[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Documentation Layering Structure




     In Montreal we decided to improve the IPSEC documentation structure
     to reduce redundancy in defining security transforms.  A document
     structure is shown below.  My main point is that Security Transforms
     should define what fields are required (such as SPIs, replay counters
     and IVs) and how to apply authentication and encryption algorithms.
     The Security Transform should be independent of the protocol being
     secured and the actual authentication and encryption algorithms.
     How a security transform is applied to IP should only be in the IP AH
     and IP ESP documents.  Then it would be easy to reuse security
     transforms to secure other protocols and different layers in the
     protocol stack.
     
     
     ---------------------------------------------------
     | Security Architecture for the Internet Protocol |
     ---------------------------------------------------
         |            |                      |
     ---------    ----------   --------------------------------------
     | IP AH |    | IP ESP |   | Approved Transforms and Algorithms |
     ---------    ----------   |         for IP AH and ESP          |
         |            |        --------------------------------------
     -----------------------
     | Security Transforms | ...
     -----------------------
               |
     -----------------------
     |     Algorithms      | ...
     -----------------------
     
     
     =====================================================================
     Steve Rodney                       E-mail: SRODNEY@FTL03.RACAL.COM
     Racal-Datacom
     1601 N. Harrison Parkway           Phone:  1-954-846-6836
     Sunrise, Florida 33323-6836        Fax:    1-954-846-4942
     =====================================================================