RFC Documents Relevant to Security The following list of security-related RFC documents and their locations is arranged in chronological order from the earliest to the most recently published. RFC 912.Authentication Service. M. St. Johns. September 1984. (Discusses automated authentication of users, for example, in an FTP session.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc912.txt RFC 931.Authentication Server. M. St. Johns. January 1985. (Further discussion on automated authentication of users.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc931.txt RFC 1004.A Distributed-Protocol Authentication Scheme. D. L. Mills. April 1987. (Discusses access control and authentication procedures in distributed environments and services.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1004.txt RFC 1038.Draft Revised IP Security Option. M. St. Johns. January 1988. (Discusses protection of datagrams and classifications of such protection.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1038.txt RFC 1040.Privacy Enhancement for Internet Electronic Mail: Part I: Message Encipherment and Authentication Procedures. J. Linn. January 1988. (Discusses encryption and authentication for electronic mail.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1040.txt RFC 1108.Security Options for the Internet Protocol. S. Kent. November 1991. (Discusses extended security options in the Internet protocol and DoD guidelines.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1108.txt RFC 1113.Privacy Enhancement for Internet Electronic Mail: Part I: Message Encipherment and Authentication Procedures. J. Linn. August 1989. (Supersedes RFC 1040.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1113.txt RFC 1114.Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. S.T. Kent and J. Linn. August 1989. (Defines privacy enhancement mechanisms for electronic mail.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1114.txt RFC 1115.Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers. J. Linn. August 1989. (Technical and informational support to RFCs 1113 and 1114.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1115.txt RFC 1135.The Helminthiasis of the Internet. J. Reynolds. December 1989. (Famous RFC that describes the worm incident of November 1988.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1135.txt RFC 1170.Public Key Standards and Licenses. R. Fougner. January 1991. (Announcement of patents filed on Public Key Partners sublicense for digital signatures.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1170.txt RFC 1186.The MD4 Message Digest Algorithm. R. Rivest. October 1990. (The specification of MD4.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1186.txt RFC 1244.The Site Security Handbook. P. Holbrook and J. Reynolds. July 1991. (Famous RFC that lays out security practices and procedures. This RFC was an authoritative document for a long time. It is still pretty good and applies even today.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1244.txt RFC 1272.Internet Accounting. C. Mills, D. Hirsh and G. Ruth. November 1991. (Specifies system for accounting—network usage, traffic, and such.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1272.txt RFC 1281.Guidelines for the Secure Operation of the Internet. R. D. Pethia, S. Crockerand B. Y. Fraser. November 1991. (Celebrated document that sets forth guidelines for security.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1281.txt RFC 1319.The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. (Description of MD2 and how it works.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1319.txt RFC 1320.The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Description of MD4 and how it works.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1320.txt RFC 1321.The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Description of MD5 and how it works.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1321.txt RFC 1334.PPP Authentication Protocols. B. Lloyd and W. Simpson. October 1992. (Defines the Password Authentication Protocol and the Challenge-Handshake Authentication Protocol in PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1334.txt RFC 1352.SNMP Security Protocols. J. Galvin, K. McCloghrieand J. Davin. July 1992. (Simple Network Management Protocol security mechanisms.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1352.txt RFC 1355.Privacy and Accuracy Issues in Network Information Center Databases. J. Curran and A. Marine. August 1992. (Network Information Center operation and administration guidelines.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1355.txt RFC 1409.Telnet Authentication Option. D. Borman. January 1993. (Experimental protocol for Telnet authentication.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1409.txt RFC 1411.Telnet Authentication: Kerberos Version 4. D. Borman. January 1993. (Weaving Kerberos authentication into Telnet.