Browse Prior Art Database

Photuris: Extended Schemes and Attributes (RFC2523)

IP.com Disclosure Number: IPCOM000003108D
Original Publication Date: 1999-Mar-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 16 page(s) / 35K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Karn: AUTHOR [+2]

Abstract

Photuris is a session-key management protocol. Extensible Exchange- Schemes are provided to enable future implementation changes without affecting the basic protocol.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group P. Karn

Request for Comments: 2523 Qualcomm

Category: Experimental W. Simpson

DayDreamer

March 1999

Photuris: Extended Schemes and Attributes

Status of this Memo

This document defines an Experimental Protocol for the Internet

community. It does not specify an Internet standard of any kind.

Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). Copyright (C) Philip Karn

and William Allen Simpson (1994-1999). All Rights Reserved.

Abstract

Photuris is a session-key management protocol. Extensible Exchange-

Schemes are provided to enable future implementation changes without

affecting the basic protocol.

Additional authentication attributes are included for use with the IP

Authentication Header (AH) or the IP Encapsulating Security Protocol

(ESP).

Additional confidentiality attributes are included for use with ESP.

Karn & Simpson Experimental [Page i]

RFC 2523 Schemes and Attributes March 1999

Table of Contents

1. Additional Exchange-Schemes ........................... 1

2. Additional Key-Generation-Function .................... 5

2.1 SHA1 Hash ....................................... 5

3. Additional Privacy-Methods ............................ 5

3.1 DES-CBC over Mask ............................... 5

3.2 DES-EDE3-CBC over Mask .......................... 6

4. Additional Validity-Method ............................ 6

4.1 SHA1-IPMAC Check ................................ 6

5. Additional Attributes ................................. 7

5.1 SHA1-IPMAC ...................................... 7

5.1.1 Symmetric Identification ........................ 8

5.1.2 Authentication .................................. 9

5.2 RIPEMD-160-IPMAC ................................ 9

5.2.1 Symmetric Identification ........................ 10

5.2.2 Authentication .................................. 11

5.3 DES-CBC ......................................... 11

5.4 Invert (Decryption/Encryption) .................. 12

5.5 XOR Whitening ................................... 13

APPENDICES ................................................... 15

A. Exchange-Scheme Selection ............................. 15

A.1 Responder ....................................... 15

A.2 Initiator ....................................... 15

SECURITY CONSIDERATIONS...