Appendix E

Appendix E. Vendor Information and Security Standards

IN THIS APPENDIX

        Vendor Security Information

        RFC Documents Relevant to Security

This appendix explains how to obtain security information from particular vendors. It also provides an annotated list of available Internet standards, known as Request for Comments (RFC) documents, that address security.

Vendor Security Information

Instead of an out-of-date list of vendor security bulletins, in this section, you will learn how to obtain the vendors'current lists of security bulletins and patches.

Any good system administrator will regularly check the security sites of the products he has or get on their security mailing lists.

Hewlett-Packard

Hewlett-Packard provides a great deal of security information. You must log in to their site to access it. The main page is http://us-support2.external.hp.com/common/bin/doc.pl/. Select Technical Knowledge Base after logging in.

You will see search bulletins and patches for HP-UX and MPE. HP-UX is HP's version of UNIX. MPE is an old minicomputer operating system from HP.

On HP's patch page, the best thing to do is to pick your series and OS version. Then change the box that says Search by Keyword to Browser Patch List.

For security bulletins, I recommend ignoring the links at the top of the page that only let you search the bulletins and instead find the Security Bulletin Archive. At the time of this writing, this link is at the very bottom of the page and in small print.

IBM

Unfortunately, IBM does not seem to have a good single spot for security and security patch information. What security information they have is scattered all over their Web sites.

IBM's main security page is http://www.ibm.com/security. This page is focused on security news and products. The library link on this page will take you to good information about security.

The main product support page is http://www.ibm.com/support/prodsupp.html. Each product group has its own Web page, and there is little consistency to the information by product. However, if you need security information by product, you should start at this point.

IBM's download page ( http://www.ibm.com/download) lets you download security products, but does not focus on security patches.

IBM's Lotus division has a page known as IT Central Security Zone. It is a well-focused page covering security with the Lotus products and can be found at http://www.lotus.com/security.

Linux

Many Linux distributions are available, and this section presents information on security sources for some of the major distributions.

Caldera

Caldera's security advisories page is located at http://www.calderasystems.com/support/security/. Caldera appears to have more security advisories than any other Linux distribution. This does not mean that their Linux is any less secure. In fact, the opposite is probably true. Each security advisory tells you the packages you need to download to fix a particular security problem.

Debian

Debian does something unusual among vendors; they provide security alerts from their main Web site. On http://www.debian.org/, you can scroll to the bottom of the page, and the security alerts are right there. Each security alert has links to software that needs to be downloaded to patch your system.

Red Hat

Red Hat's setup for security information is as good, if not better, than that of most of the big established companies. The main support page for Red Hat is http://www.redhat.com/apps/support/. From this page, you can select your OS version. Under each of the version-specific pages, you will find a link to the security advisories for that version. Each security advisory has links to the new version of software that has the bugs fixed.

Red Hat has something you would never see from the major OS vendors. You can search their bug database at http://bugzilla.redhat.com/bugzilla/ and see the currently open security bugs. From this page, click on Query existing bug reports.

You can select a particular product. If you don't, you'll get information on them all. In the status list box, you might want to add additional status information. In the summary field, you might want to put the word security. Then click Submit Query and you'll get back a list of bugs.

SuSE

SuSE is a German Linux distribution. The main security page for this Linux distribution is http://www.suse.com/us/support/security/index.html. From here, you can find all the security advisories. Each security advisory lists what needs to be downloaded to fix your system.

SuSE has a couple of useful mailing lists. suse-security@suse.com is for general security discussion. You can subscribe by sending email to suse-security-subscribe@suse.com. If you just want to get security announcements, send email to suse-security-announce-subscribe@suse.com.

Microsoft

There are many opinions on whether Microsoft does a good job of keeping on top of security issues. However, one thing you cannot fault them for is a shortage of security information on their Web site. The main security page is http://www.microsoft.com/security/.

From the main security page, you will find bulletins, best practices, tools, checklists, and articles. What Microsoft calls bulletins are really documents talking about patches they have out. To find out about other security issues, you need to go to a different part of their Web site the Knowledge Base.

The Microsoft Knowledge Base is full of information on their products including security issues. The main search page for the Knowledge Base is http://search.support.microsoft.com/kb/c.asp?ln=en-us. Pick the product you want to find security issues about. Many searches will result in security-related articles. I recommend a simple search on just the word "security" to get started. You'll get back all kinds of security articles.

Another useful resource on Microsoft's site is TechNet, available at http://www.microsoft.com/TechNet. Whereas Knowledge Base is a search into a database, TechNet is more article based including many articles about security.

Sun Microsystems

Sun Microsystems has a separate Web site for their security info called SunSolve ( http://sunsolve.sun.com). Sun takes security seriously on their site. You will find a link on the main page taking you to the security patch cluster so you can grab all the security patches for your version of Solaris as one file.

You will also see links to the latest security bulletin as well as an archive of security bulletins. These are good reading for understanding security issues related to Sun systems and Java.

You can contact Sun with security alerts by emailing security-alert@sun.com if you think you have discovered a new security problem. They also have a PGP key available on their Web site to use to encrypt communication with them. You can find instructions on the Sun site on how to regularly receive the Sun Bulletins via email.

RFC Documents Relevant to Security

The following list of security-related RFC documents and their locations is arranged in chronological order from the earliest to the most recently published.

