Browse Prior Art Database

The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiation Mechanism (RFC4178)

IP.com Disclosure Number: IPCOM000129251D
Original Publication Date: 2005-Oct-01
Included in the Prior Art Database: 2005-Oct-04
Document File: 23 page(s) / 47K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

L. Zhu: AUTHOR [+4]

Abstract

This document specifies a negotiation mechanism for the Generic Security Service Application Program Interface (GSS-API), which is described in RFC 2743. GSS-API peers can use this negotiation mechanism to choose from a common set of security mechanisms. If per-message integrity services are available on the established mechanism context, then the negotiation is protected against an attacker that forces the selection of a mechanism not desired by the peers.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group                                             L. Zhu
Request for Comments: 4178                                      P. Leach
Obsoletes: 2478                                            K. Jaganathan
Category: Standards Track                          Microsoft Corporation
                                                            W. Ingersoll
                                                        Sun Microsystems
                                                            October 2005


                       The Simple and Protected
    Generic Security Service Application Program Interface (GSS-API)
                         Negotiation Mechanism

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).


Abstract

   This document specifies a negotiation mechanism for the Generic
   Security Service Application Program Interface (GSS-API), which is
   described in RFC 2743.  GSS-API peers can use this negotiation
   mechanism to choose from a common set of security mechanisms.  If
   per-message integrity services are available on the established
   mechanism context, then the negotiation is protected against an
   attacker that forces the selection of a mechanism not desired by the
   peers.

   This mechanism replaces RFC 2478 in order to fix defects in that
   specification and to describe how to inter-operate with
   implementations of that specification that are commonly deployed on
   the Internet.


Zhu, et al.                 Standards Track                     [Page 1]
RFC 4178           The GSS-API Negotiation Mechanism        October 2005


Table of Contents

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................3
   3. Negotiation Protocol ............................................3
      3.1. Negotiation Description ....................................4
      3.2. Negotiation Procedure ......................................5
   4. Token Definitions ...............................................7
      4.1. Mechanism Types ............................................7
     ...