[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Security architectures, anyone?

To: ipsec@ans.net
Subject: Fwd: Security architectures, anyone?
From: "Housley, Russ" <housley@spyrus.com>
Date: Wed, 22 Jun 94 13:19:09
Encoding: 3090 Text

Subject: Security architectures, anyone?
Author:  shirey@mitre.org (Robert W. Shirey) at internet
Date:    6/22/94 12:01 PM

PLEASE FORWARD THIS MESSAGE TO OTHER LISTS THAT CONCERN WITH NETWORK AND 
INFORMATION SYSTEM ARCHITECTURE AND SECURITY TOPICS.

The Privacy and Security Research Group (PSRG) of the Internet Research 
Task Force (IRTF) is drafting an Internet Security Architecture in 
cooperation with the Internet Engineering Task Force (IETF) and other 
contributors in the Internet community.  This Architecture is intended to 
be a guide, openly available as an RFC, for designing and implementing 
protocols for use in the Internet.  The *Internet* is the system of 
interconnected computer networks that share the protocol suite and the name 
and address spaces that are specified by the Internet Architecture Board 
(IAB) of the Internet Society [RFC1600, RFC1340].  The suite is named *the 
Internet Protocol Suite* (IPS).

In this context, *security architecture* means a plan and set of principles 
for establishing and maintaining features and mechanisms that protect 
against interruption and loss to packet-switched network elements, the 
communication services they provide, and the data they contain and carry. 
The document is intended primarily for people who design and standardize 
Internet protocols.  Protocol designers can use this document as a guide for 
selecting and incorporating security features.  We further envision that the 
Internet Engineering Steering Group (IESG) will use the principles stated 
herein to evaluate and guide the development of new  Internet standards in 
the IETF [RFC1602, RFC1603].

It has been suggested that the term "Architecture" can be very confusing 
and have many meanings, that there is no methodology or consistent manner 
in which security architectures are developed.

It has been further suggested that a second document is needed to aid 
system security engineers in the development of system security 
architectures.
To do this, system architectures must first be discussed generally, with or 
without security, including both end systems and the networks that connect 
them.  As grist for this mill, we are looking to collect:

1.  Definitions of "architecture", "system architecture", "information 
system architecture", "security architecture", etc.

2.  Books (particularly textbooks), articles, or other descriptions of the 
content of architectures, methods for defining and developing them, etc.

3.  Taxonomies for system architectures the different kinds of views they 
can take: abstract vs. concrete, near-term vs. far-term, etc.

4.  Examples:  publications that claim to present a generic system 
architecture or a system security architecture.

Please send the information to me at one of the addresses shown below.

Regards, -Rob-    Robert W. Shirey  SHIREY@MITRE.ORG 
tel 703.883.7210, sec 703.883.5749, fax 703.883.1397 
Info. Security Div., The MITRE Corp., Mail Stop Z231 
7525 Colshire Drive, McLean, Virginia 22102-3481 USA

Prev by Date: Re: Granularity of authentication in swIPe
Next by Date: Re[2]: Granularity of authentication in swIPe
Prev by thread: A few thoughts on IPSP
Next by thread: *** Help to get Kerberos S/W ***
Index(es):
- Main
- Thread