Group Key Management Protocol (GKMP) Specification
RFC 2093
| Document | Type |
RFC - Experimental
(July 1997; No errata)
Was draft-harney-gkmp-spec (individual)
|
|
|---|---|---|---|
| Last updated | 2013-03-02 | ||
| Stream | Legacy | ||
| Formats | plain text pdf html bibtex | ||
| Stream | Legacy state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | RFC 2093 (Experimental) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
Network Working Group H. Harney
Request for Comments: 2093 C. Muckenhirn
Category: Experimental SPARTA, Inc.
July 1997
Group Key Management Protocol (GKMP) Specification
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. This memo does not specify an Internet standard of any
kind. Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Table of Contents
1. Background..................................................... 1
2. Overview: GKMP Roles.......................................... 3
3. Data Item primitives........................................... 4
4. Message definitions............................................ 6
5. State definitions.............................................. 9
6. Functional Definitions--Group Key Management Protocol.......... 13
7. Security Considerations........................................ 23
8. Author's Address............................................... 23
Abstract
This specification proposes a protocol to create grouped symmetric
keys and distribute them amongst communicating peers. This protocol
has the following advantages: 1) virtually invisible to operator, 2)
no central key distribution site is needed, 3) only group members
have the key, 4) sender or receiver oriented operation, 5) can make
use of multicast communications protocols.
1 Background
Traditional key management distribution has mimicked the military
paper based key accounting system. Key was distributed, ordered, and
accounted physically leading to large lead times and expensive
operations.
Cooperative key management algorithms exist that allow pairwise keys
to be generated between two equipment's. This gives the a quicker
more reliable key management structure capable of supporting large
numbers of secure communications. Unfortunately, only pairwise keys
are supported using these methods today.
Harney & Muckenhirn Experimental [Page 1]
RFC 2093 GKMP Specification July 1997
This document describes a protocol for establishing and rekeying
groups of cryptographic keys (more than two) on the internet. We
refer to the approach as the Group Key Management Protocol (GKMP).
1.1 Protocol Overview
The GKMP creates key for cryptographic groups, distributes key to the
group members, ensures (via peer to peer reviews) rule based access
control of keys, denies access to known compromised hosts, and allow
hierarchical control of group actions.
The key generation concept used by the GKMP is cooperative generation
between two protocol entities. There are several key generation
algorithms viable for use in the GKMP (i.e., RSA, Diffe-Hellman,
elliptic curves). All these algorithms use asymmetric key technology
to pass information between two entities to create a single
cryptographic key.
The GKMP then distributes the group keys to qualified GKMP entities.
This distribution process is a mutually suspicious process (all
actions and identities must be verified).
The GKMP provides a peer to peer review process. Protocol entities
pass permission certificates (PC) as part of the group key
distribution process. The PCs contain access control information
about a particular site. This access control information is assigned
by a higher authority which then signs the PC. Therefor each entity
can verify the permissions of any other GKMP entity but can modify
none. Each protocol entity checks the permissions and compares them
the level of service requested. If the permissions do not exceed or
equal the request, the service is denied.
The GKMP supports compromise recovery. A list of compromised GKMP
entities is distributed to group members during key management
actions. In essence, a Compromise Recovery List (CRL) allows group
members to drop connections with compromised entities. The GKMP
delegates control of groups to specific group controllers so it will
be somewhat easier to distribute the CRL to the most important GKMP
entities. During each key management action the CRL version number
is passed, when a CRL update is detected it is downloaded and
verified (it is signed by a higher authority).
The GKMP allows control of group actions. In certain networks it is
desirable for a higher authority to strictly control the generation
of groups. These networks usually have a central network operations
authority. The GKMP allows these authorities to remotely order group
actions. These orders are signed by that authority and verified by
all entities involved with the group.
Show full document text