📄 rfc2729.txt
字号:
check will be made to see if it is allowed to do so. The requirement is that certain principals will be allowed, and others excluded. Given the application is being protected from network details there are only two types of specification available, per user, and per organization (where an organization may contain other organizations, and each user may be a member of multiple organizations). Rules could however be built on properties of a user, for example does the user own a key? Host properties could also be used, so users on slow hosts or hosts running the wrong OS could be excluded. Type: Macros Meaning: Include or exclude users (list) organizations (list) hosts (list) user properties (rule) org properties (rule) hosts properties (rule) Strictest Requirement: List of individual users Scope: per stream Example Application: Corporate video-conference - organization membership Collusion prevention Which aspects of collusion it is required to prevent. Collusion is defined as malicious co-operation between members of a secure session. Superficially, it would appear that collusion is not a relevant threat in a multicast, because everyone has the same information, however, wherever there is differentiation, it can be exploited. Type: { Abstract Currency, Abstract Currency, Abstract CurrencyBagnall, et al. Informational [Page 21]
RFC 2729 Taxonomy of Communication Requirements December 1999 } Meaning: time race collusion - cost of colluding key encryption key (KEK) sharing - cost of colluding sharing of differential QoS (not strictly collusion as across sessions not within one) - cost of colluding Strictest Requirement: For all threats cost attackers combined resources Scope: per stream Example Application: A race where delay of the start signal may be allowed for, but one participant may fake packet delay while receiving the start signal from another participant. NB: Time race collusion is the most difficult one to prevent. Also note that while these may be requirements for some systems this does not mean there are necessarily solutions. Setting tough requirements may result in the middleware being unable to create a valid channel. Fairness Fairness is a meta-requirement of many other requirements. Of particular interest are Reliability and Timeliness requirements. When a communication is first created the creator may wish to specify a set of requirements for these parameters. Principals which join later may wish to set tighter limits. Fairness enforces a policy that any improvement is requirement by one principal must be matched by all others, in effect requirements can only be set for the whole group. This increases the likelihood that requirements of this kind will fail to be met. If fairness if not an issue then some parts of the network can use more friendly methods to achieve those simpler requirements. Type: Level of variance of the requirement that needs to be fair. For example, if the latency requirement states within 2 seconds, the level of fairness required may be that variations in latency are not more than 0.1s. This has in fact become an issue in online gaming (e.g. Quake) Meaning: The variance of performance with respect to any other requirement is less than the specified amount. Scope: per stream, per requirementBagnall, et al. Informational [Page 22]
RFC 2729 Taxonomy of Communication Requirements December 1999 Example Application: Networked game, latency to receive positions of players must be within 5ms for all players. Action on compromise The action to take on detection of compromise (until security reassured). Type: Enumeration Meaning: warn but continue pause abort Scope: Per stream Strictest Requirement: pause Example Application: Secure video conference - if intruder alert, everyone is warned, but they can continue while knowing not to discuss sensitive matters (cf. catering staff during a meeting).3.2.8.1. Security Dynamics Security dynamics are the temporal properties of the security mechanisms that are deployed. They may affect other requirements such as latency or simply be a reflection of the security limitations of the system. The requirements are often concerned with abnormal circumstances (e.g. system violation). Mean time between compromises This is not the same as the strength of a system. A fairly weak system may have a very long time between compromises because it is not worth breaking in to, or it is only worth it for very few people. Mean time between compromises is a combination of strength, incentive and scale. Type: Time Scope: Per stream Strictest Requirement: indefinite Example Application: Secure Shell - 1500hrs Compromise detection time limit The average time it must take to detect a compromise (one predicted in the design of the detection system, that is).Bagnall, et al. Informational [Page 23]
RFC 2729 Taxonomy of Communication Requirements December 1999 Type: Time Scope: Per stream Strictest Requirement: Round trip time Example Application: Secure Shell - 2secs Compromise recovery time limit The maximum time it must take to re-seal the security after a breach. This combined with the compromise detection time limit defines how long the system must remain inactive to avoid more security breaches. For example if a compromise is detected in one minute, and recovery takes five, then one minute of traffic is now insecure and the members of the communication must remain silent for four minutes after detection while security is re-established. Type: Time Scope: Per stream Strictest Requirement: 1 second Example Application: Audio conference - 10 seconds3.2.9. Payment & Charging Total Cost The total cost of communication must be limited to this amount. This would be useful for transfer as opposed to stream type applications. Type: Currency Meaning: Maximum charge allowed Scope: Per user per stream Strictest Requirement: Free Example Application: File Transfer: comms cost must be < 1p/Mb Cost per Time This is the cost per unit time. Some applications may not be able to predict the duration of a communication. It may be more meaningful for those to be able to specify price per time instead. Type: Currency per timeS Scope: Per user per stream Strictest Requirement: Free Example Application: Video Conference - 15p / minuteBagnall, et al. Informational [Page 24]
RFC 2729 Taxonomy of Communication Requirements December 1999 Cost per Mb This is the cost per unit of data. Some communications may be charged by the amount of data transferred. Some applications may prefer to specify requirements in this way. Type: Currency per data size Scope: Per user per stream Strictest Requirement: Free Example Application: Email advertising - 15p / Mb4. Security Considerations See comprehensive security section of taxonomy.5. References [Bagnall98] Bagnall Peter, Poppitt Alan, Example LSMA classifications, BT Tech report, <URL:http://www.labs.bt.com/projects/mware/> [limitations] Pullen, M., Myjak, M. and C. Bouwens, "Limitations of Internet Protocol Suite for Distributed Simulation in the Large Multicast Environment", RFC 2502, February 1999. [rmodp] Open Distributed Processing Reference Model (RM-ODP), ISO/IEC 10746-1 to 10746-4 or ITU-T (formerly CCITT) X.901 to X.904. Jan 1995. [blaze95] Blaze, Diffie, Rivest, Schneier, Shimomura, Thompson and Wiener, Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security, January 1996.Bagnall, et al. Informational [Page 25]
RFC 2729 Taxonomy of Communication Requirements December 19996. Authors' Addresses Peter Bagnall c/o B54/77 BT Labs Martlesham Heath Ipswich, IP5 3RE England EMail: pete@surfaceeffect.com Home page: http://www.surfaceeffect.com/people/pete/ Bob Briscoe B54/74 BT Labs Martlesham Heath Ipswich, IP5 3RE England Phone: +44 1473 645196 Fax: +44 1473 640929 EMail: bob.briscoe@bt.com Home page: http://www.labs.bt.com/people/briscorj/ Alan Poppitt B54/77 BT Labs Martlesham Heath Ipswich, IP5 3RE England Phone: +44 1473 640889 Fax: +44 1473 640929 EMail: apoppitt@jungle.bt.co.uk Home page: http://www.labs.bt.com/people/poppitag/Bagnall, et al. Informational [Page 26]
RFC 2729 Taxonomy of Communication Requirements December 19997. Full Copyright Statement Copyright (C) The Internet Society (1999). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.Bagnall, et al. Informational [Page 27]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -