GSAKMP Light
draft-ietf-msec-gsakmp-light-sec-01

Document Type Expired Internet-Draft (msec WG)
Last updated 2004-04-20 (latest revision 2002-07-30)
Stream IETF
Intended RFC status Proposed Standard
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to <canetti@watson.ibm.com>, <thardjono@verisign.com>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-msec-gsakmp-light-sec-01.txt

Abstract

A protocol specification must balance two often conflicting goals: to produce as general a protocol as possible, and to produce a simple protocol. The Group Secure Association Key Management Protocol (GSAKMP) is a general protocol for creating and managing cryptographic groups on a network. This document describes the GSAKMP-Light (GL) profile, a way to shorten the number of messages exchanged during secure group establishment. The GSAKMP protocol assumed that group members joining a secure group had no information about the specific security mechanisms used by the group (for example, the key length, encryption protocol, etc). GSAKMP-Light provides a profile for the case where group members have been previously notified of these security mechanisms, used for joining a group, during the group announcement or invitation. This simplification removes 2 messages from the group establishment portion of the GSAKMP protocol, eliminates the need for initiating a unicast security association, and removes the need for many of the optional fields of individual messages. The profile does not sacrifice any of the security properties of the full protocol. To facilitate the transmission of security mechanism settings during session invitation or announcement, this document also describes a useful default set of security algorithms and configurations, Security Suite 1. Full specification of this suite allows an entire set of algorithms and settings to be described to prospective group members in a concise manner. Future security suites can be defined as needed.

Authors

Andrea Colgrove (acc@columbia.sparta.com)
Angela Schuett (amschue@tycho.ncsc.mil)
Hugh Harney (hh@columbia.sparta.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)