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1411.txt RFC 1412.Telnet Authentication: SPX. K. Alagappan. January 1993. (Experimental protocol for Telnet authentication.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1412.txt RFC 1413.Identification Protocol. M. St. Johns. February 1993. (Introduction and explanation of IDENT protocol.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1413.txt RFC 1414.Identification MIB. M. St. Johns and M. Rose. February 1993. (Specifies MIB for identifying owners of TCP connections.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1414.txt RFC 1416.Telnet Authentication Option. D. Borman. February 1993. (Supersedes RFC 1409.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1416.txt RFC 1421.Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. J. Linn. February 1993. (Updates and supersedes RFC 1113.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1421.txt RFC 1422.Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. S. T. Kent and J. Linn. February 1993. (Updates and supersedes RFC 1114.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1422.txt RFC 1438.Internet Engineering Task Force Statements Of Boredom (SOBs). Chapin and Huitema. April 1993. (Not really a security-related RFC, but so classic that I simply couldn't leave it out. Check it out for yourself. Clearly, the funniest RFC ever written.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1438.txt RFC 1446.Security Protocols for Version 2 of the Simple Network Management Protocol. J. Galvin and K. McCloghrie. April 1993. (Specifies Security Protocols for SNMPv2.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1446.txt RFC 1455.Physical Link Security Type of Service. D. Eastlake. May 1993. (Experimental protocol to provide physical link security.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1455.txt RFC 1457.Security Label Framework for the Internet. R. Housley. May 1993. (Presents a label framework for network engineers to adhere to.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1457.txt RFC 1472.The Definitions of Managed Objects for the Security Protocols of the Point-to-Point Protocol. F. Kastenholz. June 1993. (Security Protocols on subnetwork interfaces using PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1472.txt RFC 1492.An Access Control Protocol, Sometimes Called TACACS. C. Finseth. July 1993. (Documents the extended TACACS protocol use by the Cisco Systems terminal servers.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1492.txt RFC 1507.DASS—Distributed Authentication Security Service. C. Kaufman. September 1993. (Discusses new proposed methods of authentication in distributed environments.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1507.txt RFC 1508.Generic Security Service Application Program Interface. J. Linn. September 1993. (Specifies a generic security framework for use in source-level porting of applications to different environments.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1508.txt RFC 1510.The Kerberos Network Authentication Service (V5). J. Kohl and C. Neumann. September 1993. (An overview of Kerberos 5.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1510.txt RFC 1511.Common Authentication Technology Overview. J. Linn. September 1993. (Administrative.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1511.txt RFC 1535.A Security Problem and Proposed Correction with Widely Deployed DNS Software. E. Gavron. October 1993. (Discusses flaws in some DNS clients and means of dealing with them.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1535.txt RFC 1544.The Content-MD5 Header Field. M. Rose. November 1993. (Discusses the use of optional header field, Content-MD5, for use with MIME-conformant messages.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1544.txt RFC 1675.Security Concerns for IPNG. S. Bellovin. August 1994. (Bellovin expresses concerns over lack of direct access to source addresses in IPNG.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1675.txt RFC 1704.On Internet Authentication. N. Haller and R. Atkinson. October 1994. (Treats a wide range of Internet authentication procedures and approaches.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1704.txt RFC 1731.IMAP4 Authentication Mechanisms. J. Myers. December 1994. (Internet Message Access Protocol authentication issues.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1731.txt RFC 1750.Randomness Recommendations for Security. D. Eastlake III, S. Crockerand J. Schiller. December 1994. (Extensive discussion of the difficulties surrounding deriving truly random values for key generation.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1750.txt RFC 1751.A Convention for Human-Readable 128-Bit Keys. D. McDonald. December 1994. (Proposed solutions for using 128-bit keys, which are hard to remember because of their length.