RFC 912.Authentication Service. M. St. Johns. September 1984. (Discusses automated authentication of users, for example, in an FTP session.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc912.txt

RFC 931.Authentication Server. M. St. Johns. January 1985. (Further discussion on automated authentication of users.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc931.txt

RFC 1004.A Distributed-Protocol Authentication Scheme. D. L. Mills. April 1987. (Discusses access control and authentication procedures in distributed environments and services.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1004.txt

RFC 1038.Draft Revised IP Security Option. M. St. Johns. January 1988. (Discusses protection of datagrams and classifications of such protection.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1038.txt

RFC 1040.Privacy Enhancement for Internet Electronic Mail: Part I: Message Encipherment and Authentication Procedures. J. Linn. January 1988. (Discusses encryption and authentication for electronic mail.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1040.txt

RFC 1108.Security Options for the Internet Protocol. S. Kent. November 1991. (Discusses extended security options in the Internet protocol and DoD guidelines.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1108.txt

RFC 1113.Privacy Enhancement for Internet Electronic Mail: Part I: Message Encipherment and Authentication Procedures. J. Linn. August 1989. (Supersedes RFC 1040.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1113.txt

RFC 1114.Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. S.T. Kent and J. Linn. August 1989. (Defines privacy enhancement mechanisms for electronic mail.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1114.txt

RFC 1115.Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers. J. Linn. August 1989. (Technical and informational support to RFCs 1113 and 1114.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1115.txt

RFC 1135.The Helminthiasis of the Internet. J. Reynolds. December 1989. (Famous RFC that describes the worm incident of November 1988.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1135.txt

RFC 1170.Public Key Standards and Licenses. R. Fougner. January 1991. (Announcement of patents filed on Public Key Partners sublicense for digital signatures.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1170.txt

RFC 1186.The MD4 Message Digest Algorithm. R. Rivest. October 1990. (The specification of MD4.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1186.txt

RFC 1244.The Site Security Handbook. P. Holbrook and J. Reynolds. July 1991. (Famous RFC that lays out security practices and procedures. This RFC was an authoritative document for a long time. It is still pretty good and applies even today.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1244.txt

RFC 1272.Internet Accounting. C. Mills, D. Hirsh and G. Ruth. November 1991. (Specifies system for accounting—network usage, traffic, and such.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1272.txt

RFC 1281.Guidelines for the Secure Operation of the Internet. R. D. Pethia, S. Crockerand B. Y. Fraser. November 1991. (Celebrated document that sets forth guidelines for security.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1281.txt

RFC 1319.The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. (Description of MD2 and how it works.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1319.txt

RFC 1320.The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Description of MD4 and how it works.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1320.txt

RFC 1321.The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Description of MD5 and how it works.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1321.txt

RFC 1334.PPP Authentication Protocols. B. Lloyd and W. Simpson. October 1992. (Defines the Password Authentication Protocol and the Challenge-Handshake Authentication Protocol in PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1334.txt

RFC 1352.SNMP Security Protocols. J. Galvin, K. McCloghrieand J. Davin. July 1992. (Simple Network Management Protocol security mechanisms.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1352.txt

RFC 1355.Privacy and Accuracy Issues in Network Information Center Databases. J. Curran and A. Marine. August 1992. (Network Information Center operation and administration guidelines.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1355.txt

RFC 1409.Telnet Authentication Option. D. Borman. January 1993. (Experimental protocol for Telnet authentication.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1409.txt

RFC 1411.Telnet Authentication: Kerberos Version 4. D. Borman. January 1993. (Weaving Kerberos authentication into Telnet.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1411.txt

RFC 1412.Telnet Authentication: SPX. K. Alagappan. January 1993. (Experimental protocol for Telnet authentication.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1412.txt

RFC 1413.Identification Protocol. M. St. Johns. February 1993. (Introduction and explanation of IDENT protocol.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1413.txt

RFC 1414.Identification MIB. M. St. Johns and M. Rose. February 1993. (Specifies MIB for identifying owners of TCP connections.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1414.txt

RFC 1416.Telnet Authentication Option. D. Borman. February 1993. (Supersedes RFC 1409.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1416.txt

RFC 1421.Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. J. Linn. February 1993. (Updates and supersedes RFC 1113.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1421.txt

RFC 1422.Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. S. T. Kent and J. Linn. February 1993. (Updates and supersedes RFC 1114.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1422.txt

RFC 1438.Internet Engineering Task Force Statements Of Boredom (SOBs). Chapin and Huitema. April 1993. (Not really a security-related RFC, but so classic that I simply couldn't leave it out. Check it out for yourself. Clearly, the funniest RFC ever written.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1438.txt

RFC 1446.Security Protocols for Version 2 of the Simple Network Management Protocol. J. Galvin and K. McCloghrie. April 1993. (Specifies Security Protocols for SNMPv2.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1446.txt

RFC 1455.Physical Link Security Type of Service. D. Eastlake. May 1993. (Experimental protocol to provide physical link security.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1455.txt

RFC 1457.Security Label Framework for the Internet. R. Housley. May 1993. (Presents a label framework for network engineers to adhere to.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1457.txt

RFC 1472.The Definitions of Managed Objects for the Security Protocols of the Point-to-Point Protocol. F. Kastenholz. June 1993. (Security Protocols on subnetwork interfaces using PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1472.txt

RFC 1492.An Access Control Protocol, Sometimes Called TACACS. C. Finseth. July 1993. (Documents the extended TACACS protocol use by the Cisco Systems terminal servers.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1492.txt

