home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Halting the Hacker - A P…uide to Computer Security
/
Halting the Hacker - A Practical Guide to Computer Security.iso
/
rfc
/
rfc1169.txt
< prev
next >
Wrap
Text File
|
1997-04-01
|
29KB
|
843 lines
Network Working Group V. Cerf
Request for Comments: 1169 IAB
K. Mills
NIST
August 1990
Explaining the Role of GOSIP
1. Status of this Memo
This informational RFC represents the official view of the Internet
Activities Board (IAB), after coordination with the Federal
Networking Council (FNC). This RFC does not specify a standard.
Distribution of this memo is unlimited.
Table of Contents
1. Status of this Memo........................................... 1
2. Abstract...................................................... 2
3. Introduction.................................................. 2
4. Acknowledgements.............................................. 3
5. GOSIP Background.............................................. 3
6. Understanding GOSIP........................................... 4
6.1. Applicability............................................... 4
6.1.1. Procurement Vs. Transition................................ 5
6.1.2. Small Network Add-on Vs. Major Upgrade.................... 5
6.1.3. OSI Incompleteness........................................ 5
6.2. Exclusivity................................................. 5
6.3. Implementation.............................................. 6
6.4. Waivers..................................................... 6
6.5. Enforcement................................................. 7
7. Role of the IETF in Support of OSI............................ 7
8. Role of the Internet Infrastructure Agencies in
Support of OSI................................................ 7
9. Role of the Internet Using Agencies in the
Application of OSI............................................ 7
10. Summary...................................................... 8
11. References................................................... 9
12. Appendix -- To Obtain GOSIP Documents........................ 9
12.1 GOSIP....................................................... 9
12.1.1 GOSIP Version 1........................................... 9
12.1.2 GOSIP Version 2........................................... 10
12.2 NIST Workshop for Implementors of OSI Documents............. 11
12.2.1 SIA, Version 1............................................ 11
12.2.2 SIA, Version 2............................................ 12
12.2.3 WIA (August, 1989)........................................ 13
Cerf & Mills [Page 1]
RFC 1169 Explaining the Role of GOSIP August 1990
12.3 GOSIP Users' Guide.......................................... 13
12.4 Addresses/Telephone Numbers................................. 14
13. Security Considerations...................................... 15
14. Authors' Addresses........................................... 15
2. Abstract
The Federal Networking Council (FNC), the Internet Activities Board
(IAB), and the Internet Engineering Task Force (IETF) have a firm
commitment to responsible integration of OSI based upon sound network
planning. This implies that OSI will be added to the Internet
without sacrificing services now available to existing Internet
users, and that a multi-protocol environment will exist in the
Internet for a prolonged period. Planning is underway within the
Internet community to enable integration of OSI, coexistence of OSI
with TCP/IP, and interoperability between OSI and TCP/IP.
The U.S. Government OSI Profile (GOSIP) is a necessary tool for
planning OSI integration. However, as the August 1990 requirement
date for GOSIP compliance approaches, concern remains as to how GOSIP
should be applied to near-term network planning.
The intent of this statement is to help explain the role and
applicability of the GOSIP document, as well as to emphasize the
government's commitment to an integrated interoperable OSI
environment based on responsible planning.
3. Introduction
The Federal Agencies, represented in the Federal Networking Council
(FNC), as well as the Internet community represented by the Internet
Activities Board (IAB), and the Internet Engineering Task Force
(IETF) are fully committed to integrating OSI into the Internet, as
it is recognized that OSI is an international standard networking
protocol suite. The FNC, IAB, and IETF are taking sound technical
steps to integrate OSI in a fashion and on a schedule that assures
current levels of service to users of the existing operational
networks that are a part of the Internet. The large existing
installed base of TCP/IP protocol users, the limited deployment of
commercial OSI products, and the incomplete development of OSI
standards for routing, network management, and directory services
combine to make an immediate, total transition to a pure OSI
environment in the Internet unrealistic.
