Browse Prior Art Database

Securely Available Credentials Protocol (RFC3767)

IP.com Disclosure Number: IPCOM000029290D
Original Publication Date: 2004-Jun-01
Included in the Prior Art Database: 2004-Jun-22
Document File: 26 page(s) / 50K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Farrell: AUTHOR [+2]

Abstract

This document describes a protocol whereby a user can acquire cryptographic credentials (e.g., private keys, PKCS #15 structures) from a credential server, using a workstation that has locally trusted software installed, but with no user-specific configuration. The protocol's payloads are described in XML. This memo also specifies a Blocks Extensible Exchange Protocol (BEEP) profile of the protocol. Security requirements are met by mandating support for TLS and/or DIGEST-MD5 (through BEEP).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 5% of the total text.

Network Working Group                                    S. Farrell, Ed.

Request for Comments: 3767                        Trinity College Dublin

Category: Standards Track                                      June 2004

                Securely Available Credentials Protocol

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document describes a protocol whereby a user can acquire

   cryptographic credentials (e.g., private keys, PKCS #15 structures)

   from a credential server, using a workstation that has locally

   trusted software installed, but with no user-specific configuration.

   The protocol's payloads are described in XML.  This memo also

   specifies a Blocks Extensible Exchange Protocol (BEEP) profile of the

   protocol.  Security requirements are  met by mandating support for

   TLS and/or DIGEST-MD5 (through BEEP).

Table Of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2

   2.  The Protocol. . . . . .  . . . . . . . . . . . . . . . . . . .  3

   3.  BEEP Profile for SACRED. . . . . . . . . . . . . . . . . . . .  9

   4.  IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 12

   5.  Security Considerations. . . . . . . . . . . . . . . . . . . . 13

   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 15

   Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 16

   Appendix A: XML Schema . . . . . . . . . . . . . . . . . . . . . . 17

   Appendix B: An Example of Tuning with BEEP . . . . . . . . . . . . 20

   Appendix C: Provision SACRED using other Protocols . . . . . . . . 23

   Editor's Address . . . . . . . . . . . . . . . . . . . . . . . . . 24

   Full Copyright Statement. . . . . . . . . . . .  . . . . . . . . . 25

Farrell                     Standards Track                     [Page 1]

RFC 3767              Secure Credentials Protocol              June 2004

1.  Introduction

   Digital credentials, such as private keys and corresponding

   certificates, are used to support various Internet protocols, e.g.

   S/MIME, IPSec, and TLS.  In a number of environments, end users wish

   to use the same credentials on different end-user devices.  In a

   "typical" desktop environment, the user already has many tools

   available to allow import/export of these credentials.  However, this

   is not very practic...