|
1.
|
Clear description of the referenced document:
|
|
|
|
|
2.
|
Status of approval:
|
|
|
The referred RFCs were approved by IESG (Internet Engineering Steering Group).
|
|
3.
|
Justification for the specific reference:
|
|
|
Draft Rec. X.websec-1 uses terms from Internet Security Glossary discussed.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
Information on IPR issues regarding RFCs is available at: https://datatracker.ietf.org/ipr/search/. Specifically: https://datatracker.ietf.org/ipr/search/?option=rfc_search&rfc_search=2828
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
Proposed Standard
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
Proposed Standard
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
References within the referenced RFCs are listed under item (8).
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
[A3092] American National Standards Institute, "American National/
Standard Data Encryption Algorithm", ANSI X3.92-1981, 30 Dec/
1980./
/
[A9009] ---, "Financial Institution Message Authentication/
(Wholesale)", ANSI X9.9-1986, 15 Aug 1986./
/
[A9017] ---, "Financial Institution Key Management (Wholesale)",/
X9.17, 4 Apr 1985. [Defines procedures for the manual and/
automated management of keying material and uses DES to/
provide key management for a variety of operational/
environments.]/
/
[A9042] ---, "Public key Cryptography for the Financial Service/
Industry: Agreement of Symmetric Keys Using Diffie-Hellman/
and MQV Algorithms", X9.42, 29 Jan 1999./
/
[A9052] ---, "Triple Data Encryption Algorithm Modes of Operation",/
X9.52-1998, ANSI approval 9 Nov 1998./
/
[A9062] ---, "Public Key Cryptography for the Financial Services/
Industry: The Elliptic Curve Digital Signature Algorithm/
(ECDSA)", X9.62-1998, ANSI approval 7 Jan 1999./
/
[ABA] American Bar Association, "Digital Signature Guidelines:/
Legal Infrastructure for Certification Authorities and/
Secure Electronic Commerce", Chicago, IL, 1 Aug 1996./
/
[ACM] Association for Computing Machinery, "Communications of the/
ACM", Jul 1998 issue with: Minerva M. Yeung, "Digital/
Watermarking"; Nasir Memom and Ping Wah Wong, "Protecting/
Digital Media Content"; and Scott Craver, Boon-Lock Yeo, and/
Minerva Yeung, "Technical Trials and Legal Tribulations"./
/
[Army] U.S. Army Corps of Engineers, "Electromagnetic Pulse (EMP)/
and Tempest Protection for Facilities", EP 1110-3-2, 31 Dec/
1990./
/
[B7799] British Standards Institution, "Information Security/
Management, Part 1: Code of Practice for Information/
Security Management", BS 7799-1:1999, effective 15 May 1999./
/
---, ---, "Part 2: Specification for Information Security/
Management Systems", BS 7799-2:1999, effective 15 May 1999./
/
[Bell] D. E. Bell and L. J. LaPadula, "Secure Computer Systems:/
Mathematical Foundations and Model", M74-244, The MITRE/
Corporation, Bedford, MA, May 1973. (Available as AD-771543,/
National Technical Information Service, Springfield, VA.)/
/
[CCIB] Common Criteria Implementation Board, "Common Criteria for/
Information Technology Security Evaluation, Part 1:/
Introduction and General Model", ver. 2.1, CCIB-99-01, Aug/
1999./
/
[CIPSO] Trusted Systems Interoperability Working Group, "Common IP/
Security Option", ver. 2.3, 9 Mar 1993. [A "work in/
progress" that is probably defunct.]/
/
[CSC1] U.S. Department of Defense Computer Security Center,/
"Department of Defense Trusted Computer System Evaluation/
Criteria", CSC-STD-001-83, 15 Aug 1983. (Superseded by/
