Skip to main content

DIAMETER Strong Security Extension

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Pat R. Calhoun , William Bulley , Stephen Farrell
Last updated 2001-03-06
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The DIAMETER base protocol defines message integrity and AVP encryption using symmetric transforms to secure the communication between two DIAMETER nodes. The base protocol also defines a DIAMETER proxy server, that forwards requests to other servers when it detects that a given request cannot be satisfied locally. The ROAMOPS Working Group has defined a requirement that allows for the DIAMETER servers communicating through the proxy to be able to provide for end-to-end AVP integrity and confidentiality, making it difficult for the proxy to be able to modify, and/or be able to view sensitive information, within the message. The Mobile-IP and NASREQ Working Groups have stated that strong authentication is a requirement for AAA data, such as accounting records, for the purposes of non-repudiation. This DIAMETER extension specifies how strong AVP authentication, integrity and encryption can be done using asymmetric transforms, by encapsulating Cryptographic Message Syntax (CMS) data into DIAMETER AVPs. The CMS data can also be used to carry X.509 certificates.


Pat R. Calhoun
William Bulley
Stephen Farrell

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)