DIAMETER Strong Security Extension

Document Type Expired Internet-Draft (individual)
Authors Pat Calhoun  , William Bulley  , Stephen Farrell 
Last updated 2001-03-06
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The DIAMETER base protocol defines message integrity and AVP encryption using symmetric transforms to secure the communication between two DIAMETER nodes. The base protocol also defines a DIAMETER proxy server, that forwards requests to other servers when it detects that a given request cannot be satisfied locally. The ROAMOPS Working Group has defined a requirement that allows for the DIAMETER servers communicating through the proxy to be able to provide for end-to-end AVP integrity and confidentiality, making it difficult for the proxy to be able to modify, and/or be able to view sensitive information, within the message. The Mobile-IP and NASREQ Working Groups have stated that strong authentication is a requirement for AAA data, such as accounting records, for the purposes of non-repudiation. This DIAMETER extension specifies how strong AVP authentication, integrity and encryption can be done using asymmetric transforms, by encapsulating Cryptographic Message Syntax (CMS) data into DIAMETER AVPs. The CMS data can also be used to carry X.509 certificates.


Pat Calhoun (pcalhoun@cisco.com)
William Bulley (web@merit.edu)
Stephen Farrell (stephen.farrell@cs.tcd.ie)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)