Browse Prior Art Database

LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM (RFC2847)

IP.com Disclosure Number: IPCOM000003445D
Original Publication Date: 2000-Jun-01
Included in the Prior Art Database: 2019-Feb-13
Document File: 22 page(s) / 30K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

M. Eisler: AUTHOR

Related Documents

10.17487/RFC2847: DOI

Abstract

This memorandum describes a method whereby one can use GSS-API (Generic Security Service Application Program Interface) to supply a secure channel between a client and server, authenticating the client with a password, and a server with a public key certificate. [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group M. Eisler Request for Comments: 2847 Zambeel Category: Standards Track June 2000

LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This memorandum describes a method whereby one can use GSS-API [RFC2078] to supply a secure channel between a client and server, authenticating the client with a password, and a server with a public key certificate. As such, it is analogous to the common low infrastructure usage of the Transport Layer Security (TLS) protocol [RFC2246].

The method leverages the existing Simple Public Key Mechanism (SPKM) [RFC2025], and is specified as a separate GSS-API mechanism (LIPKEY) layered above SPKM.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. LIPKEY’s Requirements of SPKM . . . . . . . . . . . . . . . . 4 2.1. Mechanism Type . . . . . . . . . . . . . . . . . . . . . . . 4 2.2. Name Type . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3.1. MANDATORY Algorithms . . . . . . . . . . . . . . . . . . . 5 2.3.2. RECOMMENDED Integrity Algorithms (I-ALG) . . . . . . . . . 7 2.4. Context Establishment Tokens . . . . . . . . . . . . . . . . 8 2.4.1. REQ-TOKEN Content Requirements . . . . . . . . . . . . . . 8 2.4.1.1. algId and req-integrity . . . . . . . . . . . . . . . . 8 2.4.1.2. Req-contents . . . . . . . . . . . . . . . . . . . . . . 8 2.4.1.2.1. Options . . . . . . . . . . . . . . . . . . . . . . . 9 2.4.1.2.2. Conf-Algs . . . . . . . . . . . . . . . . . . . . . . 9 2.4.1.2.3. Intg-Algs . . . . . . . . . . . . . . . . . . . . . . 9

Eisler Standards Track [Page 1]

RFC 2847 LIPKEY June 2000

2.4.2. REP-TI-TOKEN Content Requirements . . . . . . . . . . . . 9 2.4.2.1. algId . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.4.2.2. rep-ti-integ . . . . . . . . . . . . . . . . . . . . . . 9 2.5. Quality of Protection (QOP) . . . . . . . . . . . . . . . .10 3. How LIPKEY Uses SPKM . . . . . . . . . . . . . . . . . . . . 11 3.1. Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2. Initiator . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2.1. GSS_Import_name . . . . . . . . . . . . . . . . . . . . 11 3.2.2. GSS_Acquire_cred . . . . . . . . . . . . . . . . . . . . 11 3.2.3. GSS_Init_sec_context . . . . . . . . . . . . . . . . . . 12 3.2.3.1. LIPKEY Caller Specified anon_req_flag as TRUE . . . . 12 3.2.3.2. LIPKEY Caller Specified anon_req_flag as FALSE . . . . 13 3.2.4. Other operations . . . . . . . . . . . . . . . . . . . . 1...

Processing...
Loading...