In what follows, we present a brief overview of GOSIP and we address
some of the often confusing points about the intent, applicability,
and implementation of GOSIP. We also describe the role of the IETF
regarding the integration of OSI into the Internet. Further, we
Cerf & Mills [Page 2]
RFC 1169 Explaining the Role of GOSIP August 1990
discuss the role of Federal Agencies in this process.
4. Acknowledgements
Special thanks are due to Rebecca Nitzan of Sterling and Phill Gross
of CNRI for developing several draft versions of this RFC.
5. GOSIP Background
The Government OSI Profile (GOSIP), published as Federal Information
Processing Standard (FIPS) 146, issued by the National Institute of
Standards and Technology (NIST), specifies the details of an OSI
configuration for use in the Government so that interoperable OSI
products can be procured from commercial vendors. GOSIP is needed
because OSI standards allow many potential options and choices, some
of which are incompatible. GOSIP is based on refinements of OSI
standards. The refinements are agreed to by commercial implementors
and potential users through a series of OSI Implementors Workshops
(OIW) hosted by NIST four times every year since 1983. As OSI
becomes more widely deployed, GOSIP compliance will become
increasingly important.
GOSIP was written by an inter-agency group and continues to evolve
under the guidance of the GOSIP Advanced Requirements Group. The
IETF is represented on the GOSIP Advanced Requirements Group, as are
Federal Government Agencies, including the FNC agencies.
The GOSIP FIPS consists of:
1. An announcement adopting GOSIP as a Federal standard. The
announcement section of the FIPS covers topics such as the
objectives of GOSIP, its applicability, implementation
requirements, and waiver procedures.
2. The technical specification of GOSIP products to be procured.
The technical specification section of GOSIP describes the
details of a subset of OSI protocols. Products implementing
GOSIP are in development by or available from many computer
vendors.
3. Appendices describing the plans for including additional
functionality into future versions of the GOSIP technical
specification.
The first version of GOSIP was published in August 1988 following a
long comment period beginning as early as January 1987. GOSIP was
adopted as FIPS 146 in February 1989 and will become a Federal
procurement requirement in August 1990 [1]. A second version of
Cerf & Mills [Page 3]
RFC 1169 Explaining the Role of GOSIP August 1990
GOSIP will become a FIPS in 1990 and will then become a Federal
procurement requirement 18 months later [2]. Along with the second
version of GOSIP, NIST will issue errata associated with GOSIP
Version 1.0.
There is an additional publication called the GOSIP Users' Guide
which provides an expanded explanation of GOSIP including tutorials,
interpretation, integration planning advice, and information on
registration [3]. The GOSIP Users' Guide will be updated and re-
released in coordination with each version of GOSIP. Information
regarding how to obtain GOSIP and related documents is included in
the Appendix to this RFC.
6. Understanding GOSIP
There is a common misunderstanding that GOSIP mandates an immediate,
total transition to the use of OSI protocols in August 1990. Several
factors contribute to this misunderstanding including the summary
nature of the FIPS applicability and implementation sections, trade
press synopses trying to explain a complex subject in simple terms,
and hearsay. The FIPS language will be improved in GOSIP Version
2.0. Additionally, more detailed treatment is given to these issues
in the GOSIP Users' Guide. Below is a summary of the issues.
6.1. Applicability
The motivation behind the creation of the U.S. GOSIP document is to
achieve, in the long term, a common, vendor neutral, interoperable
computer communication capability throughout the U.S. Government.
Agreement on a common configuration of OSI protocols (GOSIP) for
purposes of procurement is intended to aid this objective.
Beginning in August, 1990, federal agencies procuring computer
network products and services must require that those products and
services comply with OSI, where feasible, as specified in GOSIP
Version 1.0. This will insure that all government-procured OSI
products and services meet the same OSI Protocol profile.
If the application for which network services or products are
procured can be supported through GOSIP Version 1.0-compliant
facilities, then it is required that compliant products or services
be procured.
Cerf & Mills [Page 4]
RFC 1169 Explaining the Role of GOSIP August 1990
6.1.1. Procurement Vs. Transition
FIPS 146 is a procurement specification. The FIPS mandates the
acquisition of OSI products when agencies require the functionality
supplied by the OSI features specified in GOSIP. GOSIP does not
mandate an immediate, total transition to OSI in August 1990.
