datatracker.ietf.org
Sign in
Version 5.13.0, 2015-03-25
Report a bug

GSAKMP: Group Secure Association Key Management Protocol
RFC 4535

Document type: RFC - Proposed Standard (June 2006; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4535 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: canetti@watson.ibm.com, ldondeti@nortel.com

Network Working Group                                          H. Harney
Request for Comments: 4535                                       U. Meth
Category: Standards Track                                   A. Colegrove
                                                            SPARTA, Inc.
                                                                G. Gross
                                                              IdentAware
                                                               June 2006

        GSAKMP: Group Secure Association Key Management Protocol

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document specifies the Group Secure Association Key Management
   Protocol (GSAKMP).  The GSAKMP provides a security framework for
   creating and managing cryptographic groups on a network.  It provides
   mechanisms to disseminate group policy and authenticate users, rules
   to perform access control decisions during group establishment and
   recovery, capabilities to recover from the compromise of group
   members, delegation of group security functions, and capabilities to
   destroy the group.  It also generates group keys.

Harney, et al.              Standards Track                     [Page 1]
RFC 4535                         GSAKMP                        June 2006

Table of Contents

   1. Introduction ....................................................7
      1.1. GSAKMP Overview ............................................7
      1.2. Document Organization ......................................9
   2. Terminology .....................................................9
   3. Security Considerations ........................................12
      3.1. Security Assumptions ......................................12
      3.2. Related Protocols .........................................13
           3.2.1. ISAKMP .............................................13
           3.2.2. FIPS Pub 196 .......................................13
           3.2.3. LKH ................................................13
           3.2.4. Diffie-Hellman .....................................14
      3.3. Denial of Service (DoS) Attack ............................14
      3.4. Rekey Availability ........................................14
      3.5. Proof of Trust Hierarchy ..................................15
   4. Architecture ...................................................15
      4.1. Trust Model ...............................................15
           4.1.1. Components .........................................15
           4.1.2. GO .................................................16
           4.1.3. GC/KS ..............................................16
           4.1.4. Subordinate GC/KS ..................................17
           4.1.5. GM .................................................17
           4.1.6. Assumptions ........................................18
      4.2. Rule-Based Security Policy ................................18
           4.2.1. Access Control .....................................19
           4.2.2. Authorizations for Security-Relevant Actions .......20
      4.3. Distributed Operation .....................................20
      4.4. Concept of Operation ......................................22
           4.4.1. Assumptions ........................................22
           4.4.2. Creation of a Policy Token .........................22
           4.4.3. Creation of a Group ................................23
           4.4.4. Discovery of GC/KS .................................24
           4.4.5. GC/KS Registration Policy Enforcement ..............24
           4.4.6. GM Registration Policy Enforcement .................24
           4.4.7. Autonomous Distributed GSAKMP Operations ...........24
   5. Group Life Cycle ...............................................27
      5.1. Group Definition ..........................................27
      5.2. Group Establishment .......................................27
           5.2.1. Standard Group Establishment .......................28
                  5.2.1.1. Request to Join ...........................30
                  5.2.1.2. Key Download ..............................31
                  5.2.1.3. Request to Join Error .....................33
                  5.2.1.4. Key Download - Ack/Failure ................34
                  5.2.1.5. Lack of Ack ...............................35

[include full document text]