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1751.txt RFC 1760.The S/KEY One-Time Password System. N. Haller. February 1995. (Describes Bellcore's S/Key OTP system.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1760.txt RFC 1810.Report on MD5 Performance. J. Touch. June 1995. (Discusses deficiencies of MD5 when viewed against the rates of T1 high-speed networks.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1810.txt RFC 1824.The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange. H. Danisch. August 1995. (Discussion of proposed protocol for key exchange, authentication, and generation of signatures.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1824.txt RFC 1827.IP Encapsulating Security Payload. R. Atkinson. August 1995. (Discusses methods of providing integrity and confidentiality to IP datagrams.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1827.txt RFC 1828.IP Authentication Using Keyed MD5. P. Metzger and W. Simpson. August 1995. (Discusses the use of keyed MD5 with the IP Authentication Header.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1828.txt RFC 1847.Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted. J. Galvin. S. Murphy, S. Crockerand N. Freed. October 1995. (Discusses a means of providing security services in MIME body parts.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1847.txt RFC 1848.MIME Object Security Services. S. Crocker, N. Freed, J. Galvinand S. Murphy. October 1995. (Discusses protocol for applying digital signature and encryption services to MIME objects.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1848.txt RFC 1852.IP Authentication Using Keyed SHA. P. Metzger and W. Simpson. September 1995. (Discusses the use of keys with the Secure Hash Algorithm to ensure datagram integrity.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1852.txt RFC 1853.IP in IP Tunneling. W. Simpson. October 1995. (Discusses methods of using IP payload encapsulation for tunneling with IP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1853.txt RFC 1858.Security Considerations for IP Fragment Filtering. G. Ziemba, D. Reed P. Traina. October 1995. (Discusses IP Fragment Filtering and the dangers inherent in fragmentation attacks.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1858.txt RFC 1910.User-Based Security Model for SNMPv2. G. Waters. February 1996. (Discussion of application of security features to SNMP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1910.txt RFC 1928.SOCKS Protocol Version 5. M. Leech. March 1996. (Discussion of the SOCKS protocol and its use to secure TCP and UDP traffic.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1928.txt RFC 1929.Username/Password Authentication for SOCKS V5. M. Leech. March 1996. (Discussion of SOCKS authentication.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1929.txt RFC 1948.Defending Against Sequence Number Attacks. S. Bellovin. May 1996. (Discussion of IP spoofing and TCP sequence number guessing attacks.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1948.txt RFC 1968.The PPP Encryption Control Protocol. G. Meyer. June 1996. (Discusses negotiating encryption over PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1968.txt RFC 1969.The PPP DES Encryption Protocol. K. Sklower and G. Meyer. June. 1996. (Discusses utilizing the Data Encryption Standard with PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1969.txt RFC 1991:PGP Message Exchange Formats. D. Atkins, W. Stallingsand P. Zimmermann. August 1996. (Adding PGP to message exchanges.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1991.txt RFC 2015.MIME Security with Pretty Good Privacy (PGP). M. Elkins. October 1996. (Privacy and authentication using the Multipurpose Internet Mail Extensions with PGP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2015.txt RFC 2040.The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms. R. Baldwin and R. Rivest. October 1996. (Defines all four ciphers in great detail.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2040.txt RFC 2057.Source Directed Access Control on the Internet. S. Bradner. November 1996. (Discusses possible avenues of filtering; an answer to the CDA.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2057.txt RFC 2065.Domain Name System Security Extensions. D. Eastlake, III and C. Kaufman. January 1997. (Adding more security to the DNS system.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2065.txt RFC 2069.An Extension to HTTP: Digest Access Authentication. J. Franks, P. Hallam Baker, J. Hostetler, P. Leach, A. Luotonen, E. Sinkand L. Stewart. January 1997. (Advanced authentication for HTTP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2069.txt RFC 2084.Considerations for Web Transaction Security. G. Bossert, S. Cooperand W. Drummond. January 1997. (Bringing confidentiality, authentication, and integrity to data sent via HTTP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2084.txt RFC 2085.HMAC-MD5 IP Authentication with Replay Prevention. M. Oehler and R. Glenn. February 1997. (Keyed-MD5 coupled with the IP Authentication Header.