6.1.2. Small Network Add-on Vs. Major Upgrade
GOSIP applies most readily to procurement of new networks and major
upgrades to existing networks. "Major upgrade" does not necessarily
mean adding components to an existing non-GOSIP network. For
example, if an agency has an existing network and needs to add
several compatible devices, there is no mandate to retrofit GOSIP
into the entire existing network.
6.1.3. OSI Incompleteness
Many of the OSI protocols are still in the process of being
standardized. The GOSIP 1.0 and 2.0 versions address only
configurations of fully-standardized OSI protocols. As new OSI
standards emerge (e.g., for directory services, network management
and dynamic routing), the GOSIP documents will be revised to
incorporate agreed profiles/configurations. Each GOSIP document
contains appendices describing the status of OSI protocol
standardization and plans for incorporating new functionality into
subsequent GOSIP versions.
6.2. Exclusivity
GOSIP is not exclusive. When an agency implements GOSIP, other
protocols may be procured and used in the same network. This non-
exclusive arrangement will remain for the indefinite future for
several reasons:
1. Agencies, with existing networks, that are planning an OSI
integration will require support for existing protocols and
protocol converters during the integration period.
2. Non-GOSIP protocols may provide some enhanced feature or
improved performance that an agency may find beneficial.
GOSIP is meant to provide for Government-wide interoperability,
but is not meant to do so at the expense of other requirements.
3. GOSIP does not meet every networking requirement of every
agency. In fact, given the pace of technological change in
computing and communications, no single protocol suite is
likely to meet every networking requirement.
Cerf & Mills [Page 5]
RFC 1169 Explaining the Role of GOSIP August 1990
6.3. Implementation
Each agency is responsible for planning the integration of OSI into
agency networks. Many factors must be considered, including, but not
limited to:
o the installed network base
o requirements for functionality not yet present in GOSIP
o availability of funds
o future plans for networks in support of agency missions
o requirements for agency and government wide interoperability
o planned additions to OSI functionality in future versions of
GOSIP.
NIST recommends a three step approach to implement the provisions of
GOSIP:
1. develop a clear and definitive policy regarding use of OSI
within an agency
2. develop an appropriate set of plans to implement the policy
3. update and act on the plans as agency networks are acquired
and upgraded.
Agency management has the responsibility to determine applicability
of GOSIP to particular procurements and to evaluate and grant or deny
waivers from GOSIP when GOSIP would otherwise apply. For further
details on these issues see the GOSIP Users' Guide.
6.4. Waivers
Waivers may be granted from the mandated provisions of GOSIP when
adherence to GOSIP would prevent an agency from accomplishing its
mission or when an agency would suffer adverse financial effects that
are not offset by Government-wide savings. Authority to grant such
waivers is delegated to the heads of agencies.
Developing a waiver process should be part of an agency's
implementation planning. No waiver is needed if GOSIP does not
apply. Procedures are outlined in the FIPS and further discussed in
the GOSIP Users' Guide.
Cerf & Mills [Page 6]
RFC 1169 Explaining the Role of GOSIP August 1990
6.5. Enforcement
NIST does not have an enforcement responsibility with respect to
GOSIP. Any enforcement that occurs will result from the normal
process of planning, acquiring, and implementing networks within
government agencies.
7. Role of the IETF in Support of OSI
Within the Internet community the IETF, working under the direction
of the IAB, plays a key role in planning for integration of OSI into
the Internet. The IETF will define the technical mechanisms
necessary to accommodate OSI in the Internet and to permit
coexistence and interoperability between OSI and TCP/IP protocols
during the indeterminate period of multi-protocol operation. IETF
activities include, but are not limited to, drafting appropriate
RFCs, creating input to GOSIP, the GOSIP Users' Guide, and the OSI
Implementors Workshop (OIW). The IETF may also recommend to the FNC
experiments to be undertaken to further the integration of OSI into
the Internet. One of the eight areas of work for the IETF is
dedicated to OSI integration. A representative of the IETF is an
official member of the GOSIP Advanced Requirements Group.
