RFC 1108 (rfc1108) - Page 2 of 17
U
Alternative Format: Original Text Document
RFC 1108 U.S. DOD Security Option November 1991
This option is used by end systems and intermediate systems of an
internet to:
a. Transmit from source to destination in a network standard
representation the common security labels required by computer
security models,
b. Validate the datagram as appropriate for transmission from
the source and delivery to the destination,
c. Ensure that the route taken by the datagram is protected to
the level required by all protection authorities indicated on
the datagram. In order to provide this facility in a general
Internet environment, interior and exterior gateway protocols
must be augmented to include security label information in
support of routing control.
The DoD Basic Security option must be copied on fragmentation. This
option appears at most once in a datagram. Some security systems
require this to be the first option if more than one option is
carried in the IP header, but this is not a generic requirement
levied by this specification.
The format of the DoD Basic Security option is as follows:
+------------+------------+------------+-------------//----------+
| 10000010 | XXXXXXXX | SSSSSSSS | AAAAAAA[1] AAAAAAA0 |
| | | | [0] |
+------------+------------+------------+-------------//----------+
TYPE = 130 LENGTH CLASSIFICATION PROTECTION
LEVEL AUTHORITY
FLAGS
FIGURE 1. DoD BASIC SECURITY OPTION FORMAT
2.1. Type
The value 130 identifies this as the DoD Basic Security Option.
2.2. Length
The length of the option is variable. The minimum length of the
option is 3 octets, including the Type and Length fields (the
Protection Authority field may be absent). A length indication of
less than 3 octets should result in error processing as described in
Section 2.8.1.
Kent
