GSAKMP: Group Secure Association Key Management Protocol
draft-ietf-msec-gsakmp-sec-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Allison Mankin |
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Sam Hartman |
2005-05-25
|
10 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2005-05-17
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent |
2005-05-17
|
10 | Amy Vezza | IESG has approved the document |
2005-05-17
|
10 | Amy Vezza | Closed "Approve" ballot |
2005-05-17
|
10 | Russ Housley | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Russ Housley |
2005-05-17
|
10 | (System) | New version available: draft-ietf-msec-gsakmp-sec-10.txt |
2005-04-09
|
10 | Allison Mankin | [Ballot comment] sent: Sent: Russ, Ran and Lakshminath, The new IANA rules make the extensibility much more appropriate to the protocol security. Thanks! I've copied … [Ballot comment] sent: Sent: Russ, Ran and Lakshminath, The new IANA rules make the extensibility much more appropriate to the protocol security. Thanks! I've copied IANA so that the change can be flagged, since I instigated it. Since you have specified Expert Review for some of the fields, I want to draw your attention to a suggestion: it's a good thing to appoint the Expert Reviewer (or two, a Primary and Secondary) now, before the approval goes out, and have it included in the IANA Note on the announcement, so this important step gets handled very transparently (and not forgotten). My clearing isn't gated on it (I'm done, bye :) I'm suggesting you guys and IANA get this done before Russ sends in the final approve... Not sent: I re-reviewed Vendor ID - it seems safe enough to me; it seems an unscrupulous extender would not exploit it very easily. |
2005-04-09
|
10 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to No Objection from Discuss by Allison Mankin |
2005-04-08
|
09 | (System) | New version available: draft-ietf-msec-gsakmp-sec-09.txt |
2005-04-02
|
10 | Allison Mankin | [Ballot discuss] The IANA Considerations grants extensibility entirely by Specification Required. This means that this secure protocol can be made insecure because any old document, … [Ballot discuss] The IANA Considerations grants extensibility entirely by Specification Required. This means that this secure protocol can be made insecure because any old document, with only an IANA check that there is some document, is needed to add features to it. It seems like a bad idea not to require IETF review for the extensions for a Proposed Standard security protocol that will be used for signification applications. Please the extensibility policies to IETF Consensus. ------------ The stuff below has been handled: Something easy enough to fix, but needs fixing: For example, in a small-scale video conference the organizer might use a session invitation protocol like SIP [RFC 2543] to transmit information about the time of the conference, the address of the session, and the formats to be used. For a large-scale video transmission, the organizer might use a multicast announcement protocol like SAP [RFC 2974]. The reference for SIP is now RFC 3261, though it is not so straightforward to pass the information for multi-point with SIP, and doing so is not really covered in 3261. The work that covers it is draft-ietf-sipping-conferencing-framework. |
2005-04-01
|
10 | (System) | Removed from agenda for telechat - 2005-03-31 |
2005-03-31
|
10 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2005-03-31
|
10 | Allison Mankin | [Ballot discuss] Worried about the Specification Required in IANA Considerations ------------ The stuff below is ok: Something easy enough to fix, but needs fixing: For … [Ballot discuss] Worried about the Specification Required in IANA Considerations ------------ The stuff below is ok: Something easy enough to fix, but needs fixing: For example, in a small-scale video conference the organizer might use a session invitation protocol like SIP [RFC 2543] to transmit information about the time of the conference, the address of the session, and the formats to be used. For a large-scale video transmission, the organizer might use a multicast announcement protocol like SAP [RFC 2974]. The reference for SIP is now RFC 3261, though it is not so straightforward to pass the information for multi-point with SIP, and doing so is not really covered in 3261. The work that covers it is draft-ietf-sipping-conferencing-framework. |
2005-03-31
|
10 | Brian Carpenter | [Ballot comment] Lots or review comments from John Loughney, but none of them look like show-stoppers: Review of draft-ietf-msec-gsakmp-sec-08.txt Summary: This is generally ready for … [Ballot comment] Lots or review comments from John Loughney, but none of them look like show-stoppers: Review of draft-ietf-msec-gsakmp-sec-08.txt Summary: This is generally ready for publication as a proposed standard. The Vendor ID Payload is my biggest open issue, however I am not sure how this should be resolved. Some nits were found, but these could be updated if the document is revised. The document was well written and I appreciated the list of figures and tables. Please note that this is an area outside of my area of expertise, so I assume that the terminology, etc. are well known within the documents target audience. One general request that I would have would be the expansion of acronyms in section titles, such as: 4.4.2 Creation of a PT - would become: 4.4.2 Creation of a Policy Token Just as there is a lot of acronyms and I found that I had to keep refering back to Chapter 2 Terminology (which doesn't contain all fo the acronyms, by the way). Questions: 1) Section "3.2.3 LKH" says: When group policy dictates that a recovery of the group security is necessary after the discovery of the compromise of a GM, then GSAKMP relies upon a rekey capability, i.e., LKH, to enable group recovery after a compromise [RFC 2627]. This is optional since in many instances it may be better to destroy the compromised group and rebuild a secure group. but then section "3.4 Rekey Availability" In addition to GSAKMP having the capability to do rekey operations, GSAKMP MUST also have the capability to make this rekey information highly available to GMs. The necessity of GMs receiving rekey messages, requires the use of methods to increase the likelihood of receipt of Rekey Messages. These methods MAY include multiple transmissions of the rekey message, posting of the rekey message on a bulletin board, etc. Compliant GSAKMP implementations MUST support retransmission of rekey messages. Section 3.2.3 seems to indicate that rekeying is optional but 3.4 has a MUST for the retransmission of rekey messaging. My question is, is the rekeying operation mandatory or optional? Or is it just that after a group is compromised, it is optional to rekey, as it may be preferable to destroy the group entirely? The current text is not so clear. 2) General question on Vendor-ID payload, secton 7.10: Writers of Internet-Drafts who wish to extend this protocol MUST define a Vendor ID payload to announce the ability to implement the extension in the Internet-Draft. It is expected that Internet-Drafts which gain acceptance and are standardized will be given assigned values out of the Reserved to IANA range and the requirement to use a Vendor ID payload will go away. I had a little trouble parsing this. Does this mean that Vendor-IDs should generally be written-up as Internet drafts? Should there be a registry for the vendor payloads? Additionally, the packet format doesn't say what the VID is. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload ! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Vendor ID (VID) ~ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Should this be using the IANA assigned "SMI Network Management Private Enterprise Codes"? Small nits: 1) Shouldn't Abstract be left justified? 2) Text needs to be indented in most places. 3) Double spacing before and after section headings should be changed to single spacing. 4) CRL is used in section 3.1, item 8, but I couldn't find an expansion on what CRL is. 5) Expansion of some protocols like ISAKMP, FIPS Pub 196, LKH etc. would be helpful. 6) In many places, the ` is used, shouldn't ' be used instead? Also, `` and '' is used, but shouldn't " be used instead? Ran idnits script and found the following nits: idnits 1.61 Checking nits according to http://www.ietf.org/ID-Checklist.html : Checking conformance with RFC 3978/3979 boilerplate... * The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? * The document seems to lack an RFC 3979 Section 5, para 1 IPR Disclosure Acknowledgement. * The document seems to lack an RFC 3979 Section 5, para 2 IPR Disclosure Acknowledgement. * The document seems to lack an RFC 3979 Section 5, para 3 IPR Disclosure Invitation. * There are 1222 instances of too long lines in the document, the longest one being 8 characters in excess of 72. Checking nits according to http://www.ietf.org/ietf/1id-guidelines.txt : * The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? Miscellaneous warnings: - The "Author's Address" (or "Authors' Addresses") section title is misspelled. Run idnits with the --verbose option for more detailed information. |
