[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Documentation Layering Structure
In Montreal we decided to improve the IPSEC documentation structure
to reduce redundancy in defining security transforms. A document
structure is shown below. My main point is that Security Transforms
should define what fields are required (such as SPIs, replay counters
and IVs) and how to apply authentication and encryption algorithms.
The Security Transform should be independent of the protocol being
secured and the actual authentication and encryption algorithms.
How a security transform is applied to IP should only be in the IP AH
and IP ESP documents. Then it would be easy to reuse security
transforms to secure other protocols and different layers in the
protocol stack.
---------------------------------------------------
| Security Architecture for the Internet Protocol |
---------------------------------------------------
| | |
--------- ---------- --------------------------------------
| IP AH | | IP ESP | | Approved Transforms and Algorithms |
--------- ---------- | for IP AH and ESP |
| | --------------------------------------
-----------------------
| Security Transforms | ...
-----------------------
|
-----------------------
| Algorithms | ...
-----------------------
=====================================================================
Steve Rodney E-mail: SRODNEY@FTL03.RACAL.COM
Racal-Datacom
1601 N. Harrison Parkway Phone: 1-954-846-6836
Sunrise, Florida 33323-6836 Fax: 1-954-846-4942
=====================================================================