Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table 1. Internet Eng<strong>in</strong>eer<strong>in</strong>g Task Force Protocol Security Features<br />
and Key Management Configuration (Cont<strong>in</strong>ued)<br />
Protocol<br />
LDAPv3—RFC<br />
2829<br />
Lightweight<br />
<strong>Directory</strong><br />
Access Protocol<br />
HTTPv1.1—<br />
RFC 2616<br />
Hypertext<br />
Transfer<br />
Protocol—<br />
primary<br />
protocol used<br />
for web<br />
accesses<br />
DNS—RFC<br />
2535<br />
Doma<strong>in</strong> Name<br />
System provides<br />
IP address-toname<br />
b<strong>in</strong>d<strong>in</strong>gs.<br />
Also performs<br />
some directory<br />
services.<br />
Security<br />
Features<br />
Authentication,<br />
Integrity.<br />
Privacy<br />
Authentication,<br />
Integrity,<br />
Privacy<br />
Authentication,<br />
Integrity<br />
Security<br />
Algorithm Keys Key Store <strong>in</strong> L<strong>in</strong>ux<br />
Simple<br />
Authentication<br />
and Security<br />
Layer (see RFC<br />
2222) uses PKI;<br />
optionally TLS<br />
(see below)<br />
PKI uses<br />
Secured by<br />
us<strong>in</strong>g TLS<br />
below<br />
HMAC-MD5<br />
(see RFC 2085)<br />
as used by the<br />
Secret Key<br />
Transaction<br />
Authentication<br />
for DNS (TSIG;<br />
see RFC 3645)<br />
mechanism<br />
(IETF is<br />
currently<br />
enhanc<strong>in</strong>g DNS<br />
Security)<br />
Kerberos or PKI<br />
PKI<br />
Symmetric key<br />
obta<strong>in</strong>ed from a<br />
BIND utility<br />
Client’s PKI<br />
identity is<br />
registered (or<br />
passed) to the<br />
LDAPv3 daemon<br />
before or dur<strong>in</strong>g<br />
client accesses.<br />
• Network Manager<br />
clients register<br />
their PKI<br />
certificate(s) to<br />
their web browser<br />
(e.g., Netscape<br />
Navigator or<br />
Microsoft ®<br />
Internet Explorer)<br />
• A Web Server is<br />
configured with<br />
the appropriate<br />
PKI Server<br />
Certificate.<br />
It is secured by<br />
pair-wise<br />
configuration of the<br />
same secret key<br />
between each DNS<br />
server pair that<br />
communicates<br />
together. Key<br />
assignments are<br />
configured us<strong>in</strong>g<br />
the key DNS<br />
statement <strong>in</strong><br />
conjunction with<br />
the keys DNS<br />
substatement.<br />
37