2005-03-31
|
10 | Brian Carpenter | [Ballot Position Update] New position, No Objection, has been recorded for Brian Carpenter by Brian Carpenter |
2005-03-31
|
10 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded for Mark Townsley by Mark Townsley |
2005-03-31
|
10 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2005-03-30
|
10 | Sam Hartman | [Ballot Position Update] Position for Sam Hartman has been changed to No Objection from Discuss by Sam Hartman |
2005-03-25
|
10 | Russ Housley | Placed on agenda for telechat - 2005-03-31 by Russ Housley |
2005-03-25
|
10 | Russ Housley | State Changes to IESG Evaluation from IESG Evaluation::AD Followup by Russ Housley |
2005-03-25
|
10 | Russ Housley | State Change Notice email list have been change to canetti@watson.ibm.com, ldondeti@nortel.com from canetti@watson.ibm.com, thardjono@verisign.com |
2005-03-18
|
10 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2005-03-18
|
08 | (System) | New version available: draft-ietf-msec-gsakmp-sec-08.txt |
2005-01-20
|
10 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2005-01-20
|
10 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded for Thomas Narten by Thomas Narten |
2005-01-20
|
10 | Michelle Cotton | IANA Comments: Upon approval of this document the IANA will create multiple registries for GSAKMP Parameters. |
2005-01-20
|
10 | Allison Mankin | [Ballot discuss] Something easy enough to fix, but needs fixing: For example, in a small-scale video conference the organizer might use a session invitation protocol … [Ballot discuss] Something easy enough to fix, but needs fixing: For example, in a small-scale video conference the organizer might use a session invitation protocol like SIP [RFC 2543] to transmit information about the time of the conference, the address of the session, and the formats to be used. For a large-scale video transmission, the organizer might use a multicast announcement protocol like SAP [RFC 2974]. The reference for SIP is now RFC 3261, though it is not so straightforward to pass the information for multi-point with SIP, and doing so is not really covered in 3261. The work that covers it is draft-ietf-sipping-conferencing-framework. |
2005-01-20
|
10 | Allison Mankin | [Ballot Position Update] New position, Discuss, has been recorded for Allison Mankin by Allison Mankin |
2005-01-20
|
10 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
2005-01-20
|
10 | Sam Hartman | [Ballot comment] This protocol contains many optional out of band features like eviction of members. Similarly, finding subordinate GC/KS may be challenging. It will be … [Ballot comment] This protocol contains many optional out of band features like eviction of members. Similarly, finding subordinate GC/KS may be challenging. It will be difficult to get multiple interoperable implementations of all these features and advance the protocol to draft standard. I'm surprised that the protocol mandates neither AES nor RSA. The protocol does a good job of meeting its requirements and for relatively high security need/high infrastructure group management this protocol is a good fit. I think the IETF has need of a group SA management protocol that works in less rigorous environments. AS an example I don't think this protocol would be appropriate for OSPF v3 or for other routing/ops area needs. I think that the same pressures that required us to add EAP support to IKEV2 will require us to provide a group management protocol that supports whatever credentials the deployment environment happens to have. It's not a problem with this protocol that those needs are not met; we just have more work to do. Also, I realize that making a variant of this protocol that met those needs would be relatively easy. |
2005-01-20
|
10 | Sam Hartman | [Ballot discuss] The protocol seems to have no mandatory to implement mechanism for discovering GC/KS. I suggest mandating at least manual configuration in order to … [Ballot discuss] The protocol seems to have no mandatory to implement mechanism for discovering GC/KS. I suggest mandating at least manual configuration in order to guarantee interoperability. How does a GM know whether a nonce needs to be included in an RTJ message? The protocol says that whether nonces (or timestamps) are included is a property of the PT. However the GM doesn't get the PT until after the RTJ is sent. Section 5.2.1.1 needs to provide guidance on this issue. The specification requires that only one RTJ message can be outstanding for a given GM at a time. It seems like the GK/CS is expected to enforce this requirement. What happens if a GM reboots or otherwise loses state in the middle of joining a group? How do things get back into sync? |