RFC 1507.DASS—Distributed Authentication Security Service. C. Kaufman. September 1993. (Discusses new proposed methods of authentication in distributed environments.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1507.txt

RFC 1508.Generic Security Service Application Program Interface. J. Linn. September 1993. (Specifies a generic security framework for use in source-level porting of applications to different environments.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1508.txt

RFC 1510.The Kerberos Network Authentication Service (V5). J. Kohl and C. Neumann. September 1993. (An overview of Kerberos 5.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1510.txt

RFC 1511.Common Authentication Technology Overview. J. Linn. September 1993. (Administrative.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1511.txt

RFC 1535.A Security Problem and Proposed Correction with Widely Deployed DNS Software. E. Gavron. October 1993. (Discusses flaws in some DNS clients and means of dealing with them.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1535.txt

RFC 1544.The Content-MD5 Header Field. M. Rose. November 1993. (Discusses the use of optional header field, Content-MD5, for use with MIME-conformant messages.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1544.txt

RFC 1675.Security Concerns for IPNG. S. Bellovin. August 1994. (Bellovin expresses concerns over lack of direct access to source addresses in IPNG.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1675.txt

RFC 1704.On Internet Authentication. N. Haller and R. Atkinson. October 1994. (Treats a wide range of Internet authentication procedures and approaches.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1704.txt

RFC 1731.IMAP4 Authentication Mechanisms. J. Myers. December 1994. (Internet Message Access Protocol authentication issues.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1731.txt

RFC 1750.Randomness Recommendations for Security. D. Eastlake III, S. Crockerand J. Schiller. December 1994. (Extensive discussion of the difficulties surrounding deriving truly random values for key generation.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1750.txt

RFC 1751.A Convention for Human-Readable 128-Bit Keys. D. McDonald. December 1994. (Proposed solutions for using 128-bit keys, which are hard to remember because of their length.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1751.txt

RFC 1760.The S/KEY One-Time Password System. N. Haller. February 1995. (Describes Bellcore's S/Key OTP system.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1760.txt

RFC 1810.Report on MD5 Performance. J. Touch. June 1995. (Discusses deficiencies of MD5 when viewed against the rates of T1 high-speed networks.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1810.txt

RFC 1824.The Exponential Security System TESS: An Identity-Based Cryptographic Protocol for Authenticated Key-Exchange. H. Danisch. August 1995. (Discussion of proposed protocol for key exchange, authentication, and generation of signatures.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1824.txt

RFC 1827.IP Encapsulating Security Payload. R. Atkinson. August 1995. (Discusses methods of providing integrity and confidentiality to IP datagrams.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1827.txt

RFC 1828.IP Authentication Using Keyed MD5. P. Metzger and W. Simpson. August 1995. (Discusses the use of keyed MD5 with the IP Authentication Header.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1828.txt

RFC 1847.Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted. J. Galvin. S. Murphy, S. Crockerand N. Freed. October 1995. (Discusses a means of providing security services in MIME body parts.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1847.txt

RFC 1848.MIME Object Security Services. S. Crocker, N. Freed, J. Galvinand S. Murphy. October 1995. (Discusses protocol for applying digital signature and encryption services to MIME objects.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1848.txt

RFC 1852.IP Authentication Using Keyed SHA. P. Metzger and W. Simpson. September 1995. (Discusses the use of keys with the Secure Hash Algorithm to ensure datagram integrity.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1852.txt

RFC 1853.IP in IP Tunneling. W. Simpson. October 1995. (Discusses methods of using IP payload encapsulation for tunneling with IP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1853.txt

RFC 1858.Security Considerations for IP Fragment Filtering. G. Ziemba, D. Reed P. Traina. October 1995. (Discusses IP Fragment Filtering and the dangers inherent in fragmentation attacks.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1858.txt

RFC 1910.User-Based Security Model for SNMPv2. G. Waters. February 1996. (Discussion of application of security features to SNMP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1910.txt

RFC 1928.SOCKS Protocol Version 5. M. Leech. March 1996. (Discussion of the SOCKS protocol and its use to secure TCP and UDP traffic.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1928.txt

RFC 1929.Username/Password Authentication for SOCKS V5. M. Leech. March 1996. (Discussion of SOCKS authentication.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1929.txt

RFC 1948.Defending Against Sequence Number Attacks. S. Bellovin. May 1996. (Discussion of IP spoofing and TCP sequence number guessing attacks.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1948.txt

RFC 1968.The PPP Encryption Control Protocol. G. Meyer. June 1996. (Discusses negotiating encryption over PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1968.txt

RFC 1969.The PPP DES Encryption Protocol. K. Sklower and G. Meyer. June. 1996. (Discusses utilizing the Data Encryption Standard with PPP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1969.txt

RFC 1991:PGP Message Exchange Formats. D. Atkins, W. Stallingsand P. Zimmermann. August 1996. (Adding PGP to message exchanges.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1991.txt

RFC 2015.MIME Security with Pretty Good Privacy (PGP). M. Elkins. October 1996. (Privacy and authentication using the Multipurpose Internet Mail Extensions with PGP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2015.txt

RFC 2040.The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms. R. Baldwin and R. Rivest. October 1996. (Defines all four ciphers in great detail.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2040.txt

RFC 2057.Source Directed Access Control on the Internet. S. Bradner. November 1996. (Discusses possible avenues of filtering; an answer to the CDA.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2057.txt

RFC 2065.Domain Name System Security Extensions. D. Eastlake, III and C. Kaufman. January 1997. (Adding more security to the DNS system.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2065.txt