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2085.txt RFC 2137.Secure Domain Name System Dynamic Update. D. Eastlake, III. April 1997. (Describes use of digital signatures in DNS updates to enhance overall security of the DNS system.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2137.txt RFC 2144.The CAST-128 Encryption Algorithm. C. Adams. May 1997. (Description of 128-bit algorithm that can be used in authentication over network lines.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2144.txt RFC 2179.Network Security for Trade Shows. A. Gwinn. July 1997. (Document that addresses attacks that occur at trade shows and how to avoid them.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2179.txt RFC 2196.Site Security Handbook. B. Fraser, Editor. September 1997. (Updates 1244. Yet another version of the already useful document.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2196.txt RFC 2222.Simple Authentication and Security Layer. J. Myers. October 1997. (Describes a method for adding authentication support to connection-based protocols.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2222.txt RFC 2228.FTP Security Extensions. M. Horowitz and S. Lunt. October 1997. (Extending the security capabilities of FTP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2228.txt RFC 2230.Key Exchange Delegation Record for the DNS. R. Atkinson. November 1997. (Secure DNS and the exchanges made during a session.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2230.txt RFC 2245.Anonymous SASL Mechanism. C. Newman. November 1997. (New methods of authentication in anonymous services without using the now forbidden plaintext passwords traditionally associated with such services.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2245.txt RFC 2246.The TLS Protocol Version 1.0. T. Dierks. January 1999. (Describes a way to use Transport Layer Security to secure communications.) Location: http://www.ietf.org/rfc/rfc2246.txt RFC 2268.A Description of the RC2(r) Encryption Algorithm. R. Rivest. January 1998. (Describes an encryption algorithm.) http://www.ietf.org/rfc/rfc2268.txt RFC 2284.PPP Extensible Authentication Protocol (EAP). L. Blunk J. Vollbrecht. March 1998. (Describes an authentication protocol for PPP.) http://www.ietf.org/rfc/rfc2284.txt RFC 2289.A One-Time Password System. N. Haller, C. Metz, P. Nesser M. Straw. February 1998. (Describes a scheme where passwords are used only once.) http://www.ietf.org/rfc/rfc2289.txt RFC 2311.S/MIME Version 2 Message Specification. S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade L. Repka. March 1998. http://www.ietf.org/rfc/rfc2311.txt RFC 2312.S/MIME Version 2 Certificate Handling. S. Dusse, P. Hoffman, B. Ramsdell J. Weinstein. March 1998. http://www.ietf.org/rfc/rfc2312.txt RFC 2315.PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Describes the message format used in PKCS 7.) http://www.ietf.org/rfc/rfc2315.txt RFC 2316. Report of the IAB Security Architecture Workshop. S. Bellovin. April 1998. (A trip report of a security workshop by the Internet Architecture Board.) http://www.ietf.org/rfc/rfc2316.txt RFC 2350.Expectations for Computer Security Incident Response. N. Brownlee, E. Guttman. June 1998. (A best practices document covering dealing with security incidents.) http://www.ietf.org/rfc/rfc2350.txt RFC 2356.Sun's SKIP Firewall Traversal for Mobile IP. G. Montenegro, V. Gupta. June 1998. (Describes how a device with a mobile IP address acquires access through a SKIP firewall.) http://www.ietf.org/rfc/rfc2356.txt RFC 2367.PF_KEY Key Management API, Version 2. D. Mc Donald, C. Metz B. Phan. July 1998. (Describes a generic key management API.) http://www.ietf.org/rfc/rfc2367.txt RFC 2385.Protection of BGP Sessions via the TCP MD5 Signature Option. A. Heffernan. August 1998. (Describes an extension to TCP to secure BGP sessions.) http://www.ietf.org/rfc/rfc2385.txt RFC 2401. Security Architecture for the Internet Protocol. S. Kent R. Atkinson. November 1998. (Describes the architectural baseline for IPsec implementations.) http://www.ietf.org/rfc/rfc2401.txt RFC 2402. IP Authentication Header. S. Kent R. Atkinson. November 1998. (Describes a mechanism for authentication of IP datagrams.) http://www.ietf.org/rfc/rfc2402.txt RFC 2403. The Use of HMAC-MD5-96 within ESP and AH. C. Madson R. Glenn. November 1998. (Describes the combined use of the HMAC and MD5 algorithms as an authentication header in IPsec.) http://www.ietf.org/rfc/rfc2403.txt RFC 2404. The Use of HMAC-SHA-1-96 