8. Role of the Internet Infrastructure Agencies in Support of OSI
Certain of the FNC agencies have a role in providing a significant
part of the communications infrastructure for the Internet, that is,
links, backbone routers, management facilities, and directory
services. For example, the National Science Foundation (NSF), the
National Aeronautics and Space Administration (NASA), the Department
of Energy (DOE) and the Defense Advanced Research Projects Agency
(DARPA) have such a role. These agencies must provide for essential
infrastructure services such as routing of ISO 8473 packets in the
NSFnet backbone, provision of application level gateways enabling
interoperability between TCP/IP and OSI applications, and provision
of OSI directory services.
9. Role of the Internet Using Agencies in the Application of OSI
The FNC agencies using Internet services also have a necessary role
in the integration of OSI. The FNC agencies must identify their
requirements and participate in the IETF and GOSIP groups to ensure
that their needs can be met. The FNC agencies should also plan to
implement OSI within their networks in accordance with the realities
of their technical and management plans, taking cognizance of the
plans for and progress toward implementation of key OSI elements in
the Internet Infrastructure. Each FNC agency should develop an
agency policy on the adoption and use of GOSIP and should initiate
Cerf & Mills [Page 7]
RFC 1169 Explaining the Role of GOSIP August 1990
planning for incorporation of GOSIP-compliant products into agency
networks.
10. Summary
The FNC, the IAB, and the IETF have a firm commitment to responsible
integration of OSI protocols into the Internet based upon sound
network planning. A multi-protocol environment will exist in the
Internet for a considerable period of time. As OSI products grow in
number and capability and as more OSI standards are completed, the
role of GOSIP will grow in importance.
To summarize:
o FIPS 146 (GOSIP) is a specification of which OSI protocols are
to be procured for U.S. Government use. GOSIP does not
mandate, or even explicitly address, the issue of protocol
transition.
o As a procurement specification, GOSIP does not apply to existing
installed equipment. It applies to new network procurements and
major upgrades to existing networks. "Major upgrade" does not
necessarily apply to increasing the number of components of
current functionality in existing non-GOSIP networks.
o When GOSIP does apply, it is not exclusionary. That is, other
protocol families can also be procured and used.
o When GOSIP does apply, waivers are allowed in consideration of
specific agency requirements. When GOSIP does not apply, no
waiver is necessary.
o Agencies have the responsibility 1) for agency-wide planning
for GOSIP compliance in their network procurements, 2) for
developing their own waiver process, and 3) for determining
the applicability of GOSIP to any specific procurement.
Cerf & Mills [Page 8]
RFC 1169 Explaining the Role of GOSIP August 1990
11. References
[1] "U.S. Government Open Systems Interconnection Profile", U.S.
Federal Information Processing Standards Publication 146, Version
1, August 1988.
[2] "U.S. Government Open Systems Interconnection Profile", U.S.
Federal Information Processing Standards Publication 146-1, Draft
Version 2, April 1989.
[3] Boland, T., "Government Open Systems Interconnection Profile
Users' Guide", NIST Special Publication 500-163, August 1989.
12. Appendix -- To Obtain GOSIP Documents
Below is the information needed to obtain the U.S. GOSIP and NIST/OSI
Implementors Workshop (OIW) documents. All prices are in U.S.
dollars and represent the most up-to-date information available at
this time; for further pricing information and ordering details,
contact the seller (all addresses and telephone numbers are to be
found at the end).
12.1 GOSIP
12.1.1 GOSIP Version 1.
GOSIP Version 1 (Federal Information Processing Standard 146) was
published in August 1988. It becomes mandatory in applicable federal
procurements in August 1990.
