Browse Prior Art Database

The Group Domain of Interpretation (RFC3547)

IP.com Disclosure Number: IPCOM000016594D
Original Publication Date: 2003-Jul-01
Included in the Prior Art Database: 2003-Jul-02

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Baugher: AUTHOR [+4]

Abstract

This document presents an ISAMKP Domain of Interpretation (DOI) for group key management to support secure group communications. The GDOI manages group security associations, which are used by IPSEC and potentially other data security protocols running at the IP or application layers. These security associations protect one or more key-encrypting keys, traffic-encrypting keys, or data shared by group members.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group                                         M. Baugher

Request for Comments: 3547                                       B. Weis

Category: Standards Track                                          Cisco

                                                             T. Hardjono

                                                                Verisign

                                                               H. Harney

                                                                  Sparta

                                                               July 2003

                  The Group Domain of Interpretation

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document presents an ISAMKP Domain of Interpretation (DOI) for

   group key management to support secure group communications.  The

   GDOI manages group security associations, which are used by IPSEC and

   potentially other data security protocols running at the IP or

   application layers.  These security associations protect one or more

   key-encrypting keys, traffic-encrypting keys, or data shared by group

   members.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3

       1.1.  GDOI Applications. . . . . . . . . . . . . . . . . . . .  5

       1.2.  Extending GDOI . . . . . . . . . . . . . . . . . . . . .  5

   2.  GDOI Phase 1 protocol. . . . . . . . . . . . . . . . . . . . .  6

       2.1.  ISAKMP Phase 1 protocol. . . . . . . . . . . . . . . . .  6

             2.1.1.  DOI value. . . . . . . . . . . . . . . . . . . .  6

             2.1.2.  UDP port . . . . . . . . . . . . . . . . . . . .  6

   3.  GROUPKEY-PULL Exchange . . . . . . . . . . . . . . . . . . . .  6

       3.1.  Authorization. . . . . . . . . . . . . . . . . . . . . .  7

       3.2.  Messages . . . . . . . . . . . . . . . . . . . . . . . .  7

             3.2.1.  Perfect Forward Secrecy. . . . . . . . . . . . .  9

             3.2.2.  ISAKMP Header Initialization . . . . . . . . . .  9

Baugher, et. al.          ®..