📄 rfc1827.txt
字号:
5. CONFORMANCE REQUIREMENTS
Implementations that claim conformance or compliance with this
specification MUST fully implement the header described here, MUST
support manual key distribution with this header, MUST comply with
all requirements of the "Security Architecture for the Internet
Protocol" [Atk95a], and MUST support the use of DES CBC as specified
in the companion document entitled "The ESP DES-CBC Transform"
[KMS95]. Implementors MAY also implement other ESP transforms.
Implementers should consult the most recent version of the "IAB
Official Standards" RFC for further guidance on the status of this
document.
6. SECURITY CONSIDERATIONS
This entire document discusses a security mechanism for use with IP.
This mechanism is not a panacea, but it does provide an important
component useful in creating a secure internetwork.
Cryptographic transforms for ESP which use a block-chaining algorithm
and lack a strong integrity mechanism are vulnerable to a cut-and-
paste attack described by Bellovin and should not be used unless the
Authentication Header is always present with packets using that ESP
transform [Bel95].
Users need to understand that the quality of the security provided by
this specification depends completely on the strength of whichever
encryption algorithm has been implemented, the correctness of that
algorithm's implementation, upon the security of the key management
mechanism and its implementation, the strength of the key [CN94]
[Sch94, p233] and upon the correctness of the ESP and IP
implementations in all of the participating systems.
If any of these assumptions do not hold, then little or no real
security will be provided to the user. Use of high assurance
development techniques is recommended for the IP Encapsulating
Security Payload.
Users seeking protection from traffic analysis might consider the use
of appropriate link encryption. Description and specification of
link encryption is outside the scope of this note.
If user-oriented keying is not in use, then the algorithm in use
should not be an algorithm vulnerable to any kind of Chosen Plaintext
attack. Chosen Plaintext attacks on DES are described in [BS93] and
[Mat94]. Use of user-oriented keying is recommended in order to
preclude any sort of Chosen Plaintext attack and to generally make
cryptanalysis more difficult. Implementations SHOULD support user-
Atkinson Standards Track [Page 9]
RFC 1827 Encapsulating Security Payload August 1995
oriented keying as is described in the IP Security Architecture
[Atk95a].
ACKNOWLEDGEMENTS
This document benefited greatly from work done by Bill Simpson, Perry
Metzger, and Phil Karn to make general the approach originally
defined by the author for SIP, SIPP, and finally IPv6.
Many of the concepts here are derived from or were influenced by the
US Government's SP3 security protocol specification, the ISO/IEC's
NLSP specification, or from the proposed swIPe security protocol
[SDNS89, ISO92a, IB93, IBK93, ISO92b]. The use of DES for
confidentiality is closely modeled on the work done for the SNMPv2
[GM93]. Steve Bellovin, Steve Deering, Dave Mihelcic, and Hilarie
Orman provided solid critiques of early versions of this memo.
REFERENCES
[Atk95a] Atkinson, R., "Security Architecture for the Internet
Protocol", RFC 1825, NRL, August 1995.
[Atk95b] Atkinson, R., "IP Authentication Header", RFC 1826, NRL,
August 1995.
[Bel89] Steven M. Bellovin, "Security Problems in the TCP/IP
Protocol Suite", ACM Computer Communications Review, Vol. 19,
No. 2, March 1989.
[Bel95] Steven M. Bellovin, Presentation at IP Security Working
Group Meeting, Proceedings of the 32nd Internet Engineering
Task Force, March 1995, Internet Engineering Task Force,
Danvers, MA.
[BS93] Eli Biham and Adi Shamir, "Differential Cryptanalysis of the
Data Encryption Standard", Springer-Verlag, New York, NY,
1993.
[CN94] John M. Carroll & Sri Nudiati, "On Weak Keys and Weak Data:
Foiling the Two Nemeses", Cryptologia, Vol. 18, No. 23,
July 1994. pp. 253-280
[CERT95] Computer Emergency Response Team (CERT), "IP Spoofing Attacks
and Hijacked Terminal Connections", CA-95:01, January 1995.