RFC 2069.An Extension to HTTP: Digest Access Authentication. J. Franks, P. Hallam Baker, J. Hostetler, P. Leach, A. Luotonen, E. Sinkand L. Stewart. January 1997. (Advanced authentication for HTTP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2069.txt

RFC 2084.Considerations for Web Transaction Security. G. Bossert, S. Cooperand W. Drummond. January 1997. (Bringing confidentiality, authentication, and integrity to data sent via HTTP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2084.txt

RFC 2085.HMAC-MD5 IP Authentication with Replay Prevention. M. Oehler and R. Glenn. February 1997. (Keyed-MD5 coupled with the IP Authentication Header.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2085.txt

RFC 2137.Secure Domain Name System Dynamic Update. D. Eastlake, III. April 1997. (Describes use of digital signatures in DNS updates to enhance overall security of the DNS system.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2137.txt

RFC 2144.The CAST-128 Encryption Algorithm. C. Adams. May 1997. (Description of 128-bit algorithm that can be used in authentication over network lines.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2144.txt

RFC 2179.Network Security for Trade Shows. A. Gwinn. July 1997. (Document that addresses attacks that occur at trade shows and how to avoid them.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2179.txt

RFC 2196.Site Security Handbook. B. Fraser, Editor. September 1997. (Updates 1244. Yet another version of the already useful document.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2196.txt

RFC 2222.Simple Authentication and Security Layer. J. Myers. October 1997. (Describes a method for adding authentication support to connection-based protocols.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2222.txt

RFC 2228.FTP Security Extensions. M. Horowitz and S. Lunt. October 1997. (Extending the security capabilities of FTP.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2228.txt

RFC 2230.Key Exchange Delegation Record for the DNS. R. Atkinson. November 1997. (Secure DNS and the exchanges made during a session.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2230.txt

RFC 2245.Anonymous SASL Mechanism. C. Newman. November 1997. (New methods of authentication in anonymous services without using the now forbidden plaintext passwords traditionally associated with such services.) Location: http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2245.txt

RFC 2246.The TLS Protocol Version 1.0. T. Dierks. January 1999. (Describes a way to use Transport Layer Security to secure communications.) Location: http://www.ietf.org/rfc/rfc2246.txt

RFC 2268.A Description of the RC2(r) Encryption Algorithm. R. Rivest. January 1998. (Describes an encryption algorithm.) http://www.ietf.org/rfc/rfc2268.txt

RFC 2284.PPP Extensible Authentication Protocol (EAP). L. Blunk J. Vollbrecht. March 1998. (Describes an authentication protocol for PPP.) http://www.ietf.org/rfc/rfc2284.txt

RFC 2289.A One-Time Password System. N. Haller, C. Metz, P. Nesser M. Straw. February 1998. (Describes a scheme where passwords are used only once.) http://www.ietf.org/rfc/rfc2289.txt

RFC 2311.S/MIME Version 2 Message Specification. S. Dusse, P. Hoffman, B. Ramsdell, L. Lundblade L. Repka. March 1998. http://www.ietf.org/rfc/rfc2311.txt

RFC 2312.S/MIME Version 2 Certificate Handling. S. Dusse, P. Hoffman, B. Ramsdell J. Weinstein. March 1998. http://www.ietf.org/rfc/rfc2312.txt

RFC 2315.PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Describes the message format used in PKCS 7.) http://www.ietf.org/rfc/rfc2315.txt

RFC 2316. Report of the IAB Security Architecture Workshop. S. Bellovin. April 1998. (A trip report of a security workshop by the Internet Architecture Board.) http://www.ietf.org/rfc/rfc2316.txt

RFC 2350.Expectations for Computer Security Incident Response. N. Brownlee, E. Guttman. June 1998. (A best practices document covering dealing with security incidents.) http://www.ietf.org/rfc/rfc2350.txt

RFC 2356.Sun's SKIP Firewall Traversal for Mobile IP. G. Montenegro, V. Gupta. June 1998. (Describes how a device with a mobile IP address acquires access through a SKIP firewall.) http://www.ietf.org/rfc/rfc2356.txt

RFC 2367.PF_KEY Key Management API, Version 2. D. Mc Donald, C. Metz B. Phan. July 1998. (Describes a generic key management API.) http://www.ietf.org/rfc/rfc2367.txt

RFC 2385.Protection of BGP Sessions via the TCP MD5 Signature Option. A. Heffernan. August 1998. (Describes an extension to TCP to secure BGP sessions.) http://www.ietf.org/rfc/rfc2385.txt

RFC 2401. Security Architecture for the Internet Protocol. S. Kent R. Atkinson. November 1998. (Describes the architectural baseline for IPsec implementations.) http://www.ietf.org/rfc/rfc2401.txt

RFC 2402. IP Authentication Header. S. Kent R. Atkinson. November 1998. (Describes a mechanism for authentication of IP datagrams.) http://www.ietf.org/rfc/rfc2402.txt

RFC 2403. The Use of HMAC-MD5-96 within ESP and AH. C. Madson R. Glenn. November 1998. (Describes the combined use of the HMAC and MD5 algorithms as an authentication header in IPsec.) http://www.ietf.org/rfc/rfc2403.txt

RFC 2404. The Use of HMAC-SHA-1-96 within ESP and AH. C. Madson R. Glenn. November 1998. (Describes the combined use of the HMAC and MD5 algorithms as an authentication header in IPsec.) http://www.ietf.org/rfc/rfc2404.txt

