Browse Prior Art Database

DASS - Distributed Authentication Security Service (RFC1507)

IP.com Disclosure Number: IPCOM000002336D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2019-Feb-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Kaufman: AUTHOR

Related Documents

10.17487/RFC1507: DOI

Abstract

The goal of DASS is to provide authentication services in a distributed environment which are both more secure and easier to use than existing mechanisms. This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group C. Kaufman Request for Comments: 1507 Digital Equipment Corporation September 1993

DASS Distributed Authentication Security Service

Status of this Memo

This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard. Discussion and suggestions for improvement are requested. Please refer to the current edition of the "Internet Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Table of Contents

1. Introduction ................................................ 2 1.1 What is DASS? .......................................... 2 1.2 Central Concepts ....................................... 4 1.3 What This Document Won’t Tell You ..................... 11 1.4 The Relationship between DASS and ISO Standards ....... 17 1.5 An Authentication Walkthrough ......................... 20 2. Services Used .............................................. 25 2.1 Time Service .......................................... 25 2.2 Random Numbers ........................................ 26 2.3 Naming Service ........................................ 26 3. Services Provided .......................................... 37 3.1 Certificate Contents .................................. 38 3.2 Encrypted Private Key Structure ....................... 40 3.3 Authentication Tokens ................................. 40 3.4 Credentials ........................................... 43 3.5 CA State .............................................. 47 3.6 Data types used in the routines ....................... 47 3.7 Error conditions ...................................... 49 3.8 Certificate Maintenance Functions ..................... 49 3.9 Credential Maintenance Functions ...................... 55 3.10 Authentication Procedures ............................. 63 3.11 DASSlessness Determination Functions .................. 87 4. Certificate and message formats ............................ 89 4.1 ASN.1 encodings ....................................... 89 4.2 Encoding Rules ........................................ 96 4.3 Version numbers and forward compatibility ............. 96 4.4 Cryptographic Encodings ............................... 97 Annex A - Typical Usage ........................................ 101 A.1 Creating a CA ........................................ 101

Kaufman [Page 1]

RFC 1507 DASS September 1993

A.2 Creating a User Principal ............................ 102 A.3 Creating a Server Principal .......................... 103 A.4 Booting a Server Principal ........................... 103 A.5 A user logs on to the network ........................ 103 A.6 An Rlogin (TCP/IP) connection is made ................ 104 A.7 A Transport-Independent Connection ................... 104 Annex B - Support of the GSSAPI ................................ 104 B.1 Summary of GSSAPI .................................... 105 B.2 Implementation of GSSAPI over DASS .........

Processing...
Loading...