RFC 3586 (rfc3586) - Page 2 of 10


IP Security Policy (IPSP) Requirements



Alternative Format: Original Text Document



RFC 3586         IP Security Policy (IPSP) Requirements      August 2003


             3.2.3.  Policy Specification Language...................  6
             3.2.4.  Distributed policy..............................  6
             3.2.5.  Policy Discovery................................  6
             3.2.6.  Security Association Resolution.................  6
             3.2.7.  Compliance Checking.............................  7
   4.  Security Considerations.......................................  7
   5.  IANA Considerations...........................................  7
   6.  Intellectual Property Statement...............................  7
   7.  References....................................................  8
       7.1.  Normative References....................................  8
       7.2.  Informative References..................................  8
   8.  Disclaimer....................................................  8
   9.  Acknowledgements..............................................  8
   10. Authors' Addresses............................................  9
   11. Full Copyright Statement...................................... 10

1.  Introduction

1.1.  Terminology

   The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

1.2.  Security Policy and IPsec

   Network-layer security now enjoys broad popularity as a tool for
   protecting Internet traffic and resources.  Security at the network
   layer can be used as a tool for at least two kinds of security
   architecture:

   a) Security gateways.  Security gateways (including "firewalls") at
      the edges of networks use IPsec [RFC-2401] to enforce access
      control, protect the confidentiality and authenticity of network
      traffic entering and leaving a network, and to provide gateway
      services for virtual private networks (VPNs).

   b) Secure end-to-end communication.  Hosts use IPsec to implement
      host-level access control, to protect the confidentiality and
      authenticity of network traffic exchanged with the peer hosts with
      which they communicate, and to join virtual private networks.

   On one hand, IPsec provides an excellent basis for a very wide range
   of protection schemes; on the other hand, this wide range of
   applications for IPsec creates complex management tasks that become
   especially difficult as networks scale up and require different
   security policies, and are controlled by different entities, for
   different kinds of traffic in different parts of the network.



Blaze, et al.               Standards Track