RFC 2405. The ESP DES-CBC Cipher Algorithm with Explicit IV. C. Madson N. Doraswamy. November 1998. (Describes a confidentiality mechanism for IPsec.) http://www.ietf.org/rfc/rfc2405.txt

RFC 2406. IP Encapsulating Security Payload (ESP). S. Kent R. Atkinson. November 1998. (Describes the Encapsulating Security Payload of IPsec, which provides security services.) http://www.ietf.org/rfc/rfc2406.txt

RFC 2407. The Internet IP Security Domain of Interpretation for ISAKMP. D. Piper. November 1998. (Describes a mapping from ISAKMP to the Internet security domain.) http://www.ietf.org/rfc/rfc2407.txt

RFC 2408. Internet Security Association and Key Management Protocol (ISAKMP). D. Maughan M. Schneider M. Schneider J. Turner. November 1998. (Describes a protocol for establishing security associations and keys.) http://www.ietf.org/rfc/rfc2408.txt

RFC 2409. The Internet Key Exchange (IKE). D. Harkins D. Carrel. November 1998. (Describes a key exchange method for the Internet.) http://www.ietf.org/rfc/rfc2409.txt

RFC 2410. The NULL Encryption Algorithm and Its Use with IPsec. R. Glenn S. Kent. November 1998. (Describes the way to send data with IPsec without encryption.) http://www.ietf.org/rfc/rfc2410.txt

RFC 2411. IP Security Document Roadmap. R. Thayer, N. Doraswamy, R. Glenn. November 1998. (Discusses how IPsec-related specifications should be developed.) http://www.ietf.org/rfc/rfc2411.txt

RFC 2412. The OAKLEY Key Determination Protocol. H. Orman. November 1998. (Describes a protocol for parties to agree on a key.) http://www.ietf.org/rfc/rfc2412.txt

RFC 2419. The PPP DES Encryption Protocol, Version 2 (DESE-bis). K. Sklower G. Meyer. September 1998. (Describes how to use DES encryption over a PPP link.) http://www.ietf.org/rfc/rfc2419.txt

RFC 2420. The PPP Triple-DES Encryption Protocol (3DESE). H. Kummert. September 1998. (Describes how to use Triple-DES encryption over a PPP link.) http://www.ietf.org/rfc/rfc2420.txt

RFC 2433. Microsoft PPP CHAP Extensions. G. Zorn S. Cobb. October 1998. (Describes Microsoft PPP authentication protocol.) http://www.ietf.org/rfc/rfc2433.txt

RFC 2437. PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski J. Staddon. October 1998. (Makes recommendations of how to implement public-key cryptography based on the RSA algorithm.) http://www.ietf.org/rfc/rfc2437.txt

RFC 2440. OpenPGP Message Format. J. Callas, L. Donnerhacke, H. Finney R. Thayer. November 1998. (Describes the message format used by the OpenPGP email system.) http://www.ietf.org/rfc/rfc2440.txt

RFC 2444.The One-Time-Password SASL Mechanism. C. Newman. October 1998. (Describes an authentication mechanism.) http://www.ietf.org/rfc/rfc2444.txt

RFC 2451.The ESP CBC-Mode Cipher Algorithms. R. Pereira R. Adams. November 1998. (Describes how to use the CBC-Mode Cipher algorithms with IPsec.) http://www.ietf.org/rfc/rfc2451.txt

RFC 2459.Internet X.509 Public Key Infrastructure Certificate and CRL Profile. R. Housley W. Ford W. Polk D. Solo. January 1999. (Gives an overview of the format of X.509 v3 certificates and X.509 v2 certification revocation lists.) http://www.ietf.org/rfc/rfc2459.txt

RFC 2504.Users'Security Handbook. Guttman, L. Leong G. Malkin. February 1999. (A security handbook for the end user.) http://www.ietf.org/rfc/rfc2504.txt

RFC 2510.Internet X.509 Public Key Infrastructure Certificate Management Protocols. C. Adams S. Farrell. March 1999. (Describes the protocols used for certificate management.) http://www.ietf.org/rfc/rfc2510.txt

RFC 2511.Internet X.509 Certificate Request Message Format. M. Myers C. Adams D. Solo D. Kemp. March 1999. (Describes the Certificate Request Message Format [CRMF], used to convey a request for a certificate to a Certification Authority [CA].) http://www.ietf.org/rfc/rfc2511.txt

RFC 2521.ICMP Security Failures Messages. P. Karn W. Simpson. March 1999. (Specifies ICMP messages for indicating failures when using IP Security Protocols.) http://www.ietf.org/rfc/rfc2521.txt

RFC 2522.Photuris: Session-Key Management Protocol. P. Karn W. Simpson. March 1999. (Describes an experimental session-key management protocol.) http://www.ietf.org/rfc/rfc2522.txt

RFC 2523.Photuris: Extended Schemes and Attributes. P. Karn W. Simpson. March 1999. (Describes extensions to Photuris.) http://www.ietf.org/rfc/rfc2523.txt

RFC 2527.Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. S. Chokhani W. Ford. March 1999. (Presents a framework to be used in writing certificate policies of practices.) http://www.ietf.org/rfc/rfc2527.txt

RFC 2528.Internet X.509 Public Key Infrastructure Representation of Key Exchange Algorithm (KEA) Keys in Internet X.509 Public Key Infrastructure Certificates. R. Housley W. Polk. March 1999. (Specifies fields to be used in X.509 v3 for KEA keys.) http://www.ietf.org/rfc/rfc2528.txt