[DOD1].)/
/
[CSC2] ---, "Department of Defense Password Management Guideline",/
CSC-STD-002-85, 12 Apr 1985./
/
[CSC3] ---, "Computer Security Requirements: Guidance for Applying/
the Department of Defense Trusted Computer System Evaluation/
Criteria in Specific Environments", CSC-STD-003-85, 25 Jun/
1985./
/
[CSOR] U.S. Department of Commerce, "General Procedures for/
Registering Computer Security Objects", National Institute/
of Standards Interagency Report 5308, Dec 1993./
/
[Denn] D. E. Denning, "A Lattice Model of Secure Information Flow",/
in "Communications of the ACM", vol. 19, no. 5, May 1976,/
pp. 236-243./
/
[DH76] W. Diffie and M. H. Hellman, "New Directions in/
Cryptography" in "IEEE Transactions on Information Theory",/
vol. IT-22, no. 6, Nov 1976, pp. 644-654./
/
[DOD1] U.S. Department of Defense, "Department of Defense Trusted/
Computer System Evaluation Criteria", DoD 5200.28-STD, 26/
Dec 1985. (Supersedes [CSC1].)/
/
[DOD2] ---, Directive 5200.28, "Security Requirements for Automated/
Information Systems (AISs)", 21 Mar 1988./
/
[DOD3] ---, "X.509 Certificate Policy", ver. 2, Mar 1999./
/
[DOD4] ---, "NSA Key Recovery Assessment Criteria", 8 Jun 1998./
/
[ElGa] T. El Gamal, "A Public-Key Cryptosystem and a Signature/
Scheme Based on Discrete Logarithms" in "IEEE Transactions/
on Information Theory", vol. IT-31, no. 4, 1985, pp. 469-/
472./
/
[EMV1] Europay International S.A., MasterCard International/
Incorporated, and Visa International Service Association,/
"EMV '96 Integrated Circuit Card Specification for Payment/
Systems", ver. 3.1.1, 31 May 1998./
/
[EMV2] ---, "EMV '96 Integrated Circuit Card Terminal Specification/
for Payment Systems", ver. 3.1.1, 31 May 1998./
/
[EMV3] ---, EMV '96 Integrated Circuit Card Application/
Specification for Payment Systems", ver. 3.1.1, 31 May 1998./
/
[For94] W. Ford, "Computer Communications Security: Principles,/
Standard Protocols and Techniques", ISBN 0-13-799453-2,/
1994./
/
[For97] W. Ford and M. Baum, "Secure Electronic Commerce: Building/
the Infrastructure for Digital Signatures and Encryption",/
ISBN 0-13-476342-4, 1994./
/
[FP031] U.S. Department of Commerce, "Guidelines for Automatic Data/
Processing Physical Security and Risk Management", Federal/
Information Processing Standards Publication (FIPS PUB) 31,/
Jun 1974./
/
[FP039] ---, "Glossary for Computer Systems Security", FIPS PUB 39,/
15 Feb 1976./
/
[FP046] ---, "Data Encryption Standard (DES)", FIPS PUB 46-2, 30 Dec/
1993./
/
[FP081] ---, "DES Modes of Operation", FIPS PUB 81, 2 Dec 1980./
/
[FP102] ---, "Guideline for Computer Security Certification and/
Accreditation", FIPS PUB 102, 27 Sep 1983./
/
[FP113] ---, "Computer Data Authentication", FIPS PUB 113, 30 May/
1985./
/
[FP140] ---, "Security Requirements for Cryptographic Modules", FIPS/
PUB 140-1, 11 Jan 1994./
/
[FP151] ---, "Portable Operating System Interface (POSIX)--System/
Application Program Interface [C Language]", FIPS PUB 151-2,/
12 May 1993/
/
[FP180] ---, "Secure Hash Standard", FIPS PUB 180-1, 17 Apr 1995./
/
[FP185] ---, "Escrowed Encryption Standard", FIPS PUB 185, 9 Feb/
1994./
/
[FP186] ---, "Digital Signature Standard (DSS)", FIPS PUB 186, 19/
May 1994./
/
[FP188] ---, "Standard Security Label for Information Transfer",/
FIPS PUB 188, 6 Sep 1994./
/
[FPDAM] Collaborative ITU and ISO/IEC meeting on the Directory,/
"Final Proposed Draft Amendment on Certificate Extensions",/
April 1999. (This draft proposes changes to [X.509].)/
/
