Network Working Group V. Cerf Request for Comments: 1169 IAB K. Mills NIST August 1990 Explaining the Role of GOSIP 1. Status of this Memo This informational RFC represents the official view of the Internet Activities Board (IAB), after coordination with the Federal Networking Council (FNC). This RFC does not specify a standard. Distribution of this memo is unlimited. Table of Contents 1. Status of this Memo........................................... 1 2. Abstract...................................................... 2 3. Introduction.................................................. 2 4. Acknowledgements.............................................. 3 5. GOSIP Background.............................................. 3 6. Understanding GOSIP........................................... 4 6.1. Applicability............................................... 4 6.1.1. Procurement Vs. Transition................................ 5 6.1.2. Small Network Add-on Vs. Major Upgrade.................... 5 6.1.3. OSI Incompleteness........................................ 5 6.2. Exclusivity................................................. 5 6.3. Implementation.............................................. 6 6.4. Waivers..................................................... 6 6.5. Enforcement................................................. 7 7. Role of the IETF in Support of OSI............................ 7 8. Role of the Internet Infrastructure Agencies in Support of OSI................................................ 7 9. Role of the Internet Using Agencies in the Application of OSI............................................ 7 10. Summary...................................................... 8 11. References................................................... 9 12. Appendix -- To Obtain GOSIP Documents........................ 9 12.1 GOSIP....................................................... 9 12.1.1 GOSIP Version 1........................................... 9 12.1.2 GOSIP Version 2........................................... 10 12.2 NIST Workshop for Implementors of OSI Documents............. 11 12.2.1 SIA, Version 1............................................ 11 12.2.2 SIA, Version 2............................................ 12 12.2.3 WIA (August, 1989)........................................ 13 Cerf & Mills [Page 1] RFC 1169 Explaining the Role of GOSIP August 1990 12.3 GOSIP Users' Guide.......................................... 13 12.4 Addresses/Telephone Numbers................................. 14 13. Security Considerations...................................... 15 14. Authors' Addresses........................................... 15 2. Abstract The Federal Networking Council (FNC), the Internet Activities Board (IAB), and the Internet Engineering Task Force (IETF) have a firm commitment to responsible integration of OSI based upon sound network planning. This implies that OSI will be added to the Internet without sacrificing services now available to existing Internet users, and that a multi-protocol environment will exist in the Internet for a prolonged period. Planning is underway within the Internet community to enable integration of OSI, coexistence of OSI with TCP/IP, and interoperability between OSI and TCP/IP. The U.S. Government OSI Profile (GOSIP) is a necessary tool for planning OSI integration. However, as the August 1990 requirement date for GOSIP compliance approaches, concern remains as to how GOSIP should be applied to near-term network planning. The intent of this statement is to help explain the role and applicability of the GOSIP document, as well as to emphasize the government's commitment to an integrated interoperable OSI environment based on responsible planning. 3. Introduction The Federal Agencies, represented in the Federal Networking Council (FNC), as well as the Internet community represented by the Internet Activities Board (IAB), and the Internet Engineering Task Force (IETF) are fully committed to integrating OSI into the Internet, as it is recognized that OSI is an international standard networking protocol suite. The FNC, IAB, and IETF are taking sound technical steps to integrate OSI in a fashion and on a schedule that assures current levels of service to users of the existing operational networks that are a part of the Internet. The large existing installed base of TCP/IP protocol users, the limited deployment of commercial OSI products, and the incomplete development of OSI standards for routing, network management, and directory services combine to make an immediate, total transition to a pure OSI environment in the Internet unrealistic. In what follows, we present a brief overview of GOSIP and we address some of the often confusing points about the intent, applicability, and implementation of GOSIP. We also describe the role of the IETF regarding the integration of OSI into the Internet. Further, we Cerf & Mills [Page 2] RFC 1169 Explaining the Role of GOSIP August 1990 discuss the role of Federal Agencies in this process. 