Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!tut.cis.ohio-state.edu!ucbvax!FTP.COM!jbvb
From: jbvb@FTP.COM (James B. Van Bokkelen)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: RFC 1108 and IP Security options?
Message-ID: <9102081410.AA05381@ftp.com>
Date: 8 Feb 91 14:10:16 GMT
Sender: usenet@ucbvax.BERKELEY.EDU
Reply-To: jbvb@ftp.com
Organization: The Internet
Lines: 34

Since nobody's answered this, I'll try.  Note that my information may be
out of date...

    RFC 1122 section 3.2.1.8(a) refers to an RFC 1108, "Internet Protocol
    Security Options," by one B. Schofield, dated October 1989.  RFC 1122
    also specifically warns that RFCs 1038 and 791 are obsolete, though it
    cites 791 as the source of its MUSTs and MAYs.

What this means is that nobody in the DoD wants the IP Security Option as
defined in either RFC 791 (the same as in Mil Std 1777) or RFC 1038
(major changes from the original RFC 791).  However, RFC 1038 is a *lot*
closer to the mark.  RFC 1108 was intended to replace 1038, with a bunch
of constants changed for the Blacker people, and the 'right' exception
handling procedure for both single-level hosts, multi-level hosts and
routers.  However, it seems to have fallen into some interdepartmental
black hole since 1989 (I believe the person doing it got moved, and I
don't think anyone inherited both the responsibility and the authority.

    What is the current authoritative reference in this area?

I don't know of one.  What we implement in our current production version
of PC/TCP is a mid-89 draft of what was intended to become RFC 1108.
Nobody in the DoD has complained about this, but that could simply
indicate that noone is using our IPSO - I know they have PC/TCP...

At the time I was in touch with people at Cray, but I don't know exactly
what they implemented, and the only other mention of IPSO that I've seen
recently was Wollongong (VMS and SysV).  Their glossy only mentions RFC
1038 and I don't have a copy to play with.  The matter has come up at at
least one IETF I attended, but no answer was at hand.  If you somehow
become enlightened, let us know...

James B. VanBokkelen		26 Princess St., Wakefield, MA  01880
FTP Software Inc.		voice: (617) 246-0900  fax: (617) 246-0901