[FPKI] U.S. Department of Commerce, "Public Key Infrastructure/
(PKI) Technical Specifications: Part A--Technical Concept of/
Operations", National Institute of Standards, 4 Sep 1998./
/
[I3166] International Standards Organization, "Codes for the/
Representation of Names of countries and Their Subdivisions/
--Part 1: Country Codes", ISO 3166-1:1997./
/
---, --- "Part 2: Country Subdivision Codes", ISO/DIS 3166-/
2./
/
---, --- "Part 3: Codes for Formerly Used Names of/
Countries", ISO/DIS 3166-3./
/
[I7498] ---, "Information Processing Systems--Open Systems/
Interconnection Reference Model--[Part 1:] Basic Reference/
Model", ISO/IEC 7498-1. (Equivalent to ITU-T Recommendation/
X.200.)/
/
---, --- "Part 2: Security Architecture", ISO/IEC 7499-2./
/
---, --- "Part 4: Management Framework", ISO/IEC 7498-4./
/
[I7812] ---, "Identification cards--Identification of Issuers--Part/
1: Numbering System", ISO/IEC 7812-1:1993/
/
---, --- "Part 2: Application and Registration Procedures",/
ISO/IEC 7812-2:1993./
/
[I9945] ---, "Portable Operating System Interface for Computer/
Environments", ISO/IEC 9945-1:1990./
/
[I15408] ---, "Information Technology--Security Techniques--/
Evaluation criteria for IT Security--Part 1: Introduction/
and General Model", ISO/IEC 15408-1:1999./
/
[ITSEC] "Information Technology Security Evaluation Criteria/
(ITSEC): Harmonised Criteria of France, Germany, the/
Netherlands, and the United Kingdom", ver. 1.2, U.K./
Department of Trade and Industry, Jun 1991./
/
[Kahn] David Kahn, "The Codebreakers: The Story of Secret Writing",/
The Macmillan Company, New York, 1967./
/
[Knuth] D. E. Knuth, Chapter 3 ("Random Numbers") in Volume 2/
("Seminumerical Algorithms") of "The Art of Computer/
Programming", Addison-Wesley, Reading, MA, 1969./
/
[Kuhn] Markus G. Kuhn and Ross J. Anderson, "Soft Tempest: Hidden/
Data Transmission Using Electromagnetic Emanations", in/
David Aucsmith, ed., "Information Hiding, Second/
International Workshop, IH'98", Portland, Oregon, USA, 15-17/
Apr 1998, LNCS 1525, Springer-Verlag, ISBN 3-540-65386-4,/
pp. 124-142./
/
[MISPC] U.S. Department of Commerce, "Minimum Interoperability/
Specification for PKI Components (MISPC), Version 1",/
National Institute of Standards Special Publication 800-15,/
Sep 1997./
/
[NCS01] National Computer Security Center, "A Guide to Understanding/
Audit in Trusted Systems", NCSC-TG-001, 1 Jun 1988. (Part of/
the Rainbow Series.)/
/
[NCS04] ---, "Glossary of Computer Security Terms", NCSC-TG-004,/
ver. 1, 21 Oct 1988. (Part of the Rainbow Series.)/
/
[NCS05] ---, "Trusted Network Interpretation of the Trusted Computer/
System Evaluation Criteria", NCSC-TG-005, ver. 1, 31 Jul/
1987. (Part of the Rainbow Series.)/
/
[NCS25] ---, "A Guide to Understanding Data Remanence in Automated/
Information Systems", NCSC-TG-025, ver. 2, Sep 1991. (Part/
of the Rainbow Series.)/
/
[NIST] National Institute of Standards and Technology, "SKIPJACK/
and KEA Algorithm Specifications", ver. 2, 29 May 1998./
(http://csrc.nist.gov/encryption/skipjack-kea.htm)/
/
[PGP] Simson Garfinkel, "PGP: Pretty Good Privacy", O'Reilly &/
Associates, Inc., Sebastopol, CA, 1995./
/
[PKCS] Burton S. Kaliski, Jr., "An Overview of the PKCS Standards",/
RSA Data Security, Inc., 3 Jun 1991./
/
[PKC07] RSA Laboratories, "PKCS #7: Cryptographic Message Syntax/
Standard", ver. 1.5, RSA Laboratories Technical Note, 1 Nov/
1993./
/
[PKC10] ---, "PKCS #10: Certification Request Syntax Standard", ver./
