RFC 3586 (rfc3586) - Page 2 of 10
IP Security Policy (IPSP) Requirements
Alternative Format: Original Text Document
RFC 3586 IP Security Policy (IPSP) Requirements August 2003
3.2.3. Policy Specification Language................... 6
3.2.4. Distributed policy.............................. 6
3.2.5. Policy Discovery................................ 6
3.2.6. Security Association Resolution................. 6
3.2.7. Compliance Checking............................. 7
4. Security Considerations....................................... 7
5. IANA Considerations........................................... 7
6. Intellectual Property Statement............................... 7
7. References.................................................... 8
7.1. Normative References.................................... 8
7.2. Informative References.................................. 8
8. Disclaimer.................................................... 8
9. Acknowledgements.............................................. 8
10. Authors' Addresses............................................ 9
11. Full Copyright Statement...................................... 10
1. Introduction
1.1. Terminology
The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC 2119].
1.2. Security Policy and IPsec
Network-layer security now enjoys broad popularity as a tool for
protecting Internet traffic and resources. Security at the network
layer can be used as a tool for at least two kinds of security
architecture:
a) Security gateways. Security gateways (including "firewalls") at
the edges of networks use IPsec [RFC-2401] to enforce access
control, protect the confidentiality and authenticity of network
traffic entering and leaving a network, and to provide gateway
services for virtual private networks (VPNs).
b) Secure end-to-end communication. Hosts use IPsec to implement
host-level access control, to protect the confidentiality and
authenticity of network traffic exchanged with the peer hosts with
which they communicate, and to join virtual private networks.
On one hand, IPsec provides an excellent basis for a very wide range
of protection schemes; on the other hand, this wide range of
applications for IPsec creates complex management tasks that become
especially difficult as networks scale up and require different
security policies, and are controlled by different entities, for
different kinds of traffic in different parts of the network.
Blaze, et al. Standards Track