bob@MorningStar.Com (Bob Sutterfield) (02/01/91)
RFC 1122 section 3.2.1.8(a) refers to an RFC 1108, "Internet Protocol Security Options," by one B. Schofield, dated October 1989. RFC 1122 also specifically warns that RFCs 1038 and 791 are obsolete, though it cites 791 as the source of its MUSTs and MAYs. But the RFC Index lists RFC 1108 as "not yet issued", and it indeed seems not to be available from the NIC. And RFC 1038 claims to be a pre-publication draft. What is the current authoritative reference in this area? Must an implementor order the revised MIL-STD 1777 from Navy Publications (as suggested in RFC 1038), or is it available on-line in RFC form?
huston@prime.com (Steve Huston) (02/02/91)
bob@MorningStar.Com (Bob Sutterfield) writes: >What is the current authoritative reference in this area? Must an >implementor order the revised MIL-STD 1777 from Navy Publications (as >suggested in RFC 1038), or is it available on-line in RFC form? RFC 1108 is still being worked on by it's author(s) (not me) and is rumored to be available "soon". If you plan to operate over military networks, maybe worth ordering MIL-STD 1777, else probably better to wait for RFC 1108. Steve Huston huston@relay.prime.com Prime Computer, Inc. +1 508 620 2800 ext 3099
jbvb@FTP.COM (James B. Van Bokkelen) (02/08/91)
Since nobody's answered this, I'll try. Note that my information may be
out of date...
RFC 1122 section 3.2.1.8(a) refers to an RFC 1108, "Internet Protocol
Security Options," by one B. Schofield, dated October 1989. RFC 1122
also specifically warns that RFCs 1038 and 791 are obsolete, though it
cites 791 as the source of its MUSTs and MAYs.
What this means is that nobody in the DoD wants the IP Security Option as
defined in either RFC 791 (the same as in Mil Std 1777) or RFC 1038
(major changes from the original RFC 791). However, RFC 1038 is a *lot*
closer to the mark. RFC 1108 was intended to replace 1038, with a bunch
of constants changed for the Blacker people, and the 'right' exception
handling procedure for both single-level hosts, multi-level hosts and
routers. However, it seems to have fallen into some interdepartmental
black hole since 1989 (I believe the person doing it got moved, and I
don't think anyone inherited both the responsibility and the authority.
What is the current authoritative reference in this area?
I don't know of one. What we implement in our current production version
of PC/TCP is a mid-89 draft of what was intended to become RFC 1108.
Nobody in the DoD has complained about this, but that could simply
indicate that noone is using our IPSO - I know they have PC/TCP...
At the time I was in touch with people at Cray, but I don't know exactly
what they implemented, and the only other mention of IPSO that I've seen
recently was Wollongong (VMS and SysV). Their glossy only mentions RFC
1038 and I don't have a copy to play with. The matter has come up at at
least one IETF I attended, but no answer was at hand. If you somehow
become enlightened, let us know...
James B. VanBokkelen 26 Princess St., Wakefield, MA 01880
FTP Software Inc. voice: (617) 246-0900 fax: (617) 246-0901braden@VENERA.ISI.EDU (02/09/91)
The problem of RFC-1108 has been receiving a great deal of back-room attention recently, and people who should know keep telling me "next month". Bob Braden