Internet Protocol Security Option

Refers to one of three types of IP security options, which are fields that may be added to an IP datagram for carrying security information about the datagram. (Compare: IPsec.)

Deprecated Usage: IDOCs SHOULD NOT use this term without a modifier to indicate which of the following three types is meant:

• "DoD Basic Security Option" (IP option type 130): Defined for use on U.S. DoD common-use data networks. Identifies the DoD classification level at which the datagram is to be protected and the protection authorities whose rules apply to the datagram. (A "protection authority" is a National Access Program (e.g., GENSER, SIOP-ESI, SCI, NSA, Department of Energy) or Special Access Program that specifies protection rules for transmission and processing of the information contained in the datagram.) [R1108]
• "DoD Extended Security Option" (IP option type 133): Permits additional security labeling information, beyond that present in the Basic Security Option, to be supplied in the datagram to meet the needs of registered authorities. [R1108]
• "Common IP Security Option" (CIPSO) (IP option type 134): Designed by TSIG to carry hierarchic and non-hierarchic security labels. (Formerly called "Commercial IP Security Option"; a version 2.3 draft was published 9 March 1993 as an Internet-Draft but did not advance to RFC form.) [CIPSO]