within ESP and AH. C. Madson R. Glenn. November 1998. (Describes the combined use of the HMAC and MD5 algorithms as an authentication header in IPsec.) http://www.ietf.org/rfc/rfc2404.txt RFC 2405. The ESP DES-CBC Cipher Algorithm with Explicit IV. C. Madson N. Doraswamy. November 1998. (Describes a confidentiality mechanism for IPsec.) http://www.ietf.org/rfc/rfc2405.txt RFC 2406. IP Encapsulating Security Payload (ESP). S. Kent R. Atkinson. November 1998. (Describes the Encapsulating Security Payload of IPsec, which provides security services.) http://www.ietf.org/rfc/rfc2406.txt RFC 2407. The Internet IP Security Domain of Interpretation for ISAKMP. D. Piper. November 1998. (Describes a mapping from ISAKMP to the Internet security domain.) http://www.ietf.org/rfc/rfc2407.txt RFC 2408. Internet Security Association and Key Management Protocol (ISAKMP). D. Maughan M. Schneider M. Schneider J. Turner. November 1998. (Describes a protocol for establishing security associations and keys.) http://www.ietf.org/rfc/rfc2408.txt RFC 2409. The Internet Key Exchange (IKE). D. Harkins D. Carrel. November 1998. (Describes a key exchange method for the Internet.) http://www.ietf.org/rfc/rfc2409.txt RFC 2410. The NULL Encryption Algorithm and Its Use with IPsec. R. Glenn S. Kent. November 1998. (Describes the way to send data with IPsec without encryption.) http://www.ietf.org/rfc/rfc2410.txt RFC 2411. IP Security Document Roadmap. R. Thayer, N. Doraswamy, R. Glenn. November 1998. (Discusses how IPsec-related specifications should be developed.) http://www.ietf.org/rfc/rfc2411.txt RFC 2412. The OAKLEY Key Determination Protocol. H. Orman. November 1998. (Describes a protocol for parties to agree on a key.) http://www.ietf.org/rfc/rfc2412.txt RFC 2419. The PPP DES Encryption Protocol, Version 2 (DESE-bis). K. Sklower G. Meyer. September 1998. (Describes how to use DES encryption over a PPP link.) http://www.ietf.org/rfc/rfc2419.txt RFC 2420. The PPP Triple-DES Encryption Protocol (3DESE). H. Kummert. September 1998. (Describes how to use Triple-DES encryption over a PPP link.) http://www.ietf.org/rfc/rfc2420.txt RFC 2433. Microsoft PPP CHAP Extensions. G. Zorn S. Cobb. October 1998. (Describes Microsoft PPP authentication protocol.) http://www.ietf.org/rfc/rfc2433.txt RFC 2437. PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski J. Staddon. October 1998. (Makes recommendations of how to implement public-key cryptography based on the RSA algorithm.) http://www.ietf.org/rfc/rfc2437.txt RFC 2440. OpenPGP Message Format. J. Callas, L. Donnerhacke, H. Finney R. Thayer. November 1998. (Describes the message format used by the OpenPGP email system.) http://www.ietf.org/rfc/rfc2440.txt RFC 2444.The One-Time-Password SASL Mechanism. C. Newman. October 1998. (Describes an authentication mechanism.) http://www.ietf.org/rfc/rfc2444.txt RFC 2451.The ESP CBC-Mode Cipher Algorithms. R. Pereira R. Adams. November 1998. (Describes how to use the CBC-Mode Cipher algorithms with IPsec.) http://www.ietf.org/rfc/rfc2451.txt RFC 2459.Internet X.509 Public Key Infrastructure Certificate and CRL Profile. R. Housley W. Ford W. Polk D. Solo. January 1999. (Gives an overview of the format of X.509 v3 certificates and X.509 v2 certification revocation lists.) http://www.ietf.org/rfc/rfc2459.txt RFC 2504.Users'Security Handbook. Guttman, L. Leong G. Malkin. February 1999. (A security handbook for the end user.) http://www.ietf.org/rfc/rfc2504.txt RFC 2510.Internet X.509 Public Key Infrastructure Certificate Management Protocols. C. Adams S. Farrell. March 1999. (Describes the protocols used for certificate management.) http://www.ietf.org/rfc/rfc2510.txt RFC 2511.Internet X.509 Certificate Request Message Format. M. Myers C. Adams D. Solo D. Kemp. March 1999. (Describes the Certificate Request Message Format [CRMF], used to convey a request for a certificate to a Certification Authority [CA].) http://www.ietf.org/rfc/rfc2511.txt RFC 2521.ICMP Security Failures Messages. P. Karn W. Simpson. March 1999. (Specifies ICMP messages for indicating failures when using IP Security Protocols.) http://www.ietf.org/rfc/rfc2521.txt RFC 2522.Photuris: Session-Key Management Protocol. P. Karn W. Simpson. March 1999. (Describes an experimental session-key management protocol.) http://www.ietf.org/rfc/rfc2522.txt RFC 2523.Photuris: Extended Schemes and Attributes. P. Karn W. Simpson. March 1999. (Describes extensions to Photuris.) http://www.ietf.org/rfc/rfc2523.txt RFC 2527.Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. S. Chokhani W. Ford. March 1999. (Presents a framework to be used in writing certificate policies of practices.) http://www.ietf.org/rfc/rfc2527.txt RFC 2528.Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates. R. Housley W. Polk. March 1999. (Specifies fields to be used in X.509 v3 for KEA keys.) http://www.ietf.org/rfc/rfc2528.txt RFC 2535.Domain Name System Security Extensions. D. Eastlake. March 1999. (Specifies extensions to DNS that validate data integrity and authentication.) http://www.ietf.org/rfc/rfc2535.txt RFC 2536.DSA KEYs and SIGs in the Domain Name System (DNS). D. Eastlake. March 1999. (Describes storing Digital Signature Algorithm information in DNS.) http://www.ietf.org/rfc/rfc2536.txt RFC 2537.RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). D. Eastlake. March 1999. (Describes storing RSA and MD5 information in DNS.) http://www.ietf.org/rfc/rfc2537.txt RFC 2538.Storing Certificates in the Domain Name System (DNS). D. Eastlake O. Gud- mundsson. March 1999. (Describes how to store digital certificates in DNS.) http://www.ietf.org/rfc/rfc2538.txt RFC 2541.DNS Security Operational Considerations. D. Eastlake. March 1999. (Describes considerations for the storage of certificates and keys in DNS.) http://www.ietf.org/rfc/rfc2541.txt RFC 2548.Microsoft Vendor-specific RADIUS Attributes. G. Zorn. March 1999. (Describes RADIUS attributes that apply to Microsoft systems.) http://www.ietf.org/rfc/rfc2548.txt RFC 2554.SMTP Service Extension for Authentication. J. Myers. March 1999. (Describes an extension to SMTP to handle authentication.) http://www.ietf.org/rfc/rfc2554.txt RFC 2559.Internet X.509 Public Key Infrastructure Operational Protocols—LDAPv2. S. Boeyen, T. Howes P. Richard. April 1999. (Describes a protocol that satisfies some of the requirements in the Internet X.509 PKI system.) http://www.ietf.org/rfc/rfc2559.txt RFC 2560.X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. M. Mayers R. Ankney, A. Malpani, S. Galperin, C. Adams. June 1999. (Describes a protocol for determining the status of a certificate.) http://www.ietf.org/rfc/rfc2560.txt RFC 2574.User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3). U. Blumenthal B. Wijnen. April 1999. (Defines a procedure for providing SNMP message level security.) http://www.ietf.org/rfc/rfc2574.txt RFC 2575.View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP). B. Wijnen, R. Presuhn K. McCloghrie. April 1999. (Defines a procedure for controlling access to management information.) http://www.ietf.org/rfc/rfc2575.txt RFC 2577.FTP Security Considerations. M. Allman. S. Ostermann. May 1999. (Makes recommendations on how system administrators can make FTP more secure at their site.) http://www.ietf.org/rfc/rfc2577.txt RFC 2585.Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP. R. Housley, P. Hoffman. May 1999. http://www.ietf.org/rfc/rfc2585.txt RFC 2587.Internet X.509 Public Key Infrastructure LDAPv2 Schema. S Boeyen T. Howes P. Richard. June 1999. (Describes the Schema used in LDAP for PKI.) http://www.ietf.org/rfc/rfc2587.txt RFC 2588.IP Multicast and Firewalls. R. Finlayson. May 1999. (Discusses issues related to allowing IP multicasts through firewalls.) http://www.ietf.org/rfc/rfc2588.txt RFC 2595.Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. (Describes how to use the TLS protocol, formerly known as SSL, with the various email reading protocols.) http://www.ietf.org/rfc/rfc2595.txt RFC 2617.HTTP Authentication: Basic and Digest Access Authentication. J. Franks P. Hallam-Backer, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen L. Stewart. June 1999. (Describes how basic and digest authentication works in HTTP.) http://www.ietf.org/rfc/rfc2617.txt RFC 2618.RADIUS Authentication Client MIB. B. Aboba, G. Zorn. June 1999. (Describes the SNMP MIB used by RADIUS clients for authentication.) http://www.ietf.org/rfc/rfc2618.txt RFC 2619.RADIUS Authentication Server MIB. G. Zorn, B. Aboba. June 1999. (Describes the SNMP MIB used by RADIUS servers for authentication.) http://www.ietf.org/rfc/rfc2619.txt RFC 2630.Cryptographic Message Syntax. R. Housley. June 1999. (Describes a syntax used for encrypting, digesting, signing or authenticating messages.) http://www.ietf.org/rfc/rfc2630.txt RFC 2631.Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. (Describes how one particular Diffie-Hellman variant works.) http://www.ietf.org/rfc/rfc2631.txt RFC 2632.S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed. June 1999. (Describes how the S/MIME email encryption standard certificate are handled.) http://www.ietf.org/rfc/rfc2632.txt RFC 2633.S/MIME Version 3 Message Specification. B. Ramsdell, Ed. June 1999. (Describes the message format for S/MIME email messages.) http://www.ietf.org/rfc/rfc2633.txt RFC 2634.Enhanced Security Services for S/MIME. P. Hoffman, Ed. June 1999. (Describes security services that can be used with S/MIME.) http://www.ietf.org/rfc/rfc2634.txt RFC 2659.Security Extensions For HTML. E. Rescorla, A. Schiffman. August 1999. (Describes how to embed S/HTTP negotiation into an HTML document.) http://www.ietf.org/rfc/rfc2659.txt RFC 2660.The Secure HyperText Transfer