NIST POINT OF CONTACT: Jerry Mulvenna
HARDCOPY:
NTIS
Order Number: FIPS PUB 146
Price: $17.00 (paper); $8.00 (microfiche)
Cerf & Mills [Page 9]
RFC 1169 Explaining the Role of GOSIP August 1990
ON-LINE:
1. The federal register announcement (FIPS 146) as well as GOSIP are
available through anonymous ftp from nic.ddn.mil (192.67.67.20) as:
o <protocols>gosip-fedreg.txt (ascii)
o <protocols>gosip-fips-draft.txt (ascii)
o <protocols>gosip-v1.txt (ascii)
2. Through anonymous ftp or FTAM (ISODE 5.0, user: ftam,
realstore=unix) from osi3.ncsl.nist.gov (129.6.48.100) as:
o pub/gosip/gosip_v1_fedreg.txt (ascii)
o pub/gosip/fips146_draft.txt (ascii)
o pub/gosip/gosip_v1.txt (ascii)
o pub/gosip/gosip_v1.txt.Z (compressed)
12.1.2 GOSIP Version 2.
GOSIP Version 2 is currently a draft. It has undergone public review
and comment. Comments will be addressed by the GOSIP Advanced
Requirements Committee in May, 1990. Final text is expected to be
available in August, 1990.
NIST POINT OF CONTACT: Jerry Mulvenna
HARDCOPY:
NIST Standards Processing Coordinator (ADP)
ON-LINE:
1. Available through anonymous ftp or FTAM (ISODE 5.0, user: ftam,
realstore=unix) from osi3.ncsl.nist.gov (129.6.48.100) as:
o pub/gosip/gosip_v2_draft.txt (ascii)
o pub/gosip/gosip_v2_draft.txt.Z (compressed)
o pub/gosip/gosip_v2_draft.ps (postscript)
o pub/gosip/gosip_v2_draft.ps.Z (compressed)
Cerf & Mills [Page 10]
RFC 1169 Explaining the Role of GOSIP August 1990
2. Available through anonymous ftp from nic.ddn.mil (192.67.67.20)
as:
o <protocols>gosip-v2-draft.doc
12.2 NIST Workshop for Implementors of OSI Documents
The output of the NIST Workshop for Implementors of OSI (OIW) is a
pair of aligned documents, one representing Stable Implementation
Agreements (SIA), the other containing Working Implementation
Agreements (WIA) that have not yet gone into the stable document.
Material is in either one or the other of these documents, but not
both, and the documents have the same index structure.
The SIA is reproduced in its entirety at the beginning of each
calendar year, with an incremented version number. Replacement page
sets are distributed subsequently three times during each year (after
each Workshop), reflecting edits to the stable material. The
replacement pages constitute the next edition of that year's version.
The WIA is reproduced in its entirety after each Workshop (held in
March, June, September and December). OIW attendees automatically
receive the WIA. OIW meeting dates in 1990 are: March 12-16; June
18-22; September 10-14; and December 10-14.
NIST POINTS OF CONTACT:
1. Tim Boland/management information
Chairman, OIW
2. Brenda Gray/administrative information
OIW Registrar
12.2.1 SIA, Version 1.
SIA, Version 1, Edition 1 (Dec, 1987) The SIA, V1E1 is published as
NIST Special Publication 500-150. It is the appropriate version and
edition of the SIA for GOSIP Version 1 (FIPS 146).
HARDCOPY:
1. U.S. Government Printing Office
GPO Stock Number: 003-02838-0
Price: $20.00
Cerf & Mills [Page 11]
RFC 1169 Explaining the Role of GOSIP August 1990
2. NTIS
Order Number: PB 88-168331
Price: $31.00 (paper); $8.00 (microfiche)
SIA, Version 1, Edition 3 (August, 1988) The SIA, V1E3 is also
published as NBS Special Publication 500-150 (note the different GPO
Stock Number when ordering).
