Guidance for Authentication, Authorization, and Accounting (AAA) Key Management
RFC 4962

 
Document Type RFC - Best Current Practice (July 2007; No errata)
Also known as BCP 132
Was draft-housley-aaa-key-mgmt (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4962 (Best Current Practice)
Telechat date
Responsible AD Sam Hartman
Send notices to housley@vigilsec.com, bernarda@microsoft.com
Network Working Group                                         R. Housley
Request for Comments: 4962                                Vigil Security
BCP: 132                                                        B. Aboba
Category: Best Current Practice                                Microsoft
                                                               July 2007

   Guidance for Authentication, Authorization, and Accounting (AAA)
                             Key Management

Status of This Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document provides guidance to designers of Authentication,
   Authorization, and Accounting (AAA) key management protocols.  The
   guidance is also useful to designers of systems and solutions that
   include AAA key management protocols.  Given the complexity and
   difficulty in designing secure, long-lasting key management
   algorithms and protocols by experts in the field, it is almost
   certainly inappropriate for IETF working groups without deep
   expertise in the area to be designing their own key management
   algorithms and protocols based on Authentication, Authorization, and
   Accounting (AAA) protocols.  The guidelines in this document apply to
   documents requesting publication as IETF RFCs.  Further, these
   guidelines will be useful to other standards development
   organizations (SDOs) that specify AAA key management.

Housley & Aboba          Best Current Practice                  [Page 1]
RFC 4962            Guidance for AAA Key Management            July 2007

Table of Contents

   1. Introduction ....................................................2
      1.1. Requirements Specification .................................3
      1.2. Mandatory to Implement .....................................3
      1.3. Terminology ................................................3
   2. AAA Environment Concerns ........................................5
   3. AAA Key Management Requirements .................................7
   4. AAA Key Management Recommendations .............................13
   5. Security Considerations ........................................14
   6. Normative References ...........................................15
   7. Informative References .........................................15
   Appendix: AAA Key Management History ..............................20
   Acknowledgments ...................................................22

1.  Introduction

   This document provides architectural guidance to designers of AAA key
   management protocols.  The guidance is also useful to designers of
   systems and solutions that include AAA key management protocols.

   AAA key management often includes a collection of protocols, one of
   which is the AAA protocol.  Other protocols are used in conjunction
   with the AAA protocol to provide an overall solution.  These other
   protocols often provide authentication and security association
   establishment.

   Given the complexity and difficulty in designing secure, long-lasting
   key management algorithms and protocols by experts in the field, it
   is almost certainly inappropriate for IETF working groups without
   deep expertise in the area to be designing their own key management
   algorithms and protocols based on Authentication, Authorization and
   Accounting (AAA) protocols.  These guidelines apply to documents
   requesting publication as IETF RFCs.  Further, these guidelines will
   be useful to other standards development organizations (SDOs) that
   specify AAA key management that depends on IETF specifications for
   protocols such as Extensible Authentication Protocol (EAP) [RFC3748],
   Remote Authentication Dial-In User Service (RADIUS) [RFC2865], and
   Diameter [RFC3588].

   In March 2003, at the IETF 56 AAA Working Group Session, Russ Housley
   gave a presentation on "Key Management in AAA" [H].  That
   presentation established the vast majority of the requirements
   contained in this document.  Over the last three years, this
   collection of requirements have become known as the "Housley
   Criteria".

Housley & Aboba          Best Current Practice                  [Page 2]
RFC 4962            Guidance for AAA Key Management            July 2007

1.1.  Requirements Specification

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in RFC 2119 [RFC2119].
Show full document text