2005-01-20
|
10 | Sam Hartman | [Ballot Position Update] New position, Discuss, has been recorded for Sam Hartman by Sam Hartman |
2005-01-20
|
10 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
2005-01-20
|
10 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson |
2005-01-19
|
10 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
2005-01-19
|
10 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman |
2005-01-18
|
10 | Scott Hollenbeck | [Ballot Position Update] New position, No Objection, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
2005-01-17
|
10 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Undefined by Ted Hardie |
2005-01-17
|
10 | Ted Hardie | [Ballot comment] In 7.6.1, the draft says: DN Data (variable length) -- The actual UTF-8 DN value (Subject field) using the slash (/) … [Ballot comment] In 7.6.1, the draft says: DN Data (variable length) -- The actual UTF-8 DN value (Subject field) using the slash (/) character for field delimiters. (e.g., "/C=US/ST=MD/L=Somewhere/O=ACME, Inc./OU=DIV1/CN=user1/Email=user1@acme.com" without the surrounding quotes) Would it be beneficial to add a pointer to the specific DN format required here? I'm thinking, for example, of the discussion we just had relative to draft-ietf-ldapbis-dn-15.txt. |
2005-01-17
|
10 | Ted Hardie | [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie |
2005-01-16
|
10 | Russ Housley | [Ballot comment] Section 7.7.2 says: > > Certificate Data - This Certificate Data MUST be processed according to > the certificate type … [Ballot comment] Section 7.7.2 says: > > Certificate Data - This Certificate Data MUST be processed according to > the certificate type specified. The type will define the format of the > data. Receipt of a root CA certificate in a Certificate payload causes > the payload to be discarded. This received certificate MUST NOT be used > to verify the message. The root CA certificate MUST be retrieved by > other means. > Please say "certificate of the trusted policy creation authority" instead of "root CA certificate." |
2005-01-14
|
10 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley |
2005-01-14
|
10 | Russ Housley | Ballot has been issued by Russ Housley |
2005-01-14
|
10 | Russ Housley | Created "Approve" ballot |
2005-01-13
|
10 | Russ Housley | Placed on agenda for telechat - 2005-01-20 by Russ Housley |
2005-01-13
|
10 | Russ Housley | State Changes to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup by Russ Housley |
2005-01-12
|
10 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2005-01-12
|
07 | (System) | New version available: draft-ietf-msec-gsakmp-sec-07.txt |
2004-11-18
|
10 | Russ Housley | State Changes to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead by Russ Housley |
2004-11-17
|
10 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2004-11-03
|
10 | Amy Vezza | Last call sent |
2004-11-03
|
10 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2004-11-02
|
10 | Russ Housley | State Changes to Last Call Requested from AD Evaluation by Russ Housley |
2004-11-02
|
10 | Russ Housley | Last Call was requested by Russ Housley |
2004-11-02
|
10 | (System) | Ballot writeup text was added |
2004-11-02
|
10 | (System) | Last call text was added |
2004-11-02
|
10 | (System) | Ballot approval text was added |
2004-09-29
|
10 | Russ Housley | State Changes to AD Evaluation from Publication Requested by Russ Housley |
2004-07-14
|
10 | Russ Housley | Draft Added by Russ Housley in state Publication Requested |
2004-06-03
|
06 | (System) | New version available: draft-ietf-msec-gsakmp-sec-06.txt |
2004-02-13
|
05 | (System) | New version available: draft-ietf-msec-gsakmp-sec-05.txt |
2003-10-24
|
04 | (System) | New version available: draft-ietf-msec-gsakmp-sec-04.txt |
2003-08-04
|
03 | (System) | New version available: draft-ietf-msec-gsakmp-sec-03.txt |
2003-07-01
|
02 | (System) | New version available: draft-ietf-msec-gsakmp-sec-02.txt |
2003-02-24
|
01 | (System) | New version available: draft-ietf-msec-gsakmp-sec-01.txt |
2001-03-22
|
00 | (System) | New version available: draft-ietf-msec-gsakmp-sec-00.txt |