Group Domain of Interpretation (GDOI) GROUPKEY-PUSH Acknowledgement Message
RFC 8263
Document | Type |
RFC - Proposed Standard
(November 2017; No errata)
Was draft-weis-gdoi-rekey-ack (individual)
|
|
---|---|---|---|
Authors | Brian Weis , Umesh Mangla , Thomas Karl , Nilesh Maheshwari | ||
Last updated | 2017-11-30 | ||
Stream | Internet Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Adrian Farrel | ||
Shepherd write-up | Show (last changed 2017-03-28) | ||
IESG | IESG state | RFC 8263 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Kathleen Moriarty | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) B. Weis Request for Comments: 8263 Cisco Systems Category: Standards Track U. Mangla ISSN: 2070-1721 Juniper Networks Inc. T. Karl Deutsche Telekom N. Maheshwari November 2017 Group Domain of Interpretation (GDOI) GROUPKEY-PUSH Acknowledgement Message Abstract The Group Domain of Interpretation (GDOI) includes the ability of a Group Controller/Key Server (GCKS) to provide a set of current Group Member (GM) devices with additional security associations (e.g., to rekey expiring security associations). This memo adds the ability of a GCKS to request that the GM devices return an acknowledgement of receipt of its rekey message and specifies the acknowledgement method. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8263. Weis, et al. Standards Track [Page 1] RFC 8263 GROUPKEY-PUSH ACK November 2017 Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction ....................................................3 1.1. Requirements Notation ......................................4 1.2. Acronyms and Abbreviations .................................4 2. Acknowledgement Message Request .................................5 2.1. REKEY_ACK_KEK_SHA256 Type ..................................5 2.2. REKEY_ACK_LKH_SHA256 Type ..................................6 2.3. REKEY_ACK_KEK_SHA512 Type ..................................6 2.4. REKEY_ACK_LKH_SHA512 Type ..................................6 3. GROUPKEY-PUSH Acknowledgement Message ...........................6 3.1. HDR ........................................................7 3.2. HASH .......................................................8 3.3. SEQ ........................................................9 3.4. ID .........................................................9 4. Group Member Operations .........................................9 5. GCKS Operations ................................................10 6. Management Considerations ......................................10 7. Security Considerations ........................................12 7.1. Protection of the GROUPKEY-PUSH ACK .......................12 7.2. Transmitting a GROUPKEY-PUSH ACK ..........................13 7.3. Receiving a GROUPKEY-PUSH ACK .............................13 8. IANA Considerations ............................................14 9. References .....................................................15 9.1. Normative References ......................................15 9.2. Informative References ....................................16 Acknowledgements ..................................................17 Authors' Addresses ................................................17 Weis, et al. Standards Track [Page 2] RFC 8263 GROUPKEY-PUSH ACK November 2017 1. Introduction The Group Domain of Interpretation (GDOI) [RFC6407] is a group key management method by which a Group Controller/Key Server (GCKS) distributes security associations (i.e., cryptographic policy and keying material) to a set of Group Member (GM) devices. The GDOI meets the requirements set forth in [RFC4046] ("Multicast SecurityShow full document text