Introduction

Recently, a great amount of effort has been expended towards the development of generic security standards. Indeed, while several standards (such as mail, directory, and file transfer) had incorporated security within the protocol, it was felt that these solutions were ad-hoc, weak, and the wrong thing to do. Indeed, a proliferation of application specific security mechanisms would be bound to result in systems that would be hard to manage and whose security profile would be impossible to assess.

The work towards more generic solutions appears to be two pronged:

• Work on lower layers security has been initiated and rapidly progressed within (layer two) IEEE and SC6 (layers three and four). This work is quite mature.
• Work on upper layer security is pursued within ISO (SC21 and SC27), CCITT, and ECMA, sometimes on an ad-hoc basis. While ECMA has passed several standards and the work on directories is quite mature, most of the upper layer standards are either immature or generic blueprints.

Thus, at this time it would appear that ISO communication standards supporting communication integrity and confidentiality are around the corner, but that the wait for upper layer solutions will be substantially longer.

The paragraphs that follow will attempt to present the ongoing security activities of which the author is aware, be it through direct participation or by document scanning. Given the fluidity of this area and the fact that documents incorporate a built-in lag, this compendium should not be expected to be accurate and up-to-date in all of its particulars. In addition, all included judgments reflect the author's opinion and are not necessarily the consensus of those active in security standards.