4. Acknowledgements Special thanks are due to Rebecca Nitzan of Sterling and Phill Gross of CNRI for developing several draft versions of this RFC. 5. GOSIP Background The Government OSI Profile (GOSIP), published as Federal Information Processing Standard (FIPS) 146, issued by the National Institute of Standards and Technology (NIST), specifies the details of an OSI configuration for use in the Government so that interoperable OSI products can be procured from commercial vendors. GOSIP is needed because OSI standards allow many potential options and choices, some of which are incompatible. GOSIP is based on refinements of OSI standards. The refinements are agreed to by commercial implementors and potential users through a series of OSI Implementors Workshops (OIW) hosted by NIST four times every year since 1983. As OSI becomes more widely deployed, GOSIP compliance will become increasingly important. GOSIP was written by an inter-agency group and continues to evolve under the guidance of the GOSIP Advanced Requirements Group. The IETF is represented on the GOSIP Advanced Requirements Group, as are Federal Government Agencies, including the FNC agencies. The GOSIP FIPS consists of: 1. An announcement adopting GOSIP as a Federal standard. The announcement section of the FIPS covers topics such as the objectives of GOSIP, its applicability, implementation requirements, and waiver procedures. 2. The technical specification of GOSIP products to be procured. The technical specification section of GOSIP describes the details of a subset of OSI protocols. Products implementing GOSIP are in development by or available from many computer vendors. 3. Appendices describing the plans for including additional functionality into future versions of the GOSIP technical specification. The first version of GOSIP was published in August 1988 following a long comment period beginning as early as January 1987. GOSIP was adopted as FIPS 146 in February 1989 and will become a Federal procurement requirement in August 1990 [1]. A second version of Cerf & Mills [Page 3] RFC 1169 Explaining the Role of GOSIP August 1990 GOSIP will become a FIPS in 1990 and will then become a Federal procurement requirement 18 months later [2]. Along with the second version of GOSIP, NIST will issue errata associated with GOSIP Version 1.0. There is an additional publication called the GOSIP Users' Guide which provides an expanded explanation of GOSIP including tutorials, interpretation, integration planning advice, and information on registration [3]. The GOSIP Users' Guide will be updated and re- released in coordination with each version of GOSIP. Information regarding how to obtain GOSIP and related documents is included in the Appendix to this RFC. 6. Understanding GOSIP There is a common misunderstanding that GOSIP mandates an immediate, total transition to the use of OSI protocols in August 1990. Several factors contribute to this misunderstanding including the summary nature of the FIPS applicability and implementation sections, trade press synopses trying to explain a complex subject in simple terms, and hearsay. The FIPS language will be improved in GOSIP Version 2.0. Additionally, more detailed treatment is given to these issues in the GOSIP Users' Guide. Below is a summary of the issues. 6.1. Applicability The motivation behind the creation of the U.S. GOSIP document is to achieve, in the long term, a common, vendor neutral, interoperable computer communication capability throughout the U.S. Government. Agreement on a common configuration of OSI protocols (GOSIP) for purposes of procurement is intended to aid this objective. Beginning in August, 1990, federal agencies procuring computer network products and services must require that those products and services comply with OSI, where feasible, as specified in GOSIP Version 1.0. This will insure that all government-procured OSI products and services meet the same OSI Protocol profile. If the application for which network services or products are procured can be supported through GOSIP Version 1.0-compliant facilities, then it is required that compliant products or services be procured. Cerf & Mills [Page 4] RFC 1169 Explaining the Role of GOSIP August 1990 6.1.1. Procurement Vs. Transition FIPS 146 is a procurement specification. The FIPS mandates the acquisition of OSI products when agencies require the functionality supplied by the OSI features specified in GOSIP. GOSIP does not mandate an immediate, total transition to OSI in August 1990. 6.1.2. Small Network Add-on Vs. Major Upgrade GOSIP applies most readily to procurement of new networks and major upgrades to existing networks. "Major upgrade" does not necessarily mean adding components to an existing non-GOSIP network. For example, if an agency has an existing network and needs to add several compatible devices, there is no mandate to retrofit GOSIP into the entire existing network. 