rfc1430.txt

<VC++网络游戏建摸与实现>源代码

RFC 1430                     X.500 Strategy                February 1993


   Security Policy
      This term encompasses the security goals for which data access
      control, service authorization, and authentication mechanisms are
      used to implement. For example, a local security policy might
      require that all directory database modifications employ strong
      authentication and originate from a computer at a known (local)
      location.

   Data Confidentiality
      The directory does not include explicit features to protect the
      confidentiality of data while in transit (e.g., between a DUA and
      DSA or between DSAs). Instead, it is assured that lower layer
      security protocols or other local security facilities will be
      employed to provide this security service. Ongoing work on
      adaptation of the Network Layer Security Protocol (NLSP) is a
      candidate for provision of this security service with directories.

   There is no specification of any Internet-wide security policy for
   directories, nor are there currently any security mechanisms required
   of all directories. Deployment of a directory could be based on a
   variety of policies:

   - Read only system, containing only public data and restricted to
     local modification.

   - Use of X.509 authentication, and private access control mechanisms
     (this will not allow open access control management, but this is not
     seen as a fundamental problem).

   It will be important to understand if global Internet requirements
   for minimum essential directory security mechanisms will be required
   to promote widespread use of directories. We recommend that an
   informational RFC be written to analyze this issue, with an
   operational policy guidelines or applicability statement RFC to
   follow.

9. RELATION TO DNS

   It is important to establish the relationship between the proposed
   Internet Directory, and the existing Domain Name System. An
   Experimental Protocol RFC (RFC 1279) proposes a mapping of DNS
   information onto the Directory. Experiments should be conducted in
   this area [HK91e].

10. EXTERNAL CONNECTIONS

   It will be important for this activity to maintain suitable external
   liaisons. In particular to:



Hardcastle-Kille, Huizer, Cerf, Hobby & Kent                   [Page 16]

RFC 1430                     X.500 Strategy                February 1993


   Other Directory Services and Directory Pilots

      To ensure a service which is coherent with other groups building
      X.500 services. e.g.,:

      -  Paradise
      -  NADF
      -  FOX
      -  PSI White Pages

   Standards Bodies

      To feed back experience gained from this activity, so that the
      next round of standards meets as many of the Internet requirements
      as possible. e.g.,:

      -  CCITT/ISO
      -  RARE WG-NAS
      -  EWOS/OIW
      -  ETSI

11. REFERENCES


   [BHK91a]  Barker, P., and S. Hardcastle-Kille, "The COSINE and
             Internet X.500 Schema", RFC 1274, Department of Computer
             Science, University College London, November 1991.

   [BHK92]   Barker, P., and S. Hardcastle-Kille, "Naming Guidelines for
             Directory Pilots", RFC 1384, Department of Computer Science,
             University College London, ISODE Consortium, January 1993.

   [CCI88a]  The Directory --- authentication framework, December 1988.
             CCITT Recommendation X.509.

   [CCI88b]  The Directory --- overview of concepts, models and services,
             December 1988. CCITT X.500 Series Recommendations.

   [CCI90]   The Directory --- part 9 --- replication, October 1990.
             ISO/IEC CD 9594-9 Ottawa output.

   [CFSD90]  Case, J., Fedor, M., Schoffstall, M., and J. Davin, "A
             Simple Network Management Protocol", STD 15, RFC 1157,
             SNMP Research, Performance Systems International, MIT
             Laboratory for Computer Science, May 1990.






Hardcastle-Kille, Huizer, Cerf, Hobby & Kent                   [Page 17]

RFC 1430                     X.500 Strategy                February 1993


   [For91]   The North American Directory Forum, "A Naming Scheme
             for C=US", RFC 1255, NADF, September 1991.
             Also NADF-175.  (See also RFC 1417.)

   [For92]   The North American directory Forum, "User Bill of Rights
             for Entries and Listing in the Public Directory", RFC 1295,
             NADF, January 1992.  (See also RFC 1417.)

   [HK91a]   Hardcastle-Kille, S., "Encoding network addresses to
             support operation over non-OSI lower layers", RFC 1277,
             Department of Computer Science, University College London,
             November 1991.

   [HK91b]   Hardcastle-Kille, S., "Replication and distributed
             operations extensions to provide an internet directory
             using X.500", RFC 1276, Department of Computer Science,
             University College London, November 1991.