Available via anonymous ftp from info.cert.org.
Atkinson Standards Track [Page 10]
RFC 1827 Encapsulating Security Payload August 1995
[DIA] US Defense Intelligence Agency (DIA), "Compartmented Mode
Workstation Specification", Technical Report
DDS-2600-6243-87.
[GM93] Galvin J., and K. McCloghrie, "Security Protocols for
version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC 1446, Trusted Information Systems, Hughes LAN
Systems, April 1993.
[Hin94] Bob Hinden (Editor), Internet Protocol version 6 (IPv6)
Specification, Work in Progress, October 1994.
[IB93] John Ioannidis & Matt Blaze, "Architecture and Implementation
of Network-layer Security Under Unix", Proceedings of the USENIX
Security Symposium, Santa Clara, CA, October 1993.
[IBK93] John Ioannidis, Matt Blaze, & Phil Karn, "swIPe:
Network-Layer Security for IP", presentation at the Spring
1993 IETF Meeting, Columbus, Ohio.
[ISO92a] ISO/IEC JTC1/SC6, Network Layer Security Protocol, ISO-IEC
DIS 11577, International Standards Organisation, Geneva,
Switzerland, 29 November 1992.
[ISO92b] ISO/IEC JTC1/SC6, Network Layer Security Protocol, ISO-IEC
DIS 11577, Section 13.4.1, page 33, International Standards
Organisation, Geneva, Switzerland, 29 November 1992.
[Ken91] Kent, S., "US DoD Security Options for the Internet
Protocol", RFC 1108, BBN Communications, November 1991.
[KMS95] Karn, P., Metzger, P., and W. Simpson, "The ESP DES-CBC
Transform", RFC 1829, Qualcomm, Inc., Piermont, Daydreamer,
August 1995.
[Mat94] Matsui, M., "Linear Cryptanalysis method for DES Cipher",
Proceedings of Eurocrypt '93, Berlin, Springer-Verlag, 1994.
[NIST77] US National Bureau of Standards, "Data Encryption Standard",
Federal Information Processing Standard (FIPS) Publication
46, January 1977.
[NIST80] US National Bureau of Standards, "DES Modes of Operation"
Federal Information Processing Standard (FIPS) Publication
81, December 1980.
Atkinson Standards Track [Page 11]
RFC 1827 Encapsulating Security Payload August 1995
[NIST81] US National Bureau of Standards, "Guidelines for Implementing
and Using the Data Encryption Standard", Federal Information
Processing Standard (FIPS) Publication 74, April 1981.
[NIST88] US National Bureau of Standards, "Data Encryption Standard",
Federal Information Processing Standard (FIPS) Publication
46-1, January 1988.
[STD-2] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2,
RFC 1700, USC/Information Sciences Institute, October 1994.
[Sch94] Bruce Schneier, Applied Cryptography, John Wiley & Sons,
New York, NY, 1994. ISBN 0-471-59756-2
[SDNS89] SDNS Secure Data Network System, Security Protocol 3, SP3,
Document SDN.301, Revision 1.5, 15 May 1989, as published
in NIST Publication NIST-IR-90-4250, February 1990.
DISCLAIMER
The views and specification here are those of the author and are not
necessarily those of his employer. The Naval Research Laboratory has
not passed judgement on the merits, if any, of this work. The author
and his employer specifically disclaim responsibility for any
problems arising from correct or incorrect implementation or use of
this specification.
AUTHOR'S ADDRESS
Randall Atkinson
Information Technology Division
Naval Research Laboratory
Washington, DC 20375-5320
USA
Phone: (202) 404-7090
Fax: (202) 404-7942
EMail: atkinson@itd.nrl.navy.mil
Atkinson Standards Track [Page 12]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -