RFC 1457 (rfc1457) - Page 1 of 14
Security Label Framework for the Internet
Alternative Format: Original Text Document
Network Working Group R. Housley
Request for Comments: 1457 Xerox Special Information Systems
May 1993
Security Label Framework for the Internet
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard. Distribution of this memo is
unlimited.
Acknowledgements
The members of the Privacy and Security Research Group and the
attendees of the invitational Security Labels Workshop (hosted by the
National Institute of Standards and Technology) helped me organize my
thoughts on this subject. The ideas of these professionals are
scattered throughout the memo.
1.0 Introduction
This memo presents a security labeling framework for the Internet.
The framework is intended to help protocol designers determine what,
if any, security labeling should be supported by their protocols.
The framework should also help network architects determine whether
or not a particular collection of protocols fulfill their security
labeling requirements. The Open Systems Interconnection Reference
Model [1] provides the structure for the presentation, therefore OSI
protocol designers may also find this memo useful.
2.0 Security Labels
Data security is the set of measures taken to protect data from
accidental, unauthorized, intentional, or malicious modification,
destruction, or disclosure. Data security is also the condition that
results from the establishment and maintenance of protective measures
[2]. Given this two-pronged definition for data security, this memo
examines security labeling as one mechanism which provides data
security. In general, security labeling by itself does not provide
sufficient data security; it must be complemented by other security
mechanisms.
In data communication protocols, security labels tell the protocol
processing how to handle the data transferred between two systems.
That is, the security label indicates what measures need to be taken
to preserve the condition of security. Handling means the activities
Housley