Browse Prior Art Database

DASS - Distributed Authentication Security Service (RFC1507)

IP.com Disclosure Number: IPCOM000002336D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2000-Sep-12

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Kaufman: AUTHOR

Abstract

1.1 What is DASS?

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group C. Kaufman

Request for Comments: 1507 Digital Equipment Corporation

September 1993

DASS

Distributed Authentication Security Service

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. It does not specify an Internet standard. Discussion and

suggestions for improvement are requested. Please refer to the

current edition of the "Internet Official Protocol Standards" for the

standardization state and status of this protocol. Distribution of

this memo is unlimited.

Table of Contents

1. Introduction ................................................ 2

1.1 What is DASS? .......................................... 2

1.2 Central Concepts ....................................... 4

1.3 What This Document Won't Tell You ..................... 11

1.4 The Relationship between DASS and ISO Standards ....... 17

1.5 An Authentication Walkthrough ......................... 20

2. Services Used .............................................. 25

2.1 Time Service .......................................... 25

2.2 Random Numbers ........................................ 26

2.3 Naming Service ........................................ 26

3. Services Provided .......................................... 37

3.1 Certificate Contents .................................. 38

3.2 Encrypted Private Key Structure ....................... 40

3.3 Authentication Tokens ................................. 40

3.4 Credentials ........................................... 43

3.5 CA State .............................................. 47

3.6 Data types used in the routines ....................... 47

3.7 Error conditions ...................................... 49

3.8 Certificate Maintenance Functions ..................... 49

3.9 Credential Maintenance Functions ...................... 55

3.10 Authentication Procedures ............................. 63

3.11 DASSlessness Determination Functions .................. 87

4. Certificate and message formats ............................ 89

4.1 ASN.1 encodings ....................................... 89

4.2 Encoding Rules ........................................ 96

4.3 Version numbers and forward compatibility ............. 96

4.4 Cryptographic Encodings ............................... 97

Annex A - Typical Usage ........................................ 101

A.1 Creating a CA ........................................ 101

A.2 Creating a User Principal ............................ 102

A.3 Creating a Server Principal .......................... 103

A.4 Booting a Server Principal ...............