Security Mechanisms for the Internet
RFC 3631, “Security Mechanisms for the Internet”, is an Informational document published in December 2003 by S. Bellovin, J. Schiller, C. Kaufman. The canonical text is published by the RFC Editor.
Abstract
Security must be built into Internet Protocols for those protocols to offer their services securely. Many security problems can be traced to improper implementations. However, even a proper implementation will have security problems if the fundamental protocol is itself exploitable. Exactly how security should be implemented in a protocol will vary, because of the structure of the protocol itself. However, there are many protocols for which standard Internet security mechanisms, already developed, may be applicable. The precise one that is appropriate in any given situation can vary. We review a number of different choices, explaining the properties of each.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 3631 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 3630 Traffic Engineering Extensions to OSPF Version 2
- RFC 3632 VeriSign Registry Registrar Protocol Version 2.0.0
- RFC 3629 UTF-8, a transformation format of ISO 10646
- RFC 3633 IPv6 Prefix Options for Dynamic Host Configuration Protocol version 6
- RFC 3628 Policy Requirements for Time-Stamping Authorities
- RFC 3634 Key Distribution Center Server Address Sub-option for the Dynamic Host Configuration Protocol CableLabs Client Configuration Option
- RFC 3627 Use of /127 Prefix Length Between Routers Considered Harmful
- RFC 3635 Definitions of Managed Objects for the Ethernet-like Interface Types