6.1.3. OSI Incompleteness Many of the OSI protocols are still in the process of being standardized. The GOSIP 1.0 and 2.0 versions address only configurations of fully-standardized OSI protocols. As new OSI standards emerge (e.g., for directory services, network management and dynamic routing), the GOSIP documents will be revised to incorporate agreed profiles/configurations. Each GOSIP document contains appendices describing the status of OSI protocol standardization and plans for incorporating new functionality into subsequent GOSIP versions. 6.2. Exclusivity GOSIP is not exclusive. When an agency implements GOSIP, other protocols may be procured and used in the same network. This non- exclusive arrangement will remain for the indefinite future for several reasons: 1. Agencies, with existing networks, that are planning an OSI integration will require support for existing protocols and protocol converters during the integration period. 2. Non-GOSIP protocols may provide some enhanced feature or improved performance that an agency may find beneficial. GOSIP is meant to provide for Government-wide interoperability, but is not meant to do so at the expense of other requirements. 3. GOSIP does not meet every networking requirement of every agency. In fact, given the pace of technological change in computing and communications, no single protocol suite is likely to meet every networking requirement. Cerf & Mills [Page 5] RFC 1169 Explaining the Role of GOSIP August 1990 6.3. Implementation Each agency is responsible for planning the integration of OSI into agency networks. Many factors must be considered, including, but not limited to: o the installed network base o requirements for functionality not yet present in GOSIP o availability of funds o future plans for networks in support of agency missions o requirements for agency and government wide interoperability o planned additions to OSI functionality in future versions of GOSIP. NIST recommends a three step approach to implement the provisions of GOSIP: 1. develop a clear and definitive policy regarding use of OSI within an agency 2. develop an appropriate set of plans to implement the policy 3. update and act on the plans as agency networks are acquired and upgraded. Agency management has the responsibility to determine applicability of GOSIP to particular procurements and to evaluate and grant or deny waivers from GOSIP when GOSIP would otherwise apply. For further details on these issues see the GOSIP Users' Guide. 6.4. Waivers Waivers may be granted from the mandated provisions of GOSIP when adherence to GOSIP would prevent an agency from accomplishing its mission or when an agency would suffer adverse financial effects that are not offset by Government-wide savings. Authority to grant such waivers is delegated to the heads of agencies. Developing a waiver process should be part of an agency's implementation planning. No waiver is needed if GOSIP does not apply. Procedures are outlined in the FIPS and further discussed in the GOSIP Users' Guide. Cerf & Mills [Page 6] RFC 1169 Explaining the Role of GOSIP August 1990 6.5. Enforcement NIST does not have an enforcement responsibility with respect to GOSIP. Any enforcement that occurs will result from the normal process of planning, acquiring, and implementing networks within government agencies. 7. Role of the IETF in Support of OSI Within the Internet community the IETF, working under the direction of the IAB, plays a key role in planning for integration of OSI into the Internet. The IETF will define the technical mechanisms necessary to accommodate OSI in the Internet and to permit coexistence and interoperability between OSI and TCP/IP protocols during the indeterminate period of multi-protocol operation. IETF activities include, but are not limited to, drafting appropriate RFCs, creating input to GOSIP, the GOSIP Users' Guide, and the OSI Implementors Workshop (OIW). The IETF may also recommend to the FNC experiments to be undertaken to further the integration of OSI into the Internet. One of the eight areas of work for the IETF is dedicated to OSI integration. A representative of the IETF is an official member of the GOSIP Advanced Requirements Group. 8. Role of the Internet Infrastructure Agencies in Support of OSI Certain of the FNC agencies have a role in providing a significant part of the communications infrastructure for the Internet, that is, links, backbone routers, management facilities, and directory services. For example, the National Science Foundation (NSF), the National Aeronautics and Space Administration (NASA), the Department of Energy (DOE) and the Defense Advanced Research Projects Agency (DARPA) have such a role. These agencies must provide for essential infrastructure services such as routing of ISO 8473 packets in the NSFnet backbone, provision of application level gateways enabling interoperability between TCP/IP and OSI applications, and provision of OSI directory services. 