1.0, RSA Laboratories Technical Note, 1 Nov 1993./
/
[PKC11] ---, "PKCS #11: Cryptographic Token Interface Standard",/
ver. 1.0, 28 Apr 1995./
/
[R0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August/
1980./
/
[R0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September/
1981./
/
[R0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC/
792, September 1981. [See: RFC 1885.]/
/
[R0793] Postel, J., ed., "Transmission Control Protocol", STD 7, RFC/
793, September 1981./
/
[R0821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC/
821, August 1982./
/
[R0822] Crocker, D., "Standard for the Format of ARPA Internet Text/
Messages", STD 11, RFC 822, August 1982./
/
[R0854] Postel, J. and J. Reynolds, "TELNET Protocol Specification",/
STD 8, RFC 854, May 1983./
/
[R0959] Postel, J. and J. Reynolds, "File Transfer Protocol (FTP)",/
STD 9, RFC 959, October 1985./
/
[R1034] Mockapetris, P., "Domain Names--Concepts and Facilities",/
STD 13, RFC 1034, November 1987./
/
[R1157] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "A Simple/
Network Management Protocol (SNMP)" [version 1], STD 15, RFC/
1157, May 1990./
/
[R1208] Jacobsen O. and D. Lynch, "A Glossary of Networking Terms",/
RFC 1208, March 1991./
/
[R1319] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319,/
April 1992./
/
[R1320] Rivest, R., "The MD4 Message-Digest Algorithm", RFC 1320,/
April 1992./
/
[R1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,/
April 1992./
/
[R1334] Lloyd, B. and W. Simpson, "PPP Authentication Protocols",/
RFC 1334, October 1992./
/
[R1413] St. Johns, M., "Identification Protocol", RFC 1413, February/
1993./
/
[R1421] Linn, J., "Privacy Enhancement for Internet Electronic Mail,/
Part I: Message Encryption and Authentication Procedures",/
RFC 1421, February 1993./
/
[R1422] Kent, S., "Privacy Enhancement for Internet Electronic Mail,/
Part II: Certificate-Based Key Management", RFC 1422,/
February 1993./
/
[R1455] Eastlake, D., "Physical Link Security Type of Service", RFC/
1455, May 1993./
/
[R1457] Housley, R., "Security Label Framework for the Internet",/
RFC 1457, May 1993./
/
[R1492] Finseth, C., "An Access Control Protocol, Sometimes Called/
TACACS", RFC 1492, July 1993./
/
[R1507] Kaufman, C., "DASS: Distributed Authentication Security/
Service", RFC 1507, September 1993./
/
[R1510] Kohl, J. and C. Neuman, "The Kerberos Network Authentication/
Service (V5)", RFC 1510, September 1993./
/
[R1591] Kohl, J. and C. Neuman, "Domain Name System Structure and/
Delegation", March 1994./
/
[R1630] Berners-Lee, T., "Universal Resource Identifiers in WWW",/
RFC 1630, June 1994./
/
[R1661] Simpson, W., ed., " The Point-to-Point Protocol (PPP)", STD/
51, RFC 1661, July 1994./
/
[R1731] Myers, J., "IMAP4 Authentication Mechanisms", RFC 1731,/
December 1994./
/
[R1734] Myers, J., "POP3 AUTHentication Command", RFC 1734, December/
1994./
/
[R1738] Myers, J., Masinter, L. and M. McCahill, ed's., "Uniform/
Resource Locators (URL)", RFC 1738, December 1994./
/
[R1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness/
Recommendations for Security", RFC 1750, December 1994./
/
[R1777] Yeong, W., Howes, T. and S. Kille, "Lightweight Directory/
Access Protocol", RFC 1777, March 1995./
/
[R1808] Fielding, R., "Relative Uniform Resource Locators", RFC/
1808, June 1995./
/
[R1824] Danisch, H., "The Exponential Security System TESS: An/
Identity-Based Cryptographic Protocol for Authenticated Key-/
Exchange (E.I.S.S.-Report 1995/4)", RFC 1824, August 1995./
/
