Dynamic Symmetric Key Provisioning Protocol (DSKPP)

Document Type Replaced Internet-Draft (individual)
Last updated 2007-07-11
Replaced by RFC 6063
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-keyprov-dskpp
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


DSKPP is a client-server protocol for initialization (and configuration) of symmetric keys to locally and remotely accessible cryptographic modules. The protocol can be run with or without private-key capabilities in the cryptographic modules, and with or without an established public-key infrastructure. Three variations of the protocol support multiple usage scenarios. The four-pass (i.e., two round-trip) variant enables key generation in near real-time. With the four-pass variant, keys are mutually generated by the provisioning server and cryptographic module; provisioned keys are not transferred over-the-wire or over-the-air. Two- and one-pass variants enable secure and efficient download and installation of symmetric keys to a cryptographic module in environments where near real-time communication may not be possible. This document builds on information contained in [RFC4758], adding specific enhancements in response to implementation experience and liaison requests. It is intended, therefore, that this document or a successor version thereto will become the basis for subsequent progression of a symmetric key provisioning protocol specification on the standards track.


Magnus Nystrom (magnus@rsasecurity.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)