HARDCOPY:
U.S. Government Printing Office
GPO Stock Number: 003-003-02838-0
Price: $12.00 (paper)
ON-LINE:
1. Available through anonymous ftp or FTAM (ISODE 5.0, user: ftam,
realstore=unix) from from osi3.ncsl.nist.gov (129.6.48.100) as:
o pub/gosip/nist_osiws_sia_v1e3.txt (ascii)
o pub/gosip/nist_osiws_sia_v1e3.txt.Z (compressed)
2. Available through anonymous ftp from nic.ddn.mil (192.67.67.20)
as:
o <protocols>nbsosi-argrements.doc
12.2.2 SIA, Version 2.
SIA, Version 2, Edition 1 (Dec, 1988) The SIA, V2E1 is published as
NBS Special Publication 500-162.
HARDCOPY:
1. U.S. Government Printing Office
GPO Stock Number: 003-003-02921-1
Price: $26.00
2. IEEE Computer Society
ISBN 0-8186-9022-4
Book No. 2022
Price: $75.00 (casebound)
(a subscription service is available from IEEE)
3. NTIS
Order Number: PB 89193312
Price: $53.00 (paper); $8.00 (microfiche)
Cerf & Mills [Page 12]
RFC 1169 Explaining the Role of GOSIP August 1990
SIA, Version 2, Editions 2-4 These are available as hardcopy from
NIST staff, subject to staff availability. Contact:
Brenda Gray/administrative information
OIW Registrar
SIA, Version 3, Edition 1 (Dec, 1989) The SIA V3E1 is expected to be
available in the first half of 1990. It may be ordered from the IEEE
Computer Society and the U.S. GPO. Future editions of Version 3 are
expected to be available from NTIS, and possibly GPO and the IEEE
Computer Society.
12.2.3 WIA (August, 1989).
The August, 1989 WIA, published as a NIST Interagency Report (IR-89-
4140) is the most recent copy of the WIA that is available to order.
The December, 1989 WIA document is available from NTIS and the IEEE
Computer Society. The August, 1989 WIA (NIST IR-89-4140) is
available in hardcopy from:
NTIS
Order Number: PB 89235931/AS
Price: $36.95 (paper); $6.95 (microfiche)
12.3 GOSIP Users' Guide
This publication assists federal agencies in planning for and
procuring OSI. It provides tutorial information on OSI protocols as
well as information on OSI registration, GOSIP technical evaluation,
and GOSIP transition strategies.
HARDCOPY:
NTIS
Order Number: PB 90-111212
Price: $23 (paper); $8 (microfiche)
Cerf & Mills [Page 13]
RFC 1169 Explaining the Role of GOSIP August 1990
12.4 Addresses/Telephone Numbers
NIST CONTACTS
Tim Boland/management information
Chairman, OIW
Technology, B217
Gaithersburg, MD 20899
(301) 975-3608
boland@ecf.ncsl.nist.gov
Brenda Gray/administrative information
OIW Registrar
Technology, B217
Gaithersburg, MD 20899
(301) 975-3664
Jerry Mulvenna
Technology, B217
Gaithersburg, MD 20899
(301) 975-3631
mulvenna@ecf.ncsl.nist.gov
OTHER SOURCES OF DOCUMENTS
National Technical Information Service (NTIS)
U.S. Department of Commerce
5285 Port Royal Road
Springfield, VA 22161
(703)487-4650
IEEE Computer Society
Order Department
10662 Los Vaqueros Circle
Los Alamitos, CA 90720
1-800-272-6657
U.S. Government Printing Office
Washington, DC 20402
(202) 783-3238
Standards Processing Coordinator (ADP)
National Institute of Standards and Technology
Technology Building, Room B-64
Gaithersburg, MD 20899
(301) 975-2816
Cerf & Mills [Page 14]
RFC 1169 Explaining the Role of GOSIP August 1990
13. Security Considerations
Security issues are not discussed in this memo.
14. Authors' Addresses
Vinton G. Cerf
Chairman, IAB
Corporation for National Research Initiatives
1895 Preston White Drive, Suite 100
Reston, VA 22091
Phone: (703) 620-8990
EMail: vcerf@nri.reston.va.us
Kevin L. Mills
National Institute of Standards and Technology
Building 225, Room B217
Gaithersburg, MD 20899
Phone: (301) 975-3618
EMail: MILLS@ECF.NCSL.NIST.GOV
Cerf & Mills [Page 15]
