The Group Security Association Key Management Protocol Application to the IP Security Architecture

Document Type Expired Internet-Draft (individual)
Author George Gross 
Last updated 2004-07-02
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The Group Security Association Key Management Protocol (GSAKMP)is a distributed secure multicast framework and key management protocol. This specification defines the GSAKMP profile for the IP security architecture version 2 and extends the base GSAKMP protocol with the Security Association Management (SAM) message. The GSAKMP IPsec policy token explicitly authorizes which group members may exercise the speaker privilege. When an authorized group speaker endpoint multicasts a SAM message to a GSAKMP group, the SAM message configures that group's Security Policy Databases and Security Association Databases in compliance to a template within the GSAKMP IPsec policy token. In addition, this specification profiles the three supporting components: RFC2401-bis compliant IP security subsystem, Negative-acknowledgement Oriented Reliable Multicast (NORM) protocol handler, and the X.509 Public Key Infrastructure.


George Gross (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)