Browse Prior Art Database

Group Key Management Protocol (GKMP) Specification (RFC2093)

IP.com Disclosure Number: IPCOM000002645D
Original Publication Date: 1997-Jul-01
Included in the Prior Art Database: 2019-Feb-16
Document File: 23 page(s) / 28K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Harney: AUTHOR [+1]

Related Documents

10.17487/RFC2093: DOI

Abstract

This specification proposes a protocol to create grouped symmetric keys and distribute them amongst communicating peers. This memo defines an Experimental Protocol for the Internet community.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group H. Harney Request for Comments: 2093 C. Muckenhirn Category: Experimental SPARTA, Inc. July 1997

Group Key Management Protocol (GKMP) Specification

Status of this Memo

This memo defines an Experimental Protocol for the Internet community. This memo does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.

Table of Contents

1. Background..................................................... 1 2. Overview: GKMP Roles.......................................... 3 3. Data Item primitives........................................... 4 4. Message definitions............................................ 6 5. State definitions.............................................. 9 6. Functional Definitions--Group Key Management Protocol.......... 13 7. Security Considerations........................................ 23 8. Author’s Address............................................... 23

Abstract

This specification proposes a protocol to create grouped symmetric keys and distribute them amongst communicating peers. This protocol has the following advantages: 1) virtually invisible to operator, 2) no central key distribution site is needed, 3) only group members have the key, 4) sender or receiver oriented operation, 5) can make use of multicast communications protocols.

1 Background

Traditional key management distribution has mimicked the military paper based key accounting system. Key was distributed, ordered, and accounted physically leading to large lead times and expensive operations.

Cooperative key management algorithms exist that allow pairwise keys to be generated between two equipment’s. This gives the a quicker more reliable key management structure capable of supporting large numbers of secure communications. Unfortunately, only pairwise keys are supported using these methods today.

Harney & Muckenhirn Experimental [Page 1]

RFC 2093 GKMP Specification July 1997

This document describes a protocol for establishing and rekeying groups of cryptographic keys (more than two) on the internet. We refer to the approach as the Group Key Management Protocol (GKMP).

1.1 Protocol Overview

The GKMP creates key for cryptographic groups, distributes key to the group members, ensures (via peer to peer reviews) rule based access control of keys, denies access to known compromised hosts, and allow hierarchical control of group actions.

The key generation concept used by the GKMP is cooperative generation between two protocol entities. There are several key generation algorithms viable for use in the GKMP (i.e., RSA, Diffe-Hellman, elliptic curves). All these algorithms use asymmetric key technology to pass information between two entities to create a single cryptographic key.

The GKMP then distributes the group keys to qualified GKMP entities. This distribution process is a mutually suspicious process (all actions and identities must be verified).

The GKMP prov...

Processing...
Loading...