Browse Prior Art Database

LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM (RFC2847)

IP.com Disclosure Number: IPCOM000003445D
Original Publication Date: 2000-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 18 page(s) / 47K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Eisler: AUTHOR

Abstract

This memorandum describes a method whereby one can use GSS-API [RFC2078] to supply a secure channel between a client and server, authenticating the client with a password, and a server with a public key certificate. As such, it is analogous to the common low infrastructure usage of the Transport Layer Security (TLS) protocol [RFC2246].

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group M. Eisler

Request for Comments: 2847 Zambeel

Category: Standards Track June 2000

LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This memorandum describes a method whereby one can use GSS-API

[RFC2078] to supply a secure channel between a client and server,

authenticating the client with a password, and a server with a public

key certificate. As such, it is analogous to the common low

infrastructure usage of the Transport Layer Security (TLS) protocol

[RFC2246].

The method leverages the existing Simple Public Key Mechanism (SPKM)

[RFC2025], and is specified as a separate GSS-API mechanism (LIPKEY)

layered above SPKM.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. LIPKEY's Requirements of SPKM . . . . . . . . . . . . . . . . 4

2.1. Mechanism Type . . . . . . . . . . . . . . . . . . . . . . . 4

2.2. Name Type . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.3. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 5

2.3.1. MANDATORY Algorithms . . . . . . . . . . . . . . . . . . . 5

2.3.2. RECOMMENDED Integrity Algorithms (I-ALG) . . . . . . . . . 7

2.4. Context Establishment Tokens . . . . . . . . . . . . . . . . 8

2.4.1. REQ-TOKEN Content Requirements . . . . . . . . . . . . . . 8

2.4.1.1. algId and req-integrity . . . . . . . . . . . . . . . . 8

2.4.1.2. Req-contents . . . . . . . . . . . . . . . . . . . . . . 8

2.4.1.2.1. Options . . . . . . . . . . . . . . . . . . . . . . . 9

2.4.1.2.2. Conf-Algs . . . . . . . . . . . . . . . . . . . . . . 9

2.4.1.2.3. Intg-Algs . . . . . . . . . . . . . . . . . . . . . . 9

2.4.2. REP-TI-TOKEN Content Requirements . . . . . . . . . . . . 9

2.4.2.1. algId . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.4.2.2. rep-ti-integ . . . . . . . . . . . . . . . . . . . . . . 9

2.5. Quality of Protection (QOP) . . . . . . . . . . . . . . . .10

3. How LIPKEY Uses SPKM . . . . . . . . . . . . . . . . . . . . 11

3.1. Tokens . . . . . . . . . . . . . . ....