Group Key Management Protocol (GKMP) Specification
RFC 2093

Document Type RFC - Experimental (July 1997; No errata)
Was draft-harney-gkmp-spec (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2093 (Experimental)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          H. Harney
Request for Comments: 2093                                 C. Muckenhirn
Category: Experimental                                      SPARTA, Inc.
                                                               July 1997

           Group Key Management Protocol (GKMP) Specification

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Table of Contents

   1. Background..................................................... 1
   2. Overview:  GKMP Roles.......................................... 3
   3. Data Item primitives........................................... 4
   4. Message definitions............................................ 6
   5. State definitions.............................................. 9
   6. Functional Definitions--Group Key Management Protocol.......... 13
   7. Security Considerations........................................ 23
   8. Author's Address............................................... 23

Abstract

   This specification proposes a protocol to create grouped symmetric
   keys and distribute them amongst communicating peers. This protocol
   has the following advantages: 1) virtually invisible to operator, 2)
   no central key distribution site is needed, 3) only group members
   have the key, 4) sender or receiver oriented operation, 5) can make
   use of multicast communications protocols.

1 Background

   Traditional key management distribution has mimicked the military
   paper based key accounting system.  Key was distributed, ordered, and
   accounted physically leading to large lead times and expensive
   operations.

   Cooperative key management algorithms exist that allow pairwise keys
   to be generated between two equipment's.  This gives the a quicker
   more reliable key management structure capable of supporting large
   numbers of secure communications.  Unfortunately, only pairwise keys
   are supported using these methods today.

Harney & Muckenhirn           Experimental                      [Page 1]
RFC 2093                   GKMP Specification                  July 1997

   This document describes a protocol for establishing and rekeying
   groups of cryptographic keys (more than two) on the internet.  We
   refer to the approach as the Group Key Management Protocol (GKMP).

1.1 Protocol Overview

   The GKMP creates key for cryptographic groups, distributes key to the
   group members, ensures (via peer to peer reviews) rule based access
   control of keys, denies access to known compromised hosts, and allow
   hierarchical control of group actions.

   The key generation concept used by the GKMP is cooperative generation
   between two protocol entities.  There are several key generation
   algorithms viable for use in the GKMP (i.e., RSA, Diffe-Hellman,
   elliptic curves).  All these algorithms use asymmetric key technology
   to pass information between two entities to create a single
   cryptographic key.

   The GKMP then distributes the group keys to qualified GKMP entities.
   This distribution process is a mutually suspicious process (all
   actions and identities must be verified).

   The GKMP provides a peer to peer review process.  Protocol entities
   pass permission certificates (PC) as part of the group key
   distribution process.  The PCs contain access control information
   about a particular site.  This access control information is assigned
   by a higher authority which then signs the PC. Therefor each entity
   can verify the permissions of any other GKMP entity but can modify
   none.  Each protocol entity checks the permissions and compares them
   the level of service requested.  If the permissions do not exceed or
   equal the request, the service is denied.

   The GKMP supports compromise recovery.  A list of compromised GKMP
   entities is distributed to group members during key management
   actions.  In essence, a Compromise Recovery List (CRL) allows group
   members to drop connections with compromised entities.  The GKMP
   delegates control of groups to specific group controllers so it will
   be somewhat easier to distribute the CRL to the most important GKMP
   entities.  During each key management action the CRL version number
   is passed, when a CRL update is detected it is downloaded and
   verified (it is signed by a higher authority).

   The GKMP allows control of group actions.  In certain networks it is
   desirable for a higher authority to strictly control the generation
   of groups.  These networks usually have a central network operations
   authority.  The GKMP allows these authorities to remotely order group
   actions.  These orders are signed by that authority and verified by
   all entities involved with the group.
Show full document text