资源说明:TLS communications to protect sensitive data transmitted through the Internet. Many books such as [Rescorla01], [Comer00], and [Hall00] describe the Internet’s client-server model and communication protocol design principles. None guide Federal users and system administrators to adequately protect sensitive but unclassified Federal Government data against the most serious threats on the World Wide Web – eavesdropping, data tampering and message forgery. Other books such as [Adams99] and [Housley01] as well as technical journal articles (e.g., [Polk03]) and NIST publications (e.g., [SP800-32]) describe how Public Key Infrastructure (PKI) can be used to protect information in the Internet.
It is assumed that the reader of these Guidelines is somewhat familiar with the ISO seven-layer model communications model (also known as the seven-layer stack) [7498], as well as the Internet and public key infrastructure concepts, including, for example, X.509 certificates. If not, the reader may refer to the references cited above in the first paragraph of this introduction for further explanations of background concepts that cannot be fully explained in these Guidelines.
These Guidelines briefly introduce computer communications architectural concepts. The Guidelines place the responsibility for communication security at the Transport layer of the OSI seven-layer communications stack, not within the application itself. Protection of sensitive but unclassified Government information can adequately be accomplished at this layer when appropriate protocol options are selected and used by clients and servers relying on transport layer security.
Unfortunately, security is not a single property possessed by a single protocol. Rather, security includes a complex set of related properties that together provide the required information assurance characteristics and information protection services. Security requirements are usually derived from a risk assessment to the threats or attacks an adversary is likely to mount against a system. The adversary is likely to take advantage of implementation vulnerabilities found in many system components including computer operating systems, application software systems, and the computer networks that interconnect them. These guidelines focus only on security within the network, and they focus directly on the small portion of the network communications stack that is referred to as the transport layer.
Usually, the best defense against telecommunications attacks is to deploy security services implemented with mechanisms specified in standards that are thoroughly vetted in the public domain and rigorously tested by third party laboratories, by vendors, and by users of commercial off-the-shelf products.
Three services that most often address network user security requirements are confidentiality, message integrity and authentication. A confidentiality service provides assurance that data is kept secret, preventing eavesdropping. A message integrity service provides confirmation that data modification is always detected thus preventing undetected deletion, addition, or modification of data. An authentication service provides assurance of the sender or receiver’s identity, thereby preventing forgery.
本源码包内暂不包含可直接显示的源代码文件,请下载源码包。