@techreport{tschofenig-dime-keying-database-00, number = {draft-tschofenig-dime-keying-database-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/html/draft-tschofenig-dime-keying-database-00}, author = {Hannes Tschofenig}, title = {{A Keying Database for Diameter End-to-End Security}}, pagetotal = 14, year = 2013, month = feb, day = 18, abstract = {The Diameter Base specification offers security protection between neighboring Diameter peers using TLS, DTLS, and IPsec. The development of a solution to protect Diameter Attribute Value Pairs between non-neighboring nodes is currently work in progress. Diameter nodes maintain different types of databases, depending on their functions. Examples include the peer table and the realm-based routing table. This document describes a conceptual model for a keying database as it would be used by a Diameter node to determine what AVPs to protect, and what keys / algorithms to use. On the receiving side it allows the receiving node to select the appropriate security association for verifying the protected AVPs. The design is similar to IPsec and inspired by the routing protocol security key table.}, }