Dismiss
There will be a system update on Friday, May 5th, 6 PM ET. You may experience a brief service interruption.
Browse Prior Art Database

The OAKLEY Key Determination Protocol (RFC2412)

IP.com Disclosure Number: IPCOM000002988D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Orman: AUTHOR

Abstract

This document describes a protocol, named OAKLEY, by which two authenticated parties can agree on secure and secret keying material. The basic mechanism is the Diffie-Hellman key exchange algorithm.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group H. Orman

Request for Comments: 2412 Department of Computer Science

Category: Informational University of Arizona

November 1998

The OAKLEY Key Determination Protocol

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This document describes a protocol, named OAKLEY, by which two

authenticated parties can agree on secure and secret keying material.

The basic mechanism is the Diffie-Hellman key exchange algorithm.

The OAKLEY protocol supports Perfect Forward Secrecy, compatibility

with the ISAKMP protocol for managing security associations, user-

defined abstract group structures for use with the Diffie-Hellman

algorithm, key updates, and incorporation of keys distributed via

out-of-band mechanisms.

1. INTRODUCTION

Key establishment is the heart of data protection that relies on

cryptography, and it is an essential component of the packet

protection mechanisms described in [RFC2401], for example. A

scalable and secure key distribution mechanism for the Internet is a

necessity. The goal of this protocol is to provide that mechanism,

coupled with a great deal of cryptographic strength.

The Diffie-Hellman key exchange algorithm provides such a mechanism.

It allows two parties to agree on a shared value without requiring

encryption. The shared value is immediately available for use in

encrypting subsequent conversation, e.g. data transmission and/or

authentication. The STS protocol [STS] provides a demonstration of

how to embed the algorithm in a secure protocol, one that ensures

that in addition to securely sharing a secret, the two parties can be

sure of each other's identities, even when an active attacker exists.

Because OAKLEY is a generic key exchange protocol, and because the

keys that it generates might be used for encrypting data with a long

privacy lifetime, 20 years or more, it is important that the

algorithms underlying the protocol be able to ensure the security of

the keys for that period of time, based on the best prediction

capabilities available for seeing into the mathematical future. The

protocol therefore has two options for adding to the difficulties

faced by an attacker who has a large amount of recorded key exchange

traffic at his disposal (a passive attacker). These options are

useful for deriving keys which will be used for encryption.

The OAKLEY protocol is related to STS, sharing the similarity of

authenticating the Diffie-Hellman exponentials and using them for

determining a shared key, and also of achieving Perfect Forward

Secrecy for the shared key, but it d...