Low Infrastructure Public Key Mechanisms: SPKM-3 and LIPKEY
draft-adamson-rfc2847-bis-01
Document | Type |
Expired Internet-Draft
(individual in gen area)
Expired & archived
|
|
---|---|---|---|
Author | William Adamson | ||
Last updated | 2015-10-14 (Latest revision 2006-08-21) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | Proposed Standard | ||
Formats | |||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | (None) | ||
IESG | IESG state | Expired (IESG: Dead) | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Sam Hartman | ||
IESG note | |||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This memorandum describes a method whereby one can use GSS-API [RFC2078] to supply a public-key based secure channel between a client and a server without the need for an external Public Key Infrastructure for certificate verification. The method leverages the existing Simple Public Key Mechanism (SPKM), and is specified as two separate GSS-API mechanisms, SPKM-3 and LIPKEY, with LIPKEY layered above SPKM-3. SPKM-3 describes a method for creation of the secure channel using mutual authentication where both a user and server authenticate with public-key certificates [RFC3280]. SPKM-3 also describes a method for creation of the secure channel where only the server authenticates with a public-key certificate, and the user is anonymous. LIPKEY then uses the SPKM-3 anonymous secure channel to authenticate a user with a password, completing the mutual authentication.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)