[R1828] Metzger, P. and W. Simpson, "IP Authentication using Keyed/
MD5", RFC 1828, August 1995./
/
[R1829] Karn, P., Metzger, P. and W. Simpson, "The ESP DES-CBC/
Transform", RFC 1829, August 1995./
/
[R1848] Crocker, S., Freed, N., Galvin, J. and S. Murphy, "MIME/
Object Security Services", RFC 1848, October 1995./
/
[R1851] Karn, P., Metzger, P. and W. Simpson, "The ESP Triple DES/
Transform", RFC 1851, September 1995./
/
[R1866] Berners-Lee, T., "Hypertext Markup Language--2.0", RFC 1866,/
November 1995./
/
[R1885] Conta, A. and S. Deering, "Internet Control Message Protocol/
(ICMPv6) for the Internet Protocol Version 6 (IPv6)/
Specification", RFC 1885, December 1995./
/
[R1928] Leech, M., Ganis, M., Lee, Y., Kuris, R., Koblas, D. and L./
Jones, "SOCKS Protocol Version 5", RFC 1928, March 1996./
/
[R1938] Haller, N. and C. Metzion, "A One-Time Password System", RFC/
1938, May 1996./
/
[R1939] Myers, J. and M. Rose, "Post Office Protocol - Version 3",/
STD 53, RFC 1939, May 1996./
/
[R1958] Carpenter, B., ed., "Architectural Principles of the/
Internet", RFC 1958, June 1996./
/
[R1983] Malkin, G., ed., "Internet Users' Glossary", FYI 18, RFC/
1983, August 1996./
/
[R1994] Simpson, W. "PPP Challenge Handshake Authentication Protocol/
(CHAP)", RFC 1994, August 1996./
/
[R2023] Postel, J. and J. Reynolds, "Instructions to RFC Authors",/
RFC 2023, October 1997./
/
[R2026] Bradner, S., "The Internet Standards Process--Revision 3",/
BCP 9, RFC 2026, March 1994./
/
[R2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail/
Extensions (MIME) Part One: Format of Internet Message/
Bodies", RFC 2045, November 1996./
/
[R2060] Crispin, M., "Internet Message Access Protocol--Version 4/
Revision 1", RFC 2060, December 1996./
/
[R2065] Eastlake, D., 3rd, "Domain Name System Security Extensions",/
RFC 2065, January 1997./
/
[R2078] Linn, J., "Generic Security Service Application Program/
Interface, Version 2", RFC 2078, January 1997./
/
[R2084] Bossert, G., Cooper, S. and W. Drummond, "Considerations for/
Web Transaction Security", RFC 2084, January 1997./
/
[R2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-/
Hashing for Message Authentication", RFC 2104, February/
1997./
/
[R2119] Bradner, S., "Key Words for Use in RFCs To Indicate/
Requirement Levels", BCP 14, RFC 2119, March 1997./
/
[R2138] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote/
Authentication Dial In User Service (RADIUS)", RFC 2138,/
April 1997./
/
[R2137] Eastlake, D., "Secure Domain Name System Dynamic Update",/
RFC 2137, April 1997./
/
[R2179] Gwinn, A., "Network Security For Trade Shows", RFC 2179,/
July 1997./
/
[R2195] Klensin, J., Catoe, R. and P. Krumviede, "IMAP/POP AUTHorize/
Extension for Simple Challenge/Response", RFC 2195, Sepember/
1997./
/
[R2196] Fraser, B., "Site Security Handbook", FYI 8, RFC 2196,/
Sepember 1997./
/
[R2202] Cheng, P. and R. Glenn, "Test Cases for HMAC-MD5 and HMAC-/
SHA-1", RFC 2202, Sepember 1997./
/
[R2222] Myers, J., "Simple Authentication and Security Layer/
(SASL)", RFC 2222, October 1997./
/
[R2223] Postel, J., "Instructions to RFC Authors", RFC 2223, October/
1997./
/
[R2246] Dierks, T. and C. Allen, "The TLS Protocol, Version 1.0",/
RFC 2246, January 1999./
/
[R2284] Blunk, L. and J. Vollbrecht, "PPP Extensible Authentication/
Protocol (EAP)", RFC 2284, March 1998./
/
[R2315] Kaliski, B., "PKCS #7: Cryptographic Message Syntax, Version/
1.5", RFC 2315, March 1998./
/
[R2323] Ramos, A., "IETF Identification and Security Guidelines",/
RFC 2323, 1 April 1998. [Intended for humorous entertainment/
("please laugh loud and hard"); does not contain serious/
security information.]/
/
[R2350] Brownlee, N. and E. Guttman, "Expectations for Computer/
Security Incident Response", RFC 2350, June 1998./
/
[R2356] Montenegro, C. and V. Gupta, "Sun's SKIP Firewall Traversal/
for Mobile IP", RFC 2356, June 1998./
/
[R2373] Hinden, R. and S. Deering, "IP Version 6 Addressing/
Architecture", RFC 2373, July 2998./
/
[R2401] Kent, S. and R. Atkinson, "Security Architecture for the/
Internet Protocol", RFC 2401, November 1998./
/
[R2402] Kent, S. and R. Atkinson, "IP Authentication Header", RFC/
2402, November 1998./
/
[R2403] Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 within ESP/
and AH", RFC 2403, November 1998./
/
[R2404] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within/
ESP and AH", RFC 2404, November 1998./
/
[R2405] Madson, C. and N. Doraswamy, "The ESP DES-CBC Cipher/
Algorithm With Explicit IV", RFC 2405, November 1998./
/
[R2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload/
(ESP)", RFC 2406, November 1998./
/
[R2407] Piper, D., "The Internet IP Security Domain of/
Interpretation for ISAKMP", RFC 2407, November 1998./
/
[R2408] Maughan, D., Schertler, M., Schneider, M. and J. Turner,/
"Internet Security Association and Key Management Protocol/
(ISAKMP)", RFC 2408, November 1998./
/
[R2409] Harkins, D. and D. Carrel, "The Internet Key Exchange/
(IKE)", RFC 2409, November 1998./
/
[R2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm and/
Its Use With IPsec", RFC 2410, November 1998./
/
[R2412] Orman, H., "The OAKLEY Key Determination Protocol", RFC/
2412, November 1998./
/
[R2451] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher/
Algorithms", RFC 2451, November 1998./
/
[R2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6/
(IPv6) Specification", RFC 2460, December 1998./
/
[R2504] Guttman, E., Leong, L. and G. Malkin, "Users' Security/
Handbook", RFC 2504, February 1999./
/
[R2510] Adams, C. and S. Farrell, "Internet X.509 Public Key/
Infrastructure Certificate Management Protocols", RFC 2510,/
March 1999./
/
[R2527] Chokhani, S. and W. Ford, "Internet X.509 Public Key/
Infrastructure, Certificate Policy and Certification/
Practices Framework", RFC 2527, March 1999./
/
[R2536] EastLake, D., "DSA KEYs and SIGs in the Domain Name System/
(DNS)", RFC 2536, March 1999./
/
[R2570] Case, J., Mundy, R., Partain, D. and B. Stewart,/
"Introduction to Version 3 of the Internet-Standard Network/
Management Framework", RFC 2570, April 1999./
/
[R2574] Blumenthal, U. and B. Wijnen, "User-based Security Model/
(USM) for Version 3 of the Simple Network Management/
Protocol (SNMPv3)", RFC 2574, April 1999./
/
[R2612] Adams, C. and J. Gilchrist, "The CAST-256 Encryption/
Algorithm", RFC 2612, June 1999./
/
[R2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter,/
L., Leach, P. and T. Berners-Lee, "Hypertext Transfer/
Protocol-- HTTP/1.1", RFC 2616, June 1999./
/
[R2628] Smyslov, V., "Simple Cryptographic Program Interface", RFC/
2628, June 1999./
/
[R2630] Housley, R., "Cryptographic Message Syntax", RFC 2630, June/
1999./
/
[R2631] Rescorla, E., "Diffie-Hellman Key Agreement Method", RFC/
2631, June 1999./
/
[R2633] Ramsdell, B., ed., "S/MIME Version 3 Message Specification",/
RFC 2633, June 1999./
/
[R2634] Hoffman, P., ed., "Enhanced Security Services for S/MIME",/
RFC 2634, June 1999./
/
[R2635] Hambridge, S. and A. Lunde, "Don't Spew: A Set of Guidelines/
