................................... 35
      5.1  Names and Credentials .................................... 36
      5.2  Identity-Based Authorization ............................. 37
      5.3  Choosing Credentials ..................................... 38
   6. OTHER ISSUES .................................................. 39
      6.1  Privacy and Authentication of Multicast Groups ........... 39
      6.2  Secure Plug-and-Play a Must .............................. 41
      6.3  A Short-Term Confidentiality Mechanism ................... 42
   7. CONCLUSIONS ................................................... 44
      7.1  Suggested Short-Term Actions ............................. 44
      7.2  Suggested Medium-Term Actions ............................ 46
      7.3  Suggested Long-Term Actions .............................. 46
   APPENDIX A -- Workshop Organization .............................. 48
   Security Considerations .......................................... 52
   Authors' Addresses ............................................... 52

1. INTRODUCTION

   The Internet Architecture Board (IAB) holds occasional workshops
   designed to consider long-term issues and strategies for the
   Internet, and to suggest future directions for the Internet
   architecture.  This long-term planning function of the IAB is
   complementary to the ongoing engineering efforts performed by working
   groups of the Internet Engineering Task Force (IETF), under the
   leadership of the Internet Engineering Steering Group (IESG) and area
   directorates.

   An IAB-initiated workshop on the role of security in the Internet
   Architecture was held on February 8-10, 1994 at the Information
   Sciences Institute of the University of Southern California, in



Braden, Clark, Crocker & Huitema
< Previous
Next >