RFC 2535.Domain Name System Security Extensions. D. Eastlake. March 1999. (Specifies extensions to DNS that validate data integrity and authentication.) http://www.ietf.org/rfc/rfc2535.txt

RFC 2536.DSA KEYs and SIGs in the Domain Name System (DNS). D. Eastlake. March 1999. (Describes storing Digital Signature Algorithm information in DNS.) http://www.ietf.org/rfc/rfc2536.txt

RFC 2537.RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). D. Eastlake. March 1999. (Describes storing RSA and MD5 information in DNS.) http://www.ietf.org/rfc/rfc2537.txt

RFC 2538.Storing Certificates in the Domain Name System (DNS). D. Eastlake O. Gud- mundsson. March 1999. (Describes how to store digital certificates in DNS.) http://www.ietf.org/rfc/rfc2538.txt

RFC 2541.DNS Security Operational Considerations. D. Eastlake. March 1999. (Describes considerations for the storage of certificates and keys in DNS.) http://www.ietf.org/rfc/rfc2541.txt

RFC 2548.Microsoft Vendor-specific RADIUS Attributes. G. Zorn. March 1999. (Describes RADIUS attributes that apply to Microsoft systems.) http://www.ietf.org/rfc/rfc2548.txt

RFC 2554.SMTP Service Extension for Authentication. J. Myers. March 1999. (Describes an extension to SMTP to handle authentication.) http://www.ietf.org/rfc/rfc2554.txt

RFC 2559.Internet X.509 Public Key Infrastructure Operational Protocols—LDAPv2. S. Boeyen, T. Howes P. Richard. April 1999. (Describes a protocol that satisfies some of the requirements in the Internet X.509 PKI system.) http://www.ietf.org/rfc/rfc2559.txt

RFC 2560.X.509 Internet Public Key Infrastructure Online Certificate Status Protocol—OCSP. M. Mayers R. Ankney, A. Malpani, S. Galperin, C. Adams. June 1999. (Describes a protocol for determining the status of a certificate.) http://www.ietf.org/rfc/rfc2560.txt

RFC 2574.User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3). U. Blumenthal B. Wijnen. April 1999. (Defines a procedure for providing SNMP message level security.) http://www.ietf.org/rfc/rfc2574.txt

RFC 2575.View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP). B. Wijnen, R. Presuhn K. McCloghrie. April 1999. (Defines a procedure for controlling access to management information.) http://www.ietf.org/rfc/rfc2575.txt

RFC 2577.FTP Security Considerations. M. Allman. S. Ostermann. May 1999. (Makes recommendations on how system administrators can make FTP more secure at their site.) http://www.ietf.org/rfc/rfc2577.txt

RFC 2585.Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP. R. Housley, P. Hoffman. May 1999. http://www.ietf.org/rfc/rfc2585.txt

RFC 2587.Internet X.509 Public Key Infrastructure LDAPv2 Schema. S Boeyen T. Howes P. Richard. June 1999. (Describes the Schema used in LDAP for PKI.) http://www.ietf.org/rfc/rfc2587.txt

RFC 2588.IP Multicast and Firewalls. R. Finlayson. May 1999. (Discusses issues related to allowing IP multicasts through firewalls.) http://www.ietf.org/rfc/rfc2588.txt

RFC 2595.Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. (Describes how to use the TLS protocol, formerly known as SSL, with the various email reading protocols.) http://www.ietf.org/rfc/rfc2595.txt

RFC 2617.HTTP Authentication: Basic and Digest Access Authentication. J. Franks P. Hallam-Backer, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen L. Stewart. June 1999. (Describes how basic and digest authentication works in HTTP.) http://www.ietf.org/rfc/rfc2617.txt

RFC 2618.RADIUS Authentication Client MIB. B. Aboba, G. Zorn. June 1999. (Describes the SNMP MIB used by RADIUS clients for authentication.) http://www.ietf.org/rfc/rfc2618.txt

RFC 2619.RADIUS Authentication Server MIB. G. Zorn, B. Aboba. June 1999. (Describes the SNMP MIB used by RADIUS servers for authentication.) http://www.ietf.org/rfc/rfc2619.txt

RFC 2630.Cryptographic Message Syntax. R. Housley. June 1999. (Describes a syntax used for encrypting, digesting, signing or authenticating messages.) http://www.ietf.org/rfc/rfc2630.txt

RFC 2631.Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. (Describes how one particular Diffie-Hellman variant works.) http://www.ietf.org/rfc/rfc2631.txt

RFC 2632.S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed. June 1999. (Describes how the S/MIME email encryption standard certificate are handled.) http://www.ietf.org/rfc/rfc2632.txt

RFC 2633.S/MIME Version 3 Message Specification. B. Ramsdell, Ed. June 1999. (Describes the message format for S/MIME email messages.) http://www.ietf.org/rfc/rfc2633.txt

RFC 2634.Enhanced Security Services for S/MIME. P. Hoffman, Ed. June 1999. (Describes security services that can be used with S/MIME.) http://www.ietf.org/rfc/rfc2634.txt

RFC 2659.Security Extensions For HTML. E. Rescorla, A. Schiffman. August 1999. (Describes how to embed S/HTTP negotiation into an HTML document.) http://www.ietf.org/rfc/rfc2659.txt