9. Role of the Internet Using Agencies in the Application of OSI The FNC agencies using Internet services also have a necessary role in the integration of OSI. The FNC agencies must identify their requirements and participate in the IETF and GOSIP groups to ensure that their needs can be met. The FNC agencies should also plan to implement OSI within their networks in accordance with the realities of their technical and management plans, taking cognizance of the plans for and progress toward implementation of key OSI elements in the Internet Infrastructure. Each FNC agency should develop an agency policy on the adoption and use of GOSIP and should initiate Cerf & Mills [Page 7] RFC 1169 Explaining the Role of GOSIP August 1990 planning for incorporation of GOSIP-compliant products into agency networks. 10. Summary The FNC, the IAB, and the IETF have a firm commitment to responsible integration of OSI protocols into the Internet based upon sound network planning. A multi-protocol environment will exist in the Internet for a considerable period of time. As OSI products grow in number and capability and as more OSI standards are completed, the role of GOSIP will grow in importance. To summarize: o FIPS 146 (GOSIP) is a specification of which OSI protocols are to be procured for U.S. Government use. GOSIP does not mandate, or even explicitly address, the issue of protocol transition. o As a procurement specification, GOSIP does not apply to existing installed equipment. It applies to new network procurements and major upgrades to existing networks. "Major upgrade" does not necessarily apply to increasing the number of components of current functionality in existing non-GOSIP networks. o When GOSIP does apply, it is not exclusionary. That is, other protocol families can also be procured and used. o When GOSIP does apply, waivers are allowed in consideration of specific agency requirements. When GOSIP does not apply, no waiver is necessary. o Agencies have the responsibility 1) for agency-wide planning for GOSIP compliance in their network procurements, 2) for developing their own waiver process, and 3) for determining the applicability of GOSIP to any specific procurement. Cerf & Mills [Page 8] RFC 1169 Explaining the Role of GOSIP August 1990 11. References [1] "U.S. Government Open Systems Interconnection Profile", U.S. Federal Information Processing Standards Publication 146, Version 1, August 1988. [2] "U.S. Government Open Systems Interconnection Profile", U.S. Federal Information Processing Standards Publication 146-1, Draft Version 2, April 1989. [3] Boland, T., "Government Open Systems Interconnection Profile Users' Guide", NIST Special Publication 500-163, August 1989. 12. Appendix -- To Obtain GOSIP Documents Below is the information needed to obtain the U.S. GOSIP and NIST/OSI Implementors Workshop (OIW) documents. All prices are in U.S. dollars and represent the most up-to-date information available at this time; for further pricing information and ordering details, contact the seller (all addresses and telephone numbers are to be found at the end). 12.1 GOSIP 12.1.1 GOSIP Version 1. GOSIP Version 1 (Federal Information Processing Standard 146) was published in August 1988. It becomes mandatory in applicable federal procurements in August 1990. NIST POINT OF CONTACT: Jerry Mulvenna HARDCOPY: NTIS Order Number: FIPS PUB 146 Price: $17.00 (paper); $8.00 (microfiche) Cerf & Mills [Page 9] RFC 1169 Explaining the Role of GOSIP August 1990 ON-LINE: 1. The federal register announcement (FIPS 146) as well as GOSIP are available through anonymous ftp from nic.ddn.mil (192.67.67.20) as: o gosip-fedreg.txt (ascii) o gosip-fips-draft.txt (ascii) o gosip-v1.txt (ascii) 2. Through anonymous ftp or FTAM (ISODE 5.0, user: ftam, realstore=unix) from osi3.ncsl.nist.gov (129.6.48.100) as: o pub/gosip/gosip_v1_fedreg.txt (ascii) o pub/gosip/fips146_draft.txt (ascii) o pub/gosip/gosip_v1.txt (ascii) o pub/gosip/gosip_v1.txt.Z (compressed) 12.1.2 GOSIP Version 2. GOSIP Version 2 is currently a draft. It has undergone public review and comment. Comments will be addressed by the GOSIP Advanced Requirements Committee in May, 1990. Final text is expected to be available in August, 1990. NIST POINT OF CONTACT: Jerry Mulvenna HARDCOPY: NIST Standards Processing Coordinator (ADP) ON-LINE: 1. Available through anonymous ftp or FTAM (ISODE 5.0, user: ftam, realstore=unix) from osi3.ncsl.nist.gov (129.6.48.100) as: o pub/gosip/gosip_v2_draft.txt (ascii) o pub/gosip/gosip_v2_draft.txt.Z (compressed) o pub/gosip/gosip_v2_draft.ps (postscript) o pub/gosip/gosip_v2_draft.ps.Z (compressed) Cerf & Mills [Page 10] RFC 1169 Explaining the Role of GOSIP August 1990 2. Available through anonymous ftp from nic.ddn.mil (192.67.67.20) as: o gosip-v2-draft.doc 12.2 NIST Workshop for Implementors of OSI Documents The output of the NIST Workshop for Implementors of OSI (OIW) is a pair of aligned documents, one representing Stable Implementation Agreements (SIA), the other containing Working Implementation Agreements (WIA) that have not yet gone into the stable document. Material