Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 7126

Recommendations on Filtering of IPv4 Packets Containing IPv4 Options

Pages: 36
Best Current Practice: 186
Errata
Part 2 of 2 – Pages 20 to 36
First   Prev   None

Top   ToC   RFC7126 - Page 20   prevText

4.13. DoD Extended Security Option (Type = 133)

4.13.1. Uses

This option permits additional security labeling information, beyond that present in the Basic Security Option (Section 4.12), to be supplied in an IP datagram to meet the needs of registered authorities.

4.13.2. Option Specification

The DoD Extended Security Option (ESO) is specified by RFC 1108 [RFC1108]. Some private IP networks consider IP router-based per-interface selective filtering of packets based on (a) the presence of an IPSO option (including BSO and ESO) and (b) based on the contents of that IPSO option to be important for operational security reasons. The recent IPv6 CALIPSO option specification discusses this in additional detail, albeit in an IPv6 context [RFC5570]. Such private IP networks commonly are built using both commercial and open-source products -- for hosts, guards, firewalls, switches, routers, etc. Some commercial IP routers support this option, as do some IP routers that are built on top of MLS operating systems (e.g., on top of Trusted Solaris [Solaris2008] or Security-Enhanced Linux [SELinux2008]). For example, many Cisco routers that run Cisco IOS include support for selectively filtering packets that contain the IP Security Options (IPSO) with per-interface granularity. This capability
Top   ToC   RFC7126 - Page 21
      has been present in many Cisco routers since the early 1990s
      [Cisco-IPSO-Cmds].  Some government sector products reportedly
      also support the IP Security Options (IPSO), for example, CANEWARE
      [RFC4949].

      Support for the IPSO Extended Security Option also is included in
      the "IPsec Configuration Policy Information Model" [RFC3585] and
      in the "IPsec Security Policy Database Configuration MIB"
      [RFC4807].  Section 4.6.1 of the IP Security Domain of
      Interpretation [RFC2407] includes support for labeled IPsec
      security associations compatible with the IP Security Options.

4.13.3. Threats

Presence of this option in a packet does not by itself create any specific new threat. Packets with this option ought not normally be seen on the global public Internet.

4.13.4. Operational and Interoperability Impact if Blocked

If packets with this option are blocked or if the option is stripped from the packet during transmission from source to destination, then the packet itself is likely to be dropped by the receiver because it is not properly labeled. In some cases, the receiver might receive the packet but associate an incorrect sensitivity label with the received data from the packet whose ESO was stripped by an intermediate router or firewall. Associating an incorrect sensitivity label can cause the received information either to be handled as more sensitive than it really is ("upgrading") or as less sensitive than it really is ("downgrading"), either of which is problematic.

4.13.5. Advice

A given IP router, security gateway, or firewall has no way to know a priori what environment it has been deployed into. Even closed IP deployments generally use exactly the same commercial routers, security gateways, and firewalls that are used in the public Internet. Since operational problems result in environments where this option is needed if either the option is dropped or IP packets containing this option are dropped, but no harm results if the option is carried in environments where it is not needed, the default configuration SHOULD NOT (a) modify or remove this IP option or (b) drop an IP packet because the IP packet contains this option.
Top   ToC   RFC7126 - Page 22
   A given IP router, security gateway, or firewall MAY be configured to
   drop this option or to drop IP packets containing this option in an
   environment known to not use this option.

   For auditing reasons, routers, security gateways, and firewalls
   SHOULD be capable of logging the numbers of packets containing the
   ESO on a per-interface basis.  Also, routers, security gateways, and
   firewalls SHOULD be capable of dropping packets based on the ESO
   presence as well as the ESO values.

4.14. Commercial IP Security Option (CIPSO) (Type = 134)

4.14.1. Uses

This option was proposed by the Trusted Systems Interoperability Group (TSIG), with the intent of meeting trusted networking requirements for the commercial trusted systems marketplace. It was implemented in IRIX [IRIX2008] and is currently implemented in a number of operating systems (e.g., Security-Enhanced Linux [SELinux2008] and Solaris [Solaris2008]). It is also currently deployed in a number of high-security networks.

4.14.2. Option Specification

This option is specified in [CIPSO] and [FIPS1994]. There are zero known IP router implementations of CIPSO. Several MLS operating systems support CIPSO, generally the same MLS operating systems that support IPSO. The TSIG proposal was taken to the Commercial Internet Security Option (CIPSO) Working Group of the IETF [CIPSOWG1994], and an Internet-Draft was produced [CIPSO]. The Internet-Draft was never published as an RFC, but the proposal was later standardized by the U.S. National Institute of Standards and Technology (NIST) as "Federal Information Processing Standard Publication 188" [FIPS1994].

4.14.3. Threats

Presence of this option in a packet does not by itself create any specific new threat. Packets with this option ought not normally be seen on the global public Internet.
Top   ToC   RFC7126 - Page 23

4.14.4. Operational and Interoperability Impact if Blocked

If packets with this option are blocked or if the option is stripped from the packet during transmission from source to destination, then the packet itself is likely to be dropped by the receiver because it is not properly labeled. In some cases, the receiver might receive the packet but associate an incorrect sensitivity label with the received data from the packet whose CIPSO was stripped by an intermediate router or firewall. Associating an incorrect sensitivity label can cause the received information either to be handled as more sensitive than it really is ("upgrading") or as less sensitive than it really is ("downgrading"), either of which is problematic.

4.14.5. Advice

Because of the design of this option, with variable syntax and variable length, it is not practical to support specialized filtering using the CIPSO information. No routers or firewalls are known to support this option. However, routers, security gateways, and firewalls SHOULD NOT by default modify or remove this option from IP packets and SHOULD NOT by default drop packets because they contain this option. For auditing reasons, routers, security gateways, and firewalls SHOULD be capable of logging the numbers of packets containing the CIPSO on a per-interface basis. Also, routers, security gateways, and firewalls SHOULD be capable of dropping packets based on the CIPSO presence.

4.15. VISA (Type = 142)

4.15.1. Uses

This options was part of an experiment at the University of Southern California (USC) and was never widely deployed.

4.15.2. Option Specification

The original option specification is not publicly available. This option has been formally obsoleted by [RFC6814].

4.15.3. Threats

Not possible to determine (other than the general security implications of IP options discussed in Section 3), since the corresponding specification is not publicly available.
Top   ToC   RFC7126 - Page 24

4.15.4. Operational and Interoperability Impact if Blocked

None.

4.15.5. Advice

Routers, security gateways, and firewalls SHOULD drop IP packets that contain this option.

4.16. Extended Internet Protocol (Type = 145)

4.16.1. Uses

The EIP option was introduced by one of the proposals submitted during the IP Next Generation (IPng) efforts to address the problem of IPv4 address exhaustion.

4.16.2. Option Specification

Specified in [RFC1385]. This option has been formally obsoleted by [RFC6814].

4.16.3. Threats

This option is obsolete. This option was used (or was intended to be used) to signal that a packet superficially similar to an IPv4 packet actually contained a different protocol, opening up the possibility that an IPv4 node that simply ignored this option would process a received packet in a manner inconsistent with the intent of the sender. There are no known threats arising from this option, other than the general security implications of IP options discussed in Section 3.

4.16.4. Operational and Interoperability Impact if Blocked

None.

4.16.5. Advice

Routers, security gateways, and firewalls SHOULD drop packets that contain this option.
Top   ToC   RFC7126 - Page 25

4.17. Address Extension (Type = 147)

4.17.1. Uses

The Address Extension option was introduced by one of the proposals submitted during the IPng efforts to address the problem of IPv4 address exhaustion.

4.17.2. Option Specification

Specified in [RFC1475]. This option has been formally obsoleted by [RFC6814].

4.17.3. Threats

There are no known threats arising from this option, other than the general security implications of IP options discussed in Section 3.

4.17.4. Operational and Interoperability Impact if Blocked

None.

4.17.5. Advice

Routers, security gateways, and firewalls SHOULD drop packets that contain this option.

4.18. Sender Directed Multi-Destination Delivery (Type = 149)

4.18.1. Uses

This option originally provided unreliable UDP delivery to a set of addresses included in the option.

4.18.2. Option Specification

This option is specified in RFC 1770 [RFC1770]. It has been formally obsoleted by [RFC6814].

4.18.3. Threats

This option could have been exploited for bandwidth-amplification in DoS attacks.

4.18.4. Operational and Interoperability Impact if Blocked

None.
Top   ToC   RFC7126 - Page 26

4.18.5. Advice

Routers, security gateways, and firewalls SHOULD drop IP packets that contain a Sender Directed Multi-Destination Delivery option.

4.19. Dynamic Packet State (Type = 151)

4.19.1. Uses

The Dynamic Packet State option was used to specify the Dynamic Packet State (DPS) in the context of the differentiated services architecture.

4.19.2. Option Specification

The Dynamic Packet State option was specified in [DIFFSERV-DPS]. The aforementioned document was meant to be published as "Experimental", but never made it into an RFC. This option has been formally obsoleted by [RFC6814].

4.19.3. Threats

Possible threats include theft of service and denial of service. However, we note that this option has never been widely implemented or deployed.

4.19.4. Operational and Interoperability Impact if Blocked

None.

4.19.5. Advice

Routers, security gateways, and firewalls SHOULD drop packets that contain this option.

4.20. Upstream Multicast Pkt. (Type = 152)

4.20.1. Uses

This option was meant to solve the problem of doing upstream forwarding of multicast packets on a multi-access LAN.

4.20.2. Option Specification

This option was originally specified in [BIDIR-TREES]. It was never formally standardized in the RFC series and was never widely implemented and deployed. Its use was obsoleted by [RFC5015], which
Top   ToC   RFC7126 - Page 27
   employs a control-plane mechanism to solve the problem of doing
   upstream forwarding of multicast packets on a multi-access LAN.  This
   option has been formally obsoleted by [RFC6814].

4.20.3. Threats

This option is obsolete. A router that ignored this option instead of processing it as specified in [BIDIR-TREES] could have forwarded multicast packets to an unintended destination.

4.20.4. Operational and Interoperability Impact if Blocked

None.

4.20.5. Advice

Routers, security gateways, and firewalls SHOULD drop packets that contain this option.

4.21. Quick-Start (Type = 25)

4.21.1. Uses

This IP Option is used in the specification of Quick-Start for TCP and IP, which is an experimental mechanism that allows transport protocols, in cooperation with routers, to determine an allowed sending rate at the start and, at times, in the middle of a data transfer (e.g., after an idle period) [RFC4782].

4.21.2. Option Specification

Specified in RFC 4782 [RFC4782], on the "Experimental" track.

4.21.3. Threats

Section 9.6 of [RFC4782] notes that Quick-Start is vulnerable to two kinds of attacks: o attacks to increase the routers' processing and state load, and, o attacks with bogus Quick-Start Requests to temporarily tie up available Quick-Start bandwidth, preventing routers from approving Quick-Start Requests from other connections.
Top   ToC   RFC7126 - Page 28

4.21.4. Operational and Interoperability Impact if Blocked

The Quick-Start functionality would be disabled, and additional delays in TCP's connection establishment (for example) could be introduced. (Please see Section 4.7.2 of [RFC4782].) We note, however, that Quick-Start has been proposed as a mechanism that could be of use in controlled environments, and not as a mechanism that would be intended or appropriate for ubiquitous deployment in the global Internet [RFC4782].

4.21.5. Advice

A given router, security gateway, or firewall system has no way of knowing a priori whether this option is valid in its operational environment. Therefore, routers, security gateways, and firewalls SHOULD, by default, ignore the Quick-Start option. Additionally, routers, security gateways, and firewalls SHOULD have a configuration setting that governs their reaction in the presence of packets containing the Quick-Start option. This configuration setting SHOULD allow to honor and process the option, ignore the option, or drop packets containing this option. The default configuration is to ignore the Quick-Start option. We note that if routers in a given environment do not implement and enable the Quick-Start mechanism, only the general security implications of IP options (discussed in Section 3) would apply.

4.22. RFC3692-Style Experiment (Types = 30, 94, 158, and 222)

Section 2.5 of RFC 4727 [RFC4727] allocates an option number with all defined values of the "copy" and "class" fields for RFC3692-style experiments. This results in four distinct option type codes: 30, 94, 158, and 222.

4.22.1. Uses

It is only appropriate to use these values in explicitly configured experiments; they MUST NOT be shipped as defaults in implementations.

4.22.2. Option Specification

Specified in RFC 4727 [RFC4727] in the context of RFC3692-style experiments.

4.22.3. Threats

No specific security issues are known for this IPv4 option.
Top   ToC   RFC7126 - Page 29

4.22.4. Operational and Interoperability Impact if Blocked

None.

4.22.5. Advice

Routers, security gateways, and firewalls SHOULD have configuration knobs for IP packets that contain RFC3692-style Experiment options to select between "ignore & forward" and "drop & log". Otherwise, no legitimate experiment using these options will be able to traverse any IP router. Special care needs to be taken in the case of "drop & log". Devices SHOULD count the number of packets dropped, but the logging of drop events SHOULD be limited so as to not overburden device resources. The aforementioned configuration knob SHOULD default to "drop & log".

4.23. Other IP Options

4.23.1. Specification

Unrecognized IP options are to be ignored. Section 3.2.1.8 of RFC 1122 [RFC1122] specifies this behavior as follows: The IP and transport layer MUST each interpret those IP options that they understand and silently ignore the others. Additionally, Section 4.2.2.6 of RFC 1812 [RFC1812] specifies it as follows: A router MUST ignore IP options which it does not recognize. This document adds that unrecognized IP options MAY also be logged. Further, routers, security gateways, and firewalls MUST provide the ability to log drop events of IP packets containing unrecognized or obsolete options.
Top   ToC   RFC7126 - Page 30
   A number of additional options are listed in the "IP OPTION NUMBERS"
   IANA registry [IANA-IP] as of the time this document was last edited.
   Specifically:

   Copy Class Number Value Name
   ---- ----- ------ ----- -------------------------------------------
      0     0     10    10 ZSU    - Experimental Measurement
      1     2     13   205 FINN   - Experimental Flow Control
      0     0     15    15 ENCODE - ???
      1     0     16   144 IMITD  - IMI Traffic Descriptor
      1     0     22   150        - Unassigned (Released 18 Oct. 2005)

   The ENCODE option (type 15) has been formally obsoleted by [RFC6814].

4.23.2. Threats

The lack of open specifications for these options makes it impossible to evaluate their security implications.

4.23.3. Operational and Interoperability Impact if Blocked

The lack of open specifications for these options makes it impossible to evaluate the operational and interoperability impact if packets containing these options are blocked.

4.23.4. Advice

Routers, security gateways, and firewalls SHOULD have configuration knobs for IP packets containing these options (or other options not recognized) to select between "ignore & forward" and "drop & log". Section 4.23.1 points out that [RFC1122] and [RFC1812] specify that unrecognized IP options MUST be ignored. However, the previous paragraph states that routers, security gateways, and firewalls SHOULD have a configuration option for dropping and logging IP packets containing unrecognized options. While it is acknowledged that this advice contradicts the previous RFCs' requirements, the advice in this document reflects current operational reality. Special care needs to be taken in the case of "drop & log". Devices SHOULD count the number of packets dropped, but the logging of drop events SHOULD be limited so as to not overburden device resources.
Top   ToC   RFC7126 - Page 31

5. Security Considerations

This document provides advice on the filtering of IP packets that contain IP options. Dropping such packets can help to mitigate the security issues that arise from use of different IP options. Many of the IPv4 options listed in this document are deprecated and cause no operational impact if dropped. However, dropping packets containing IPv4 options that are in use can cause real operational problems in deployed networks. Therefore, the practice of dropping all IPv4 packets containing one or more IPv4 options without careful consideration is not recommended.

6. Acknowledgements

The authors would like to thank (in alphabetical order) Ron Bonica, C. M. Heard, Merike Kaeo, Panos Kampanakis, Suresh Krishnan, Arturo Servin, SM, and Donald Smith for providing thorough reviews and valuable comments. Merike Kaeo also contributed text used in this document. The authors also wish to thank various network operations folks who supplied feedback on earlier versions of this document but did not wish to be named explicitly in this document. Part of this document is initially based on the document "Security Assessment of the Internet Protocol" [CPNI2008] that is the result of a project carried out by Fernando Gont on behalf of UK CPNI (formerly NISCC). Fernando Gont would like to thank UK CPNI (formerly NISCC) for their continued support.

7. References

7.1. Normative References

[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981. [RFC1122] Braden, R., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, October 1989. [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, November 1990. [RFC1812] Baker, F., "Requirements for IP Version 4 Routers", RFC 1812, June 1995. [RFC2113] Katz, D., "IP Router Alert Option", RFC 2113, February 1997.
Top   ToC   RFC7126 - Page 32
   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4727]  Fenner, B., "Experimental Values In IPv4, IPv6, ICMPv4,
              ICMPv6, UDP, and TCP Headers", RFC 4727, November 2006.

   [RFC4821]  Mathis, M. and J. Heffner, "Packetization Layer Path MTU
              Discovery", RFC 4821, March 2007.

   [RFC5015]  Handley, M., Kouvelas, I., Speakman, T., and L. Vicisano,
              "Bidirectional Protocol Independent Multicast (BIDIR-
              PIM)", RFC 5015, October 2007.

   [RFC6398]  Le Faucheur, F., "IP Router Alert Considerations and
              Usage", BCP 168, RFC 6398, October 2011.

   [RFC6814]  Pignataro, C. and F. Gont, "Formally Deprecating Some IPv4
              Options", RFC 6814, November 2012.

7.2. Informative References

[BIDIR-TREES] Estrin, D. and D. Farinacci, "Bi-Directional Shared Trees in PIM-SM", Work in Progress, May 1999. [BREMIER-BARR] Bremier-Barr, A. and H. Levy, "Spoofing prevention method", Proceedings of IEEE InfoCom 2005, Volume 1, pp. 536-547, March 2005. [Biondi2007] Biondi, P. and A. Ebalard, "IPv6 Routing Header Security", CanSecWest 2007 Security Conference, 2007, <http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf>. [CIPSOWG1994] IETF CIPSO Working Group, "Commercial Internet Protocol Security Option (CIPSO) Charter", 1994, <http://www.ietf.org/proceedings/94jul/charters/ cipso-charter.html>. [CIPSO] IETF CIPSO Working Group, "COMMERCIAL IP SECURITY OPTION (CIPSO 2.2)", Work in Progress, 1992. [CPNI2008] Gont, F., "Security Assessment of the Internet Protocol", 2008, <http://www.gont.com.ar/papers/InternetProtocol.pdf>.
Top   ToC   RFC7126 - Page 33
   [Cisco-IPSO-Cmds]
              Cisco Systems, Inc., "IP Security Options Commands", Cisco
              IOS Security Command Reference, Release 12.2,
              <http://www.cisco.com/en/US/docs/ios/12_2/security/
              command/reference/srfipso.html>.

   [Cisco-IPSO]
              Cisco Systems, Inc., "Configuring IP Security Options",
              Cisco IOS Security Configuration Guide, Release 12.2,
              2006, <http://www.cisco.com/en/US/docs/ios/12_2/security/
              configuration/guide/scfipso.html>.

   [DIFFSERV-DPS]
              Stoica, I., Zhang, H., Venkitaram, N., and J. Mysore, "Per
              Hop Behaviors Based on Dynamic Packet State", Work in
              Progress, October 2002.

   [FIPS1994]
              FIPS, "Standard Security Label for Information Transfer",
              Federal Information Processing Standards Publication, FIP
              PUBS 188, 1994, <http://csrc.nist.gov/publications/fips/
              fips188/fips188.pdf>.

   [FONSECA]  Fonseca, R., Porter, G., Katz, R., Shenker, S., and I.
              Stoica, "IP Options are not an option", EECS Department,
              University of California, Berkeley, December 2005,
              <http://www.eecs.berkeley.edu/Pubs/TechRpts/2005/
              EECS-2005-24.html>.

   [IANA-IP]  IANA, "IP OPTION NUMBERS",
              <http://www.iana.org/assignments/ip-parameters>.

   [IRIX2008] IRIX, "IRIX 6.5 trusted_networking(7) manual page", 2008,
              <http://techpubs.sgi.com/library/tpl/cgi-bin/
              getdoc.cgi?coll=0650&db=man&fname=/usr/share/catman/a_man/
              cat7/trusted_networking.z>.

   [Kohno2005]
              Kohno, T., Broido, A., and kc. Claffy, "Remote Physical
              Device Fingerprinting", IEEE Transactions on Dependable
              and Secure Computing, Vol. 2, No. 2, 2005.

   [Landwehr81]
              Landwehr, C., "Formal Models for Computer Security", ACM
              Computing Surveys, Vol. 13, No. 3, Association for
              Computing Machinery, New York, NY, USA, September 1981.
Top   ToC   RFC7126 - Page 34
   [MEDINA]   Medina, A., Allman, M., and S. Floyd, "Measuring
              Interactions Between Transport Protocols and Middleboxes",
              Proc. 4th ACM SIGCOMM/USENIX Conference on Internet
              Measurement, October 2004.

   [Microsoft1999]
              Microsoft, "Microsoft Security Program: Microsoft Security
              Bulletin (MS99-038). Patch Available for "Spoofed Route
              Pointer" Vulnerability", September 1999,
              <http://www.microsoft.com/technet/security/bulletin/
              ms99-038.mspx>.

   [OpenBSD1998]
              OpenBSD, "OpenBSD Security Advisory: IP Source Routing
              Problem", February 1998,
              <http://www.openbsd.org/advisories/sourceroute.txt>.

   [RFC1038]  St. Johns, M., "Draft revised IP security option", RFC
              1038, January 1988.

   [RFC1063]  Mogul, J., Kent, C., Partridge, C., and K. McCloghrie, "IP
              MTU discovery options", RFC 1063, July 1988.

   [RFC1108]  Kent, S., "U.S. Department of Defense Security Options for
              the Internet Protocol", RFC 1108, November 1991.

   [RFC1385]  Wang, Z., "EIP: The Extended Internet Protocol", RFC 1385,
              November 1992.

   [RFC1393]  Malkin, G., "Traceroute Using an IP Option", RFC 1393,
              January 1993.

   [RFC1475]  Ullmann, R., "TP/IX: The Next Internet", RFC 1475, June
              1993.

   [RFC1770]  Graff, C., "IPv4 Option for Sender Directed Multi-
              Destination Delivery", RFC 1770, March 1995.

   [RFC2205]  Braden, B., Zhang, L., Berson, S., Herzog, S., and S.
              Jamin, "Resource ReSerVation Protocol (RSVP) -- Version 1
              Functional Specification", RFC 2205, September 1997.

   [RFC2407]  Piper, D., "The Internet IP Security Domain of
              Interpretation for ISAKMP", RFC 2407, November 1998.

   [RFC3585]  Jason, J., Rafalow, L., and E. Vyncke, "IPsec
              Configuration Policy Information Model", RFC 3585, August
              2003.
Top   ToC   RFC7126 - Page 35
   [RFC4306]  Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", RFC
              4306, December 2005.

   [RFC4782]  Floyd, S., Allman, M., Jain, A., and P. Sarolahti, "Quick-
              Start for TCP and IP", RFC 4782, January 2007.

   [RFC4807]  Baer, M., Charlet, R., Hardaker, W., Story, R., and C.
              Wang, "IPsec Security Policy Database Configuration MIB",
              RFC 4807, March 2007.

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2", RFC
              4949, August 2007.

   [RFC5350]  Manner, J. and A. McDonald, "IANA Considerations for the
              IPv4 and IPv6 Router Alert Options", RFC 5350, September
              2008.

   [RFC5570]  StJohns, M., Atkinson, R., and G. Thomas, "Common
              Architecture Label IPv6 Security Option (CALIPSO)", RFC
              5570, July 2009.

   [RFC5996]  Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
              "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC
              5996, September 2010.

   [RFC6192]  Dugal, D., Pignataro, C., and R. Dunn, "Protecting the
              Router Control Plane", RFC 6192, March 2011.

   [RFC6274]  Gont, F., "Security Assessment of the Internet Protocol
              Version 4", RFC 6274, July 2011.

   [SELinux2008]
              National Security Agency (United States), "Security-
              Enhanced Linux - NSA/CSS", January 2009,
              <http://www.nsa.gov/research/selinux/index.shtml>.

   [Solaris2008]
              "Solaris Trusted Extensions: Labeled Security for Absolute
              Protection", 2008,
              <http://www.oracle.com/technetwork/server-storage/
              solaris10/overview/trusted-extensions-149944.pdf>.
Top   ToC   RFC7126 - Page 36

Authors' Addresses

Fernando Gont UTN-FRH / SI6 Networks Evaristo Carriego 2644 Haedo, Provincia de Buenos Aires 1706 Argentina Phone: +54 11 4650 8472 EMail: fgont@si6networks.com URI: http://www.si6networks.com RJ Atkinson Consultant McLean, VA 22103 USA EMail: rja.lists@gmail.com Carlos Pignataro Cisco Systems, Inc. 7200-12 Kit Creek Road Research Triangle Park, NC 27709 USA EMail: cpignata@cisco.com