next up previous contents
Next: Acronyms and Terminology Up: Security in Open Systems Previous: ISO Protocol Security


Recently, a great amount of effort has been expended towards the development of generic security standards. Indeed, while several standards (such as mail, directory, and file transfer) had incorporated security within the protocol, it was felt that these solutions were ad-hoc, weak, and the wrong thing to do. Indeed, a proliferation of application specific security mechanisms would be bound to result in systems that would be hard to manage and whose security profile would be impossible to assess.

The work towards more generic solutions appears to be two pronged:

Thus, at this time it would appear that ISO communication standards supporting communication integrity and confidentiality are around the corner, but that the wait for upper layer solutions will be substantially longer.

The paragraphs that follow will attempt to present the ongoing security activities of which the author is aware, be it through direct participation or by document scanning. Given the fluidity of this area and the fact that documents incorporate a built-in lag, this compendium should not be expected to be accurate and up-to-date in all of its particulars. In addition, all included judgments reflect the author's opinion and are not necessarily the consensus of those active in security standards.

John Barkley
Fri Oct 7 16:17:21 EDT 1994