Browse Prior Art Database

Securely Available Credentials (SACRED) - Credential Server Framework (RFC3760)

IP.com Disclosure Number: IPCOM000027940D
Original Publication Date: 2004-Apr-01
Included in the Prior Art Database: 2004-Apr-14
Document File: 23 page(s) / 50K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Gustafson: AUTHOR [+3]

Abstract

As the number, and more particularly the number of different types, of devices connecting to the Internet increases, credential mobility becomes an issue for IETF standardization. This document responds to the requirements on protocols for secure exchange of credentials listed in RFC 3157, by presenting an abstract protocol framework.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group D. Gustafson

Request for Comments: 3760 Future Foundation

Category: Informational M. Just

Treasury Board of Canada

M. Nystrom

RSA Security

April 2004

Securely Available Credentials (SACRED) - Credential Server Framework

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2004). All Rights Reserved.

Abstract

As the number, and more particularly the number of different types,

of devices connecting to the Internet increases, credential mobility

becomes an issue for IETF standardization. This document responds to

the requirements on protocols for secure exchange of credentials

listed in RFC 3157, by presenting an abstract protocol framework.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

2. Functional Overview. . . . . . . . . . . . . . . . . . . . . . 2

2.1. Definitions. . . . . . . . . . . . . . . . . . . . . . . 2

2.2. Credentials. . . . . . . . . . . . . . . . . . . . . . . 4

2.3. Network Architecture . . . . . . . . . . . . . . . . . . 5

3. Protocol Framework . . . . . . . . . . . . . . . . . . . . . . 6

3.1. Credential Upload. . . . . . . . . . . . . . . . . . . . 8

3.2. Credential Download. . . . . . . . . . . . . . . . . . . 10

3.3. Credential Removal . . . . . . . . . . . . . . . . . . . 11

3.4. Credential Management. . . . . . . . . . . . . . . . . . 12

4. Protocol Considerations. . . . . . . . . . . . . . . . . . . . 12

4.1. Secure Credential Formats. . . . . . . . . . . . . . . . 12

4.2. Authentication Methods . . . . . . . . . . . . . . . . . 13

4.3. Transport Protocol Suites. . . . . . . . . . . . . . . . 16

5. Security Considerations. . . . . . . . . . . . . . . . . . . . 17

5.1. Communications Security. . . . . . . . . . . . . . . . . 17

5.2. Systems Security . . . . . . . . . . . . . . . . . . . . 18

Gustafson, et al. Informational [Page 1]

RFC 3760 Securely Available Credentials (SACRED) April 2004

6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20

6.1. Normative References . . . . . . . . . . . . . . . . . . 20

6.2. Informative References . . . . . . . . . . . . . . . . . 20

7. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 21

8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 22

1 Introduction

Digital credentials, such as private keys and corresponding

certificates, are used to support various Internet protocols, e.g.,

S/MIME, IPSec, and TLS. In a number of environments end users wish

to use the same credentials on different end-user devices. In a

"typical" desktop environment, the user already has many tools

available to allow import/export of these credentials. However, this

is not very practical. In addition, with some devices, especially

wireless and other more constrained devices, the tools required

simply do not exist.

This document proposes...