draft-ietf-cipso-ipsecurity-01.txt - OpenGrok cross reference for /linux-4.4.14/Documentation/netlabel/draft-ietf-cipso-ipsecurity-01.txt

Lines Matching refs:be
22 Internet Drafts may be updated, replaced, or obsoleted by other documents
37 IP datagrams to be labeled with security classifications.  This option
56 security policy.  Support for additional security policies shall be
76 This option permits security related information to be passed between
82 mapping to hosts within the authority's domain.  These mappings may be
87 This option MUST be copied on fragmentation.  This option appears at most
88 once in a datagram.  All multi-octet fields in the option are defined to be
148 actual security information to be passed.  All multi-octet fields in a tag
149 are defined to be transmitted in network byte order.  Like the DOI
154 be guaranteed if CIPSO is not the first IP option.
157 formats.  Their definitions will be published in RFCs.  Tag types whose
159 only be meaningful in certain Domains of Interpretation.  For these tag
163 interoperability with other networks will not be an issue.  Implementations
268 minimal encoding SHOULD be used resulting in no trailing zero octets in the
287 is the only option then the option will be full word aligned and additional
288 filler octets will not be required.
348 octets.  Up to 15 categories may be represented by this tag.  Valid values
350 value.  The categories MUST be listed in ascending order within the tag.
414 category endpoint for the last pair in the tag MAY be omitted and SHOULD be
415 assumed to be 0.  The ranges MUST be non-overlapping and be listed in
422 A CIPSO implementation MUST be capable of generating at least tag type 1 in
423 the non-optimized form.  In addition, a CIPSO implementation MUST be able
432 host is defined to be the origination or destination system for an IP
434 IP networks and may be required to perform label translations between
435 networks.  A CIPSO gateway may be an enhanced CIPSO host or it may just
441 datagram for reasons that the information contained can not be adequately
444 MUST be able to reject datagrams going to networks that can not provide
451 greater than this maximum MUST be rejected by the CIPSO host.  This
453 not be defined explicitly as it can be implicitly derived from the
469 than this minimum MUST be rejected by the CIPSO host.  This parameter does
470 not apply to CIPSO gateways or routers.  This parameter need not be defined
471 explicitly as it can be implicitly derived from the PORT_LABEL_MIN
476 outgoing datagrams that have a label greater than this maximum MUST be
477 rejected by the CIPSO system.  The label within this parameter MUST be
483 outgoing datagrams that have a label less than this minimum MUST be
484 rejected by the CIPSO system.  The label within this parameter MUST be
508 to be compliant.  Implementors are encouraged to add to this list to
510 policies may require both incoming and outgoing datagrams be checked against
517 MAY be in CIPSO or local format.  Some CIPSO systems, such as routers, may
519 labels do not have to be converted to a local format before being compared
532 systems then multiple port range parameters would be needed, one set for
546 the CIPSO label that may be inserted in datagrams that exit the host.  In
555 is not enough.  Assumptions will be made by one system on how a
560 Many other requirements could be added to increase user confidence,
571 label will be obtained from the CIPSO if the option is present in the
573 datagrams.  This label will be compared against the PORT (if appropriate)
601 gateway.  The recipient of the ICMP message MUST be able to handle either
602 value.  The same procedure is performed if a CIPSO can not be added to an
613 unrecognized tag type MUST be treated as a "parameter problem" and
615 the system administrator to identify tag types that may safely be
622 A network port may be configured to not require a CIPSO label for all
623 incoming  datagrams.  For this configuration a CIPSO label must be
625 datagrams.  This capability might be used for single level networks or
639 from the MAC Sensitivity class MAY be included in a CIPSO option.  Given
647 If this condition is not satisfied the datagram MUST be discarded.
649 HOST_LABEL_MAX parameters MAY be substituted for the PORT parameters in
652 The DOI identifier to be used for all outgoing datagrams is configured by
680 CIPSO gateways MUST be capable of translating a CIPSO option from one
688 The CIPSO label to be used on all outgoing ICMP messages MUST be equivalent
698 interface then an ICMP message with the same label will probably not be
704 Requests for assignment of a DOI identifier number should be addressed to
731 To be added to or deleted from this distribution, send mail to: