RFC 2316 (rfc2316) - Page 1 of 9

Report of the IAB Security Architecture Workshop

Network Working Group                                        S. Bellovin
Request for Comments: 2316                            AT&T Labs Research
Category: Informational                                       April 1998


            Report of the IAB Security Architecture Workshop


1. Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.


2. Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.


3. Abstract

   On 3-5 March 1997, the IAB held a security architecture workshop at
   Bell Labs in Murray Hill, NJ.  We identified the core security
   components of the architecture, and specified several documents that
   need to be written.  Most importantly, we agreed that security was
   not optional, and that it needed to be designed in from the
   beginning.


3.1. Specification Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.


4. Motivations

   On 3-5 March 1997, the IAB held a security architecture workshop at
   Bell Labs in Murray Hill, NJ.  The ultimate goal was to design a
   security architecture for the Internet.  More concretely, we wished
   to understand what security tools and protocols exist or are being
   developed, where each is useful, and where we are missing adequate
   security tools.  Furthermore, we wanted to provide useful guidance to
   protocol designers.  That is, if we wish to eliminate the phrase
   "security issues are not discussed in this memo" from future RFCs, we
   must provide guidance on acceptable analyses.



Bellovin                     Informational