datatracker.ietf.org
Sign in
Version 5.9.0, 2014-12-18
Report a bug

Group Security Policy Token v1
RFC 4534

Document type: RFC - Proposed Standard (June 2006; Errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4534 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: canetti@watson.ibm.com, ldondeti@qualcomm.com

Network Working Group                                       A. Colegrove
Request for Comments: 4534                                     H. Harney
Category: Standards Track                                   SPARTA, Inc.
                                                               June 2006

                     Group Security Policy Token v1

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The Group Security Policy Token is a structure used to specify the
   security policy and configurable parameters for a cryptographic
   group, such as a secure multicast group.  Because the security of a
   group is composed of the totality of multiple security services,
   mechanisms, and attributes throughout the communications
   infrastructure, an authenticatable representation of the features
   that must be supported throughout the system is needed to ensure
   consistent security.  This document specifies the structure of such a
   token.

Colegrove & Harney          Standards Track                     [Page 1]
RFC 4534             Group Security Policy Token v1            June 2006

Table of Contents

   1. Introduction ....................................................3
   2. Token Creation and Receipt ......................................4
   3. The Policy Token ................................................5
      3.1. Token Identifiers ..........................................6
      3.2. Registration Policy ........................................6
      3.3. Rekey Policy ...............................................7
      3.4. Group Data Policy ..........................................8
   4. Security Considerations .........................................8
   5. IANA Considerations .............................................8
   6. References.......................................................9
      6.1. Normative References .......................................9
      6.2. Informative References ....................................10
   7. Acknowledgements ...............................................10
   Appendix A. Core Policy Token ASN.1 Module ........................11
   Appendix B. GSAKMPv1 Base Policy ..................................13
      B.1. GSAKMPv1 Registration Policy ..............................13
          B.1.1. Authorization .......................................13
          B.1.2. AccessControl .......................................14
          B.1.3. JoinMechanisms ......................................15
                 B.1.3.1. alaCarte ...................................15
                 B.1.3.2. suite ......................................17
          B.1.4. Transport ...........................................17
      B.2. GSAKMPv1 Registration ASN.1 Module ........................17
      B.3. GSAKMPv1 De-Registration Policy ...........................20
      B.4. GSAKMPv1 De-Registration ASN.1 Module .....................21
      B.5. GSAKMPv1 Rekey Policy .....................................22
           B.5.1. Rekey Authorization ................................22
           B.5.2. Rekey Mechanisms ...................................23
           B.5.3. Rekey Event Definition .............................23
           B.5.4. Rekey Methods ......................................24
                  B.5.4.1 Rekey Method NONE ..........................24
                  B.5.4.2 Rekey Method GSAKMP LKH ....................24
           B.5.5 Rekey Interval ......................................25
           B.5.6 Rekey Reliability ...................................25
                 B.5.6.1 Rekey Reliability Mechanism None ............25
                 B.5.6.2 Rekey Reliability Mechanism Resend ..........25
                 B.5.6.3 Rekey Reliability Mechanism Post ............26
           B.5.7 Distributed Operation Policy ........................26
                 B.5.7.1 No Distributed Operation ....................26
                 B.5.7.2 Autonomous Distributed Mode .................26
      B.6. GSAKMPv1 Rekey Policy ASN.1 Module ........................27
   Appendix C. Data SA Policy ........................................30
      C.1. Generic Data Policy .......................................30
      C.2. Generic Data Policy ASN.1 Module ..........................30

Colegrove & Harney          Standards Track                     [Page 2]

[include full document text]