Browse Prior Art Database

Dynamic Symmetric Key Provisioning Protocol (DSKPP) (RFC6063) Disclosure Number: IPCOM000202354D
Original Publication Date: 2010-Dec-01
Included in the Prior Art Database: 2010-Dec-14

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Doherty: AUTHOR [+3]


Symmetric-key-based cryptographic systems (e.g., those providing authentication mechanisms such as one-time passwords and challenge- response) offer performance and operational advantages over public key schemes. Such use requires a mechanism for the provisioning of symmetric keys providing equivalent functionality to mechanisms such as the Certificate Management Protocol (CMP) [RFC4210] and Certificate Management over CMS (CMC) [RFC5272] in a Public Key Infrastructure.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 1% of the total text.

Internet Engineering Task Force (IETF)                        A. Doherty Request for Comments: 6063             RSA, The Security Division of EMC Category: Standards Track                                         M. Pei ISSN: 2070-1721                                           VeriSign, Inc.                                                               S. Machani                                                         Diversinet Corp.                                                               M. Nystrom                                                          Microsoft Corp.                                                            December 2010

           Dynamic Symmetric Key Provisioning Protocol (DSKPP)


   The Dynamic Symmetric Key Provisioning Protocol (DSKPP) is a client-    server protocol for initialization (and configuration) of symmetric    keys to locally and remotely accessible cryptographic modules.  The    protocol can be run with or without private key capabilities in the    cryptographic modules and with or without an established public key    infrastructure.

   Two variations of the protocol support multiple usage scenarios.    With the four-pass variant, keys are mutually generated by the    provisioning server and cryptographic module; provisioned keys are    not transferred over-the-wire or over-the-air.  The two-pass variant    enables secure and efficient download and installation of pre-    generated symmetric keys to a cryptographic module.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

Doherty, et al.              Standards Track                    [Page 1]
 RFC 6063                          DSKPP                    December 2010

 Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal  ...