   [HK91c]   Hardcastle-Kille, S., "Replication requirement to
             provide an internet directory using X.500", RFC 1275,
             Department of Computer Science, University College
             London, November 1991.

   [HK91d]   Hardcastle-Kille, S., "A string encoding of presentation
             address", RFC 1278, Department of Computer Science,
             University College London, November 1991.

   [HK91e]   Hardcastle-Kille, S., "X.500 and domains", RFC 1279,
             Department of Computer Science, University College
             London, November 1991.

   [HK92a]   Hardcastle-Kille, S., "A string representation of
             Distinguished Names", Department of Computer Science,
             University College London, Work in Progress.

   [HK92b]   Hardcastle-Kille, S., "Using the OSI directory to achieve
             user friendly naming", Department of Computer Science,
             University College London, Work in Progress.

   [HSB91]   Howes, R., Smith, M., and B. Beecher, "DIXIE Protocol
             Specification", RFC 1249, University of Michigan,
             July 1991.

   [ISO]     Procedures for the operation of OSI registration
             authorities --- part 1: general procedures. ISO/IEC 9834-1.






Hardcastle-Kille, Huizer, Cerf, Hobby & Kent                   [Page 18]

RFC 1430                     X.500 Strategy                February 1993


   [Ken93]   Kent, S., "Privacy Enhancement for Internet Electronic
             Mail: Part II - Certificate-based Key Management, RFC 1422,
             BBN, February 1993.

   [Kil88]   Kille, S., "The QUIPU Directory Service", In IFIP WG 6.5
             Conference on Message Handling Systems and Distributed
             Applications, pages 173--186. North Holland Publishing,
             October 1988.

   [Kil89]   Kille, S., "The THORN and RARE Naming Architecture",
             Technical report, Department of Computer Science,
             University College London, June 1989. THORN Report UCL-64
             (version 2).

   [Lin93]   Linn, J., "Privacy Enhancement for Internet Electronic
             Mail: Part I - Message Encryption and Authentication
             Procedures", RFC 1421, February 1993.

   [LW91]    Lang, R., and R. Wright, "A Catalog of Available X.500
             Implementations", FYI 11, RFC 1292, SRI International,
             Lawrence Berkeley Laboratory, January 1992.

   [Lyn91]   Lynch, C., "The Z39.50 information retrieval protocol: An
             overview and status report", Computer Communication Review,
             21(1):58--70, January 1991.

   [Par91]   Paradise International Report, Cosine. Paradise project,
             Department of Computer Science, University College London.
             November 1991.

   [RC87]    Rose, M., and D. Cass, "ISO Transport Services on
             top of the TCP", STD 35, RFC 1006, Northrop Corporation
             Technology Center, May 1987.

   [Ros91]   Rose, M., "Directory Assistance Service", RFC 1202,
             Performance Systems International, February 1991.

   [WR92]    Weider, C., and J. Reynolds, "Executive Introduction to
             Directory Services Using the X.500 Protocol", FYI 13,
             RFC 1308, ANS, ISI, March 1992.

12.  Security Considerations

   Security issues are discussed in Section 8.







Hardcastle-Kille, Huizer, Cerf, Hobby & Kent                   [Page 19]

RFC 1430                     X.500 Strategy                February 1993


13. Authors' Addresses

   Steve Hardcastle-Kille
   ISODE Consortium
   PO box 505
   SW11 1DX London
   England
   Phone: +44-71-223-4062
   EMail: S.Kille@isode.com


   Erik Huizer
   SURFnet bv
   PO box 19035
   3501 DA Utrecht
   The Netherlands
   Phone: +31-30 310290
   Email: Erik.Huizer@SURFnet.nl


   Vinton Cerf
   Corporation for National Research Initiatives
   1895 Preston White Drive, Suite 100
   Reston, VA 22091
   Phone: (703) 620-8990
   EMail: vcerf@cnri.reston.va.us


   Russ Hobby
   University of California, Davis
   Computing Services
   Surge II Room 1400
   Davis, CA 95616
   Phone: (916) 752-0236
   EMail: rdhobby@ucdavis.edu


   Steve Kent
   Bolt, Beranek, and Newman
   50 Moulton Street
   Cambridge, MA 02138
   Phone: (617) 873-3988
   EMail: skent@bbn.com








Hardcastle-Kille, Huizer, Cerf, Hobby & Kent                   [Page 20]