RFC 2660.The Secure HyperText Transfer Protocol. E. Rescorla, A. Schiffman. August 1999. (Specifies how the secure version of HTTP works.) http://www.ietf.org/rfc/rfc2660.txt

RFC 2661.Layer Two Tunneling Protocol "L2TP". W. Townsley, A. Valencia, A. Rubens, G. Pall, G. Zorn B. Palter. August 1999. (Specifies how L2TP, a VPN protocol, works.) http://www.ietf.org/rfc/rfc2661.txt

RFC 2692.SPKI Requirements. C. Ellison. September 1999. (Discusses requirements of the PKI infrastructure.) http://www.ietf.org/rfc/rfc2692.txt

RFC 2693.SPKI Certificate Theory. C. Ellison, B. Frantz, B. Lampson, R. Rivest B. Thomas T. Ylonen. September 1999. (Presents the theory of PKI certificates.) http://www.ietf.org/rfc/rfc2693.txt

RFC 2695.Authentication Mechanisms for ONC RPC. A. Chiu. September 1999. (Describes two authentication mechanisms that can be used by Remote Procedure Call.) http://www.ietf.org/rfc/rfc2695.txt

RFC 2712.Addition of Kerberos Cipher Suites to Transport Layer Security (TLS). A. Mevinsky M. Hur. October 1999. (Describes how to add Kerberos Ciphering to TLS.) http://www.ietf.org/rfc/rfc2712.txt

RFC 2716.PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October 1999. (Explains how to use TLS for PPP authentication.) http://www.ietf.org/rfc/rfc2716.txt

RFC 2726.PGP Authentication for RIPE Database Updates. J. Zsako. December 1999. (Describes how PGP authentication can be used to control updates to the IP address allocation database.) http://www.ietf.org/rfc/rfc2726.txt

RFC 2743.Generic Security Service Application Program Interface Version 2, Update 1. J. Linn. January 2000. (Describes updates to the GSS-API.) http://www.ietf.org/rfc/rfc2743.txt

RFC 2744.Generic Security Service API Version 2: C-bindings. J. Wray. January 2000. (Describes how the C programming language can access GSS-API.) http://www.ietf.org/rfc/rfc2744.txt

RFC 2747.RSVP Cryptographic Authentication. F. Backer, B. Lindell M. Talwar. January 2000. (Describes how authentication can be used to protect a resource reservation system.) http://www.ietf.org/rfc/rfc2747.txt

RFC 2755.Security Negotiation for WebNFS. A. Chiu M. Eisler, B. Callaghan. January 2000. (Discusses how WebNFS clients can negotiate with servers.) http://www.ietf.org/rfc/rfc2755.txt

RFC 2759.Microsoft PPP CHAP Extensions, Version 2. G. Zorn. January 2000. (Describes the second version of the Microsoft PPP authentication extensions.) http://www.ietf.org/rfc/rfc2759.txt

RFC 2773.Encryption using KEA and SKIPJACK. R. Housley P. Yee, W. Nace. February 2000. (Discusses how encryption is done with the KEA and SKIPJACK algorithms.) http://www.ietf.org/rfc/rfc2773.txt

RFC 2792.DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System. M. Blaze J. Ioannidis A. Keromytis. March 2000. (Discusses key and signature handling in a trust-management system that is Internet-based.) http://www.ietf.org/rfc/rfc2792.txt

RFC 2808.The SecurID(r) SASL Mechanism. M. Nystrom. April 2000. (Describes how the SecurID product can integrate with SASL.) http://www.ietf.org/rfc/rfc2808.txt

RFC 2809.Implementation of L2TP Compulsory Tunneling via RADIUS. B. Aboba, G. Zorn. April 2000. (Discusses implementation issues when using L2TP compulsory tunneling in dial-up networks.) http://www.ietf.org/rfc/rfc2809.txt

RFC 2817.Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May 2000. (Describes how a TCP connection can be upgraded to use TLS during a HTTP/1.1 session.) http://www.ietf.org/rfc/rfc2817.txt

RFC 2818.HTTP Over TLS. E. Rescorla. May 2000. (Describes how HTTP runs over TLS.) http://www.ietf.org/rfc/rfc2818.txt

RFC 2827.Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. P. Ferguson D. Senie. May 2000. (Discusses best practices that can be used to prevent denial of service attacks.) http://www.ietf.org/rfc/rfc2827.txt

RFC 2828.Internet Security Glossary. R. Shirey. May 2000. (Provides a glossary of Internet security terms.) http://www.ietf.org/rfc/rfc2828.txt

RFC 2829.Authentication Methods for LDAP. M. Wahl, H. Alvestrand, J. Hodges R. Morgan. May 2000. (Discusses methods that can be used for authentication within LDAP.) http://www.ietf.org/rfc/rfc2829.txt

RFC 2831.Using Digest Authentication as an SASL Mechanism. P. Leach, C. Newman. May 2000. (Describes how to use the digest authentication method with SASL.) http://www.ietf.org/rfc/rfc2831.txt

RFC 2841.IP Authentication using Keyed SHA1 with Interleaved Padding (IP-MAC). P. Metzger W. Simpson. November 2000. (Describes a method to authenticate and ensure integrity of IP datagrams using the Secure Hash Algorithm.) http://www.ietf.org/rfc/rfc2841.txt

RFC 2845.Secret Key Transaction Authentication for DNS (TSIG). P. Vixie, O. Gudmunds-son, D. Eastlake B. Wellington. May 2000. (Describes how to do transaction-level authentica tion using one-way hashing and shared secrets.) http://www.ietf.org/rfc/rfc2845.txt

