Credential Management for SPKM

Document Type Expired Internet-Draft (individual)
Authors D. Huehnlein  , H. Schupp 
Last updated 1998-03-09
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The GSS-API [GSS-API1,2] offers security services independent of underlying mechanisms. A possible GSS-mechanism is the Simple Public Key Mechanism [SPKM]. This paper complements [SPKM] by providing concrete rules for the Credential Management. Our proposal allows beside the standard Credential Management based on X.509v3 [X509v3] and PKIX [PKIX] the self certification of temporary public keys, which may be used to implement a Secure Single Login variant, which works with temporary keys instead of the sensitive long term keys. The benefits of this approach are discussed in [SSLogin] more detailed. Since DL-based signature- and encryption algorithms are very well suited for the efficient generation of the temporary keys we propose two new RECOMMENDED algorithms for SPKM.


D. Huehnlein (
H. Schupp (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)