GSAKMP Light
draft-ietf-msec-gsakmp-light-sec-01

Abstract

A protocol specification must balance two often conflicting goals: to produce as general a protocol as possible, and to produce a simple protocol. The Group Secure Association Key Management Protocol (GSAKMP) is a general protocol for creating and managing cryptographic groups on a network. This document describes the GSAKMP-Light (GL) profile, a way to shorten the number of messages exchanged during secure group establishment. The GSAKMP protocol assumed that group members joining a secure group had no information about the specific security mechanisms used by the group (for example, the key length, encryption protocol, etc). GSAKMP-Light provides a profile for the case where group members have been previously notified of these security mechanisms, used for joining a group, during the group announcement or invitation. This simplification removes 2 messages from the group establishment portion of the GSAKMP protocol, eliminates the need for initiating a unicast security association, and removes the need for many of the optional fields of individual messages. The profile does not sacrifice any of the security properties of the full protocol. To facilitate the transmission of security mechanism settings during session invitation or announcement, this document also describes a useful default set of security algorithms and configurations, Security Suite 1. Full specification of this suite allows an entire set of algorithms and settings to be described to prospective group members in a concise manner. Future security suites can be defined as needed.

Authors

Andrea Colgrove
Angela Schuett
Hugh Harney

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)