RFC 2847.LIPKEY—A Low Infrastructure Public Key Mechanism Using SPKM. M. Eisler. June 2000. (Describes a way to get a secure channel using GSS-API and the Simple Public Key Mechanism.) http://www.ietf.org/rfc/rfc2847.txt

RFC 2865.Remote Authentication Dial In User Service (RADIUS). C. Rigney, S. Willens A. Rubens, W. Simpson. June 2000. (Specifies the authentication mechanism that is used by many sites for dial-up access.) http://www.ietf.org/rfc/rfc2865.txt

RFC 2876.Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July 2000. (Discusses ways to use the Key Exchange Algorithm and SKIPJACK together with the Crypto graphic Message Standard.) http://www.ietf.org/rfc/rfc2876.txt

RFC 2898.PKCS #5: Password-Based Cryptography Specification Version 2.0. B. Kaliski. September 2000. (Makes recommendations on how to implement password-based cryptography.) http://www.ietf.org/rfc/rfc2898.txt

RFC 2930.Secret Key Establishment for DNS (TKEY RR). D. Eastlake 3rd. September 2000. (Describes a way to authenticate using DNS queries using DNS resource records.) http://www.ietf.org/rfc/rfc2930.txt

RFC 2941.Telnet Authentication Option. T. Ts'o , Editor, J. Altman. September 2000. (Describes an option that allows Telnet to negotiate if encryption should be used and if so, which algorithm.) http://www.ietf.org/rfc/rfc2941.txt

RFC 2942.Telnet Authentication: Kerberos Version 5. T. Ts'o. September 2000. (Describes how Kerberos can be used to authenticate Telnet.) http://www.ietf.org/rfc/rfc2942.txt

RFC 2943.TELNET Authentication Using DSA. R. Housley, T. Horting, P. Yee. September 2000. (Describes how the Digital Signature Algorithm can be used to authenticate Telnet.) http://www.ietf.org/rfc/rfc2943.txt

RFC 2944.Telnet Authentication: SRP. T. Wu. September 2000. (Describes how the Secure Remote Password Protocol can be used to authenticate Telnet.) http://www.ietf.org/rfc/rfc2944.txt

RFC 2945.The SRP Authentication and Key Exchange System. T. Wu. September 2000. (Specifies the Secure Remote Password Protocol.) http://www.ietf.org/rfc/rfc2945.txt

RFC 2946.Telnet Data Encryption Option. T. Ts'o. September 2000. (Describes how Telnet can be used to confidentially encrypt data.) http://www.ietf.org/rfc/rfc2946.txt

RFC 2947.Telnet Encryption: DES3 64-bit Cipher Feedback. J. Altman. September 2000. (Describes how Triple-DES can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2947.txt

RFC 2948.Telnet Encryption: DES3 64-bit Output Feedback. J. Altman. September 2000. (Describes how Triple-DES in output feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2948.txt

RFC 2949.Telnet Encryption: CAST-128 64-bit Output Feedback. J. Altman. September 2000. (Describes how the CAST-128 encryption algorithm in output feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2949.txt

RFC 2950.Telnet Encryption: CAST-128 64-bit Cipher Feedback. J. Altman. September 2000. (Describes how the CAST-128 encryption algorithm in cipher feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2950.txt

RFC 2951.TELNET Authentication Using KEA and SKIPJACK. R. Housley, T. Horting P. Yee. September 2000. (Describes how the Key Exchange Algorithm and SKIPJACK can be used to authenticate a Telnet session.) http://www.ietf.org/rfc/rfc2951.txt

RFC 2952.Telnet Encryption: DES 64-bit Cipher Feedback. T. Ts'o. September 2000. (Describes how DES in cipher feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2952.txt

RFC 2953.Telnet Encryption: DES 64-bit Output Feedback. T. Ts'o. September 2000. (Describes how DES in output feedback mode can be used to encrypt a Telnet session.) http://www.ietf.org/rfc/rfc2953.txt

RFC 2977.Mobile IP Authentication, Authorization, and Accounting Requirements. S. Glass, T. Hiller, S. Jacobs C. Perkins. October 2000. (Provides requirements that have to be supported in Authentication, authorization, and accounting to provide Mobile IP services.) http://www.ietf.org/rfc/rfc2977.txt

RFC 2984.Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. October 2000. (Describes how to use CAST-128 in the S/MIME Cryptographic Message Syntax.) http://www.ietf.org/rfc/rfc2984.txt

RFC 2985.PKCS #9: Selected Object Classes and Attribute Types Version 2.0. M. Nystrom B. Kaliski. November 2000. (Provides an object interface and attributes to public-key cryptography and LDAP directories.) http://www.ietf.org/rfc/rfc2985.txt

RFC 2986.PKCS #10: Certification Request Syntax Specification Version 1.7. M. Nystrom B. Kaliski. November 2000. (Describes the syntax for certification requests.) http://www.ietf.org/rfc/rfc2986.txt

RFC 3007.Secure Domain Name System (DNS) Dynamic Update. B. Wellington. November 2000. (Makes a proposal on how dynamic DNS updates can be made securely.) http://www.ietf.org/rfc/rfc3007.txt

RFC 3013.Recommended Internet Service Provider Security Services and Procedures. T. Killalea. November 2000. (Defines what the IETF thinks ISPs should be doing with respect to security.) http://www.ietf.org/rfc/rfc3013.txt