1. Introduction

   COPS [RFC2748] was designed to distribute clear-text policy
   information from a centralized Policy Decision Point (PDP) to a set
   of Policy Enforcement Points (PEP) in the Internet.  COPS provides
   its own security mechanisms to protect the per-hop integrity of the
   deployed policy.  However, the use of COPS for sensitive applications
   (e.g., some types of security policy distribution) requires
   additional security measures, such as data confidentiality.  This is
   because some organizations find it necessary to hide some or all of
   their security policies, e.g., because policy distribution to devices
   such as mobile platforms can cross domain boundaries.

   TLS [RFC2246] was designed to provide channel-oriented security.  TLS
   standardizes SSL and may be used with any connection-oriented
   service.  TLS provides mechanisms for both one- and two-way
   authentication, dynamic session keying, and data stream privacy and
   integrity.

   This document describes how to use COPS over TLS.  "COPS over TLS" is
   abbreviated COPS/TLS.