MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY)
RFC 6267
Document | Type |
RFC - Informational
(June 2011; No errata)
Was draft-cakulev-mikey-ibake (individual in sec area)
|
|
---|---|---|---|
Authors | Violeta Cakulev , Ganapathy Sundaram | ||
Last updated | 2015-10-14 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 6267 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Tim Polk | ||
IESG note | Requested cryptographic review by CFRG - deadline 9/3/2010 | ||
Send notices to | (None) |
Internet Engineering Task Force (IETF) V. Cakulev Request for Comments: 6267 G. Sundaram Category: Informational Alcatel Lucent ISSN: 2070-1721 June 2011 MIKEY-IBAKE: Identity-Based Authenticated Key Exchange (IBAKE) Mode of Key Distribution in Multimedia Internet KEYing (MIKEY) Abstract This document describes a key management protocol variant for the Multimedia Internet KEYing (MIKEY) protocol that relies on a trusted key management service. In particular, this variant utilizes Identity-Based Authenticated Key Exchange (IBAKE) framework that allows the participating clients to perform mutual authentication and derive a session key in an asymmetric Identity-Based Encryption (IBE) framework. This protocol, in addition to providing mutual authentication, eliminates the key escrow problem that is common in standard IBE and provides perfect forward and backward secrecy. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6267. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Cakulev & Sundaram Informational [Page 1] RFC 6267 MIKEY-IBAKE June 2011 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2.2. Definitions and Notation . . . . . . . . . . . . . . . . . 4 2.3. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 5 3. Use Case Scenarios . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.2. Retargeting . . . . . . . . . . . . . . . . . . . . . . . 6 3.3. Deferred Delivery . . . . . . . . . . . . . . . . . . . . 7 4. MIKEY-IBAKE Protocol Description . . . . . . . . . . . . . . . 7 4.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.2. Message Exchanges and Processing . . . . . . . . . . . . . 10 4.2.1. REQUEST_KEY_INIT/REQUEST_KEY_RESP Message Exchange . . 10 4.2.2. I_MESSAGE/R_MESSAGE Message Exchanges . . . . . . . . 12 5. Key Management . . . . . . . . . . . . . . . . . . . . . . . . 16 5.1. Generating Keys from the Session Key . . . . . . . . . . . 17 5.2. Generating Keys for MIKEY Messages . . . . . . . . . . . . 17 5.3. CSB Update . . . . . . . . . . . . . . . . . . . . . . . . 18 5.4. Generating MAC and Verification Message . . . . . . . . . 18 6. Payload Encoding . . . . . . . . . . . . . . . . . . . . . . . 19 6.1. Common Header Payload (HDR) . . . . . . . . . . . . . . . 19 6.1.1. IBAKE Payload . . . . . . . . . . . . . . . . . . . . 20 6.1.2. Encrypted Secret Key (ESK) Payload . . . . . . . . . . 21 6.1.3. Key Data Sub-Payload . . . . . . . . . . . . . . . . . 21 6.1.4. EC Diffie-Hellman Sub-Payload . . . . . . . . . . . . 22 6.1.5. Secret Key Sub-Payload . . . . . . . . . . . . . . . . 23 7. Security Considerations . . . . . . . . . . . . . . . . . . . 24 7.1. General Security Considerations . . . . . . . . . . . . . 24 7.2. IBAKE Protocol Security Considerations . . . . . . . . . . 25 7.3. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 26 7.4. Retargeting . . . . . . . . . . . . . . . . . . . . . . . 26 7.5. Deferred Delivery . . . . . . . . . . . . . . . . . . . . 26 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27Show full document text