Protocol. E. Rescorla, A. Schiffman. August 1999. (Specifies how the secure version of HTTP works.) http://www.ietf.org/rfc/rfc2660.txt RFC 2661.Layer Two Tunneling Protocol "L2TP". W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn B. Palter. August 1999. (Specifies how L2TP, a VPN protocol, works.) http://www.ietf.org/rfc/rfc2661.txt RFC 2692.SPKI Requirements. C. Ellison. September 1999. (Discusses requirements of the PKI infrastructure.) http://www.ietf.org/rfc/rfc2692.txt RFC 2693.SPKI Certificate Theory. C. Ellison, B. Frantz, B. Lampson, R. Rivest B. Thomas T. Ylonen. September 1999. (Presents the theory of PKI certificates.) http://www.ietf.org/rfc/rfc2693.txt RFC 2695.Authentication Mechanisms for ONC RPC. A. Chiu. September 1999. (Describes two authentication mechanisms that can be used by Remote Procedure Call.) http://www.ietf.org/rfc/rfc2695.txt RFC 2712.Addition of Kerberos Cipher Suites to Transport Layer Security (TLS). A. Mevinsky M. Hur. October 1999. (Describes how to add Kerberos Ciphering to TLS.) http://www.ietf.org/rfc/rfc2712.txt RFC 2716.PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October 1999. (Explains how to use TLS for PPP authentication.) http://www.ietf.org/rfc/rfc2716.txt RFC 2726.PGP Authentication for RIPE Database Updates. J. Zsako. December 1999. (Describes how PGP authentication can be used to control updates to the IP address allocation database.) http://www.ietf.org/rfc/rfc2726.txt RFC 2743.Generic Security Service Application Program Interface Version 2, Update 1. J. Linn. January 2000. (Describes updates to the GSS-API.) http://www.ietf.org/rfc/rfc2743.txt RFC 2744.Generic Security Service API Version 2: C-bindings. J. Wray. January 2000. (Describes how the C programming language can access GSS-API.) http://www.ietf.org/rfc/rfc2744.txt RFC 2747.RSVP Cryptographic Authentication. F. Backer, B. Lindell M. Talwar. January 2000. (Describes how authentication can be used to protect a resource reservation system.) http://www.ietf.org/rfc/rfc2747.txt RFC 2755.Security Negotiation for WebNFS. A. Chiu M. Eisler, B. Callaghan. January 2000. (Discusses how WebNFS clients can negotiate with servers.) http://www.ietf.org/rfc/rfc2755.txt RFC 2759.Microsoft PPP CHAP Extensions, Version 2. G. Zorn. January 2000. (Describes the second version of the Microsoft PPP authentication extensions.) http://www.ietf.org/rfc/rfc2759.txt RFC 2773.Encryption using KEA and SKIPJACK. R. Housley P. Yee, W. Nace. February 2000. (Discusses how encryption is done with the KEA and SKIPJACK algorithms.) http://www.ietf.org/rfc/rfc2773.txt RFC 2792.DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System. M. Blaze J. Ioannidis A. Keromytis. March 2000. (Discusses key and signature handling in a trust-management system that is Internet-based.) http://www.ietf.org/rfc/rfc2792.txt RFC 2808.The SecurID(r) SASL Mechanism. M. Nystrom. April 2000. (Describes how the SecurID product can integrate with SASL.) http://www.ietf.org/rfc/rfc2808.txt RFC 2809.Implementation of L2TP Compulsory Tunneling via RADIUS. B. Aboba, G. Zorn. April 2000. (Discusses implementation issues when using L2TP compulsory tunneling in dial-up networks.) http://www.ietf.org/rfc/rfc2809.txt RFC 2817.Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May 2000. (Describes how a TCP connection can be upgraded to use TLS during a HTTP/1.1 session.) http://www.ietf.org/rfc/rfc2817.txt RFC 2818.HTTP Over TLS. E. Rescorla. May 2000. (Describes how HTTP runs over TLS.) http://www.ietf.org/rfc/rfc2818.txt RFC 2827.Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. P. Ferguson D. Senie. May 2000. (Discusses best practices that can be used to prevent denial of service attacks.) http://www.ietf.org/rfc/rfc2827.txt RFC 2828.Internet Security Glossary. R. Shirey. May 2000. (Provides a glossary of Internet security terms.) http://www.ietf.org/rfc/rfc2828.txt RFC 2829.Authentication Methods for LDAP. M. Wahl, H. Alvestrand, J. Hodges R. Morgan. May 2000. (Discusses methods that can be used for authentication within LDAP.) http://www.ietf.org/rfc/rfc2829.txt RFC 2831.Using Digest Authentication as an SASL Mechanism. P. Leach, C. Newman. May 2000. (Describes how to use the digest authentication method with SASL.) http://www.ietf.org/rfc/rfc2831.txt RFC 2841.IP Authentication using Keyed SHA1 with Interleaved Padding (IP-MAC). P. Metzger W. Simpson. November 2000. (Describes a method to authenticate and ensure integrity of IP datagrams using the Secure Hash Algorithm.) http://www.ietf.org/rfc/rfc2841.txt RFC 2845.Secret Key Transaction Authentication for DNS (TSIG). P. Vixie, O. Gudmunds-son, D. Eastlake B. Wellington. May 2000. (Describes how to do transaction-level authentica tion using one-way hashing and shared secrets.) http://www.ietf.org/rfc/rfc2845.txt RFC 2847.LIPKEY—A Low Infrastructure Public Key Mechanism Using SPKM. M. Eisler. June 2000. (Describes a way to get a secure channel using GSS-API and the Simple Public Key Mechanism.) http://www.ietf.org/rfc/rfc2847.txt RFC 2865.Remote Authentication Dial In User Service (RADIUS). C. Rigney, S. Willens A. Rubens, W. Simpson. June 2000. (Specifies the authentication mechanism that is used by many sites for dial-up access.) http://www.ietf.org/rfc/rfc2865.txt RFC 2876.Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July 2000. (Discusses ways to use the Key Exchange Algorithm and SKIPJACK together with the Crypto graphic Message Standard.) http://www.ietf.org/rfc/rfc2876.txt RFC 2898.PKCS #5: Password-Based Cryptography Specification Version 2.0. B. Kaliski. September 2000. (Makes recommendations on how to implement password-based cryptography.) http://www.ietf.org/rfc/rfc2898.txt RFC 2930.Secret Key Establishment for DNS (TKEY RR). D. Eastlake 3rd. September 2000. (Describes a way to authenticate using DNS queries using DNS resource records.) http://www.ietf.org/rfc/rfc2930.txt RFC 2941.Telnet Authentication Option. T. Ts'o , Editor, J. Altman. September 2000. (Describes an option that allows Telnet to negotiate if encryption should be used and if so, which algorithm.) http://www.ietf.org/rfc/rfc2941.txt RFC 2942.Telnet Authentication: Kerberos Version 5. T. Ts'o. September 2000. (Describes how Kerberos can be used to authenticate Telnet.) http://www.ietf.org/rfc/rfc2942.txt RFC 2943.TELNET Authentication Using DSA. R. Housley, T. Horting, P. Yee. September 2000. (Describes how the Digital Signature Algorithm can be used to authenticate Telnet.) http://www.ietf.org/rfc/rfc2943.txt RFC 2944.Telnet Authentication: SRP. T. Wu. September 2000. (Describes how the Secure Remote Password Protocol can be used to authenticate Telnet.) http://www.ietf.org/rfc/rfc2944.txt RFC 2945.The SRP Authentication and Key Exchange System. T. Wu. September 2000. (Specifies the Secure Remote Password Protocol.) http://www.ietf.org/rfc/rfc2945.txt RFC 2946.Telnet Data Encryption Option. T. Ts'o. September 2000. (Describes how Telnet can be used to confidentially encrypt data.) http://www.ietf.org/rfc/rfc2946.txt RFC 2947.Telnet Encryption: DES3 64-bit Cipher Feedback. J. Altman. September 2000. (Describes how Triple-DES can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2947.txt RFC 2948.Telnet Encryption: DES3 64-bit Output Feedback. J. Altman. September 2000. (Describes how Triple-DES in output feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2948.txt RFC 2949.Telnet Encryption: CAST-128 64-bit Output Feedback. J. Altman. September 2000. (Describes how the CAST-128 encryption algorithm in output feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2949.txt RFC 2950.Telnet Encryption: CAST-128 64-bit Cipher Feedback. J. Altman. September 2000. (Describes how the CAST-128 encryption algorithm in cipher feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2950.txt RFC 2951.TELNET Authentication Using KEA and SKIPJACK. R. Housley, T. Horting P. Yee. September 2000. (Describes how the Key Exchange Algorithm and SKIPJACK can be used to authenticate a Telnet session.) http://www.ietf.org/rfc/rfc2951.txt RFC 2952.Telnet Encryption: DES 64-bit Cipher Feedback. T. Ts'o. September 2000. (Describes how DES in cipher feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2952.txt RFC 2953.Telnet Encryption: DES 64-bit Output Feedback. T. Ts'o. September 2000. (Describes how DES in output feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2953.txt RFC 2977.Mobile IP Authentication, Authorization, and Accounting Requirements. S. Glass, T. Hiller, S. Jacobs C. Perkins. October 2000. (Provides requirements that have to be supported in Authentication, authorization, and accounting to provide Mobile IP services.) http://www.ietf.org/rfc/rfc2977.txt RFC 2984.Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. October 2000. (Describes how to use CAST-128 in the S/MIME Cryptographic Message Syntax.) http://www.ietf.org/rfc/rfc2984.txt RFC 2985.PKCS #9: Selected Object Classes and Attribute Types Version 2.0. M. Nystrom B. Kaliski. November 2000. (Provides an object interface and attributes to public-key cryptography and LDAP directories.) http://www.ietf.org/rfc/rfc2985.txt RFC 2986.PKCS #10: Certification Request Syntax Specification Version 1.7. M. Nystrom B. Kaliski. November 2000. (Describes the syntax for certification requests.) http://www.ietf.org/rfc/rfc2986.txt RFC 3007.Secure Domain Name System (DNS) Dynamic Update. B. Wellington. November 2000. (Makes a proposal on how dynamic DNS updates can be made securely.) http://www.ietf.org/rfc/rfc3007.txt RFC 3013.Recommended Internet Service Provider Security Services and Procedures. T. Killalea. November 2000. (Defines what the IETF thinks ISPs should be doing with respect to security.) http://www.ietf.org/rfc/rfc3013.txt |