draft-ietf-cipso-ipsecurity-01.txt - OpenGrok cross reference for /kernel/linux/linux-5.10/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt

Lines Matching full:security
6                  COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)
13 IP Security Option (CIPSO).  This draft reflects the version as approved by
35 Currently the Internet Protocol includes two security options.  One of
36 these options is the DoD Basic Security Option (BSO) (Type 130) which allows
37 IP datagrams to be labeled with security classifications.  This option
38 provides sixteen security classifications and a variable number of handling
39 restrictions.  To handle additional security information, such as security
40 categories or compartments, another security option (Type 133) exists and
41 is referred to as the DoD Extended Security Option (ESO).  The values for
46 mandatory access controls and multi-level security.  These systems are
52 applications of a commercial security option.  The BSO and ESO were
54 to support multiple security policies.  This Internet Draft provides the
56 security policy.  Support for additional security policies shall be
76 This option permits security related information to be passed between
79 in the security option.  An authority that has been assigned a DOI
121 To conserve space in the protocol, security levels and categories are
138 number 1 to represent that same security level.  The DOI identifier is used
144 A common format for passing security related information is necessary
145 for interoperability.  CIPSO uses sets of "tags" to contain the security
148 actual security information to be passed.  All multi-octet fields in a tag
161 number to determine the security policy and the format associated with the
189 and support the same security policy.  The three tags defined in this
202 class and support the MAC Sensitivity security policy.
443 the host or network security policy.  In addition, a CIPSO gateway or router
445 adequate protection or may violate the network's security policy.  To
509 provide enhanced functionality and control.  For example, many security
557 lead to non-interoperability or even a security incident.  The
567 All datagrams received through a network port MUST have a security label
570 have the information it needs to make security decisions.  This security
582 If the contents of the CIPSO are valid but the security label is
712 IP Security Option at the INTEROP 89, Commercial IPSO Workshop.
737 RFC 1038, "Draft Revised IP Security Option", M. St. Johns, IETF, January
740 RFC 1108, "U.S. Department of Defense Security Options