is in either one or the other of these documents, but not both, and the documents have the same index structure. The SIA is reproduced in its entirety at the beginning of each calendar year, with an incremented version number. Replacement page sets are distributed subsequently three times during each year (after each Workshop), reflecting edits to the stable material. The replacement pages constitute the next edition of that year's version. The WIA is reproduced in its entirety after each Workshop (held in March, June, September and December). OIW attendees automatically receive the WIA. OIW meeting dates in 1990 are: March 12-16; June 18-22; September 10-14; and December 10-14. NIST POINTS OF CONTACT: 1. Tim Boland/management information Chairman, OIW 2. Brenda Gray/administrative information OIW Registrar 12.2.1 SIA, Version 1. SIA, Version 1, Edition 1 (Dec, 1987) The SIA, V1E1 is published as NIST Special Publication 500-150. It is the appropriate version and edition of the SIA for GOSIP Version 1 (FIPS 146). HARDCOPY: 1. U.S. Government Printing Office GPO Stock Number: 003-02838-0 Price: $20.00 Cerf & Mills [Page 11] RFC 1169 Explaining the Role of GOSIP August 1990 2. NTIS Order Number: PB 88-168331 Price: $31.00 (paper); $8.00 (microfiche) SIA, Version 1, Edition 3 (August, 1988) The SIA, V1E3 is also published as NBS Special Publication 500-150 (note the different GPO Stock Number when ordering). HARDCOPY: U.S. Government Printing Office GPO Stock Number: 003-003-02838-0 Price: $12.00 (paper) ON-LINE: 1. Available through anonymous ftp or FTAM (ISODE 5.0, user: ftam, realstore=unix) from from osi3.ncsl.nist.gov (129.6.48.100) as: o pub/gosip/nist_osiws_sia_v1e3.txt (ascii) o pub/gosip/nist_osiws_sia_v1e3.txt.Z (compressed) 2. Available through anonymous ftp from nic.ddn.mil (192.67.67.20) as: o nbsosi-argrements.doc 12.2.2 SIA, Version 2. SIA, Version 2, Edition 1 (Dec, 1988) The SIA, V2E1 is published as NBS Special Publication 500-162. HARDCOPY: 1. U.S. Government Printing Office GPO Stock Number: 003-003-02921-1 Price: $26.00 2. IEEE Computer Society ISBN 0-8186-9022-4 Book No. 2022 Price: $75.00 (casebound) (a subscription service is available from IEEE) 3. NTIS Order Number: PB 89193312 Price: $53.00 (paper); $8.00 (microfiche) Cerf & Mills [Page 12] RFC 1169 Explaining the Role of GOSIP August 1990 SIA, Version 2, Editions 2-4 These are available as hardcopy from NIST staff, subject to staff availability. Contact: Brenda Gray/administrative information OIW Registrar SIA, Version 3, Edition 1 (Dec, 1989) The SIA V3E1 is expected to be available in the first half of 1990. It may be ordered from the IEEE Computer Society and the U.S. GPO. Future editions of Version 3 are expected to be available from NTIS, and possibly GPO and the IEEE Computer Society. 12.2.3 WIA (August, 1989). The August, 1989 WIA, published as a NIST Interagency Report (IR-89- 4140) is the most recent copy of the WIA that is available to order. The December, 1989 WIA document is available from NTIS and the IEEE Computer Society. The August, 1989 WIA (NIST IR-89-4140) is available in hardcopy from: NTIS Order Number: PB 89235931/AS Price: $36.95 (paper); $6.95 (microfiche) 12.3 GOSIP Users' Guide This publication assists federal agencies in planning for and procuring OSI. It provides tutorial information on OSI protocols as well as information on OSI registration, GOSIP technical evaluation, and GOSIP transition strategies. HARDCOPY: NTIS Order Number: PB 90-111212 Price: $23 (paper); $8 (microfiche) Cerf & Mills [Page 13] RFC 1169 Explaining the Role of GOSIP August 1990 12.4 Addresses/Telephone Numbers NIST CONTACTS Tim Boland/management information Chairman, OIW Technology, B217 Gaithersburg, MD 20899 (301) 975-3608 boland@ecf.ncsl.nist.gov Brenda Gray/administrative information OIW Registrar Technology, B217 Gaithersburg, MD 20899 (301) 975-3664 Jerry Mulvenna Technology, B217 Gaithersburg, MD 20899 (301) 975-3631 mulvenna@ecf.ncsl.nist.gov OTHER SOURCES OF DOCUMENTS National Technical Information Service (NTIS) U.S. Department of Commerce 5285 Port Royal Road Springfield, VA 22161 (703)487-4650 IEEE Computer Society Order Department 10662 Los Vaqueros Circle Los Alamitos, CA 90720 1-800-272-6657 U.S. Government Printing Office Washington, DC 20402 (202) 783-3238 Standards Processing Coordinator (ADP) National Institute of Standards and Technology Technology Building, Room B-64 Gaithersburg, MD 20899 (301) 975-2816 Cerf & Mills [Page 14] RFC 1169 Explaining the Role of GOSIP August 1990 13. Security Considerations Security issues are not discussed in this memo. 14. Authors' Addresses Vinton G. Cerf Chairman, IAB Corporation for National Research Initiatives 1895 Preston White Drive, Suite 100 Reston, VA 22091 Phone: (703) 620-8990 EMail: vcerf@nri.reston.va.us Kevin L. Mills National Institute of Standards and Technology Building 225, Room B217 Gaithersburg, MD 20899 Phone: (301) 975-3618 EMail: MILLS@ECF.NCSL.NIST.GOV Cerf & Mills [Page 15]