for Mass Unsolicited Mailings and Postings", RFC 2635, June/
1999./
/
[Raym] E. S. Raymond, ed., "The On-Line Hacker Jargon File", ver./
4.0.0, 24 Jul 1996. (Also available as "The New Hacker's/
Dictionary", 2nd edition, MIT Press, Sep 1993, ISBN 0-262-/
18154-1. See: http://www.tuxedo.org/jargon/ for the latest/
version.)/
/
[Russ] D. Russell and G. T. Gangemi Sr., Chapter 10 ("TEMPEST") in/
"Computer Security Basics", ISBN 0-937175-71-4, 1991./
/
[Schn] B. Schneier, "Applied Cryptography", John Wiley & Sons,/
Inc., New York, 1994./
/
[SDNS3] U.S. Department of Defense, National Security Agency,/
"Secure Data Network Systems, Security Protocol 3 (SP3)",/
document SDN.301, Revision 1.5, 15 May 1989./
/
[SDNS4] ---, ---, "Security Protocol 4 (SP4)", document SDN.401,/
Revision 1.2, 12 Jul 1988./
/
[SDNS7] ---, ---, "Secure data Network System, Message Security/
Protocol (MSP)", document SDN.701, Revision 4.0, 7 Jun 1996,/
with Corrections to Message Security Protocol, SDN.701, Rev/
4.0", 96-06-07, 30 Aug, 1996./
/
[SET1] MasterCard and Visa, "SET Secure Electronic Transaction/
Specification, Book 1: Business Description", ver. 1.0, 31/
May 1997./
/
[SET2] ---, "SET Secure Electronic Transaction Specification, Book/
2: Programmer's Guide", ver. 1.0, 31 May 1997./
/
[Stei] J. Steiner, C. Neuman, and J. Schiller, "Kerberos: An/
Authentication Service for Open Network Systems" in "Usenix/
Conference Proceedings", Feb 1988./
/
[X400] International Telecommunications Union--Telecommunication/
Standardization Sector (formerly "CCITT"), Recommendation/
X.400, "Message Handling Services: Message Handling System/
and Service Overview"./
/
[X500] ---, Recommendation X.500, "Information Technology--Open/
Systems Interconnection--The Directory: Overview of/
Concepts, Models, and Services". (Equivalent to ISO 9594-1.)/
/
[X501] ---, Recommendation X.501, "Information Technology--Open/
Systems Interconnection--The Directory: Models"./
/
[X509] ---, Recommendation X.509, "Information Technology--Open/
Systems Interconnection--The Directory: Authentication/
Framework". (Equivalent to ISO 9594-8.)/
/
[X519] ---, Recommendation X.519, "Information Technology--Open/
Systems Interconnection--The Directory: Protocol/
Specifications"./
/
[X520] ---, Recommendation X.520, "Information Technology--Open/
Systems Interconnection--The Directory: Selected Attribute/
Types"./
/
[X680] ---, Recommendation X.680, "Information Technology--Abstract/
Syntax Notation One (ASN.1)--Specification of Basic/
Notation", 15 Nov 1994. (Equivalent to ISO/IEC 8824-1.)/
/
[X690] ---, Recommendation X.690, "Information Technology--ASN.1/
Encoding Rules--Specification of Basic Encoding Rules (BER),/
Canonical Encoding Rules (CER) and Distinguished Encoding/
Rules (DER)", 15 Nov 1994. (Equivalent to ISO/IEC 8825-1.)/
/
|
|
9.
|
Qualification of
ISOC/IETF:
|
|
|
9.1-9.6 Decisions of ITU Council to admit ISOC to participate in the work of the Sector (June 1995 and June 1996).
9.7 The Internet Engineering Steering Group (IESG) is responsible for ongoing maintenance of the RFCs when the need arises. Comments on RFCs and corresponding changes are accommodated through the existing standardization process.
9.8 Each revision of a given RFC has a different RFC number, so no confusion is possible. All RFCs always remain available on-line. An index of RFCs and their status may be found in the IETF archives at http://www.rfc-editor.org/rfc.html.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
|
