Simple Key-Management For Internet Protocols-Plus (SKIPP)
draft-aziz-skip-00
Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Author | Ashar Aziz | ||
Last updated | 1995-05-02 (Latest revision 1994-10-26) | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
There are occasions where it is advantageous to put authenticity and privacy features at the network layer. The vast majority of the privacy and authentication protocols in the literature deal with session oriented key-management schemes. However, many of the commonly used network layer protocols (e.g. IP and IPv6) are session-less datagram oriented protocols. We describe a key-management scheme that is particularly well suited for use in conjunction with a session-less datagram protocol like IP or IPv6. We also describe a simple extension of this protocol to provide scalable group key-management for Internet multicasting protocols. In this revision of the draft we describe how the basic certified key infrastructure proposed can be used to negotiate keys for traditional session oriented key-management. This provides perfect forward secrecy, for situations where forward secrecy is essential. We describe a particularly efficient ephemeral key-negotiation mechanism using the basic certified key infrastructure described above, which also addresses some basic privacy related concerns. SKIPP is designed to be plugged into the IP Security Protocol (IPSP) or IPv6. This draft describes how to use SKIPP
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)