The IAB is ready to ask the RFC-Editor to publish
Security Mechanisms for the Internet
draft-iab-secmech-02.txt
as an Informational RFC. This document is part survey of issues,
and part advice for IETF protocol development. The IAB would
like to ensure that the IETF community has had an opportunity to
read it and comment before its publication.
The IAB solicits comments by March 28, 2003. Please send
comments to the IAB (iab@iab.org), care of the document editor
(Charlie_Kaufman@notesdev.ibm.com), or to ietf@ietf.org.
The document can be found at
http://www.ietf.org/internet-drafts/draft-iab-secmech-02.txt
Abstract
Security must be built into Internet Protocols for those protocols to
offer their services securely. Many security problems can be traced
to improper implementations. However, even a proper implementation
will have security problems if the fundamental protocol is itself
exploitable. Exactly how security should be implemented in a
protocol will vary, because of the structure of the protocol itself.
However, there are many protocols for which standard Internet
security mechanisms, already developed, may be applicable. The
precise one that is appropriate in any given situation can vary. We
review a number of different choices, explaining the properties of
each.
Leslie Daigle
For the IAB
