RFC 2094 (rfc2094) - Page 2 of 22
Group Key Management Protocol (GKMP) Architecture
Alternative Format: Original Text Document
RFC 2094 GKMP Architecture July 1997
1.1 Multicast Communications Environments
The work leading to this report was primarily concerned with military
command and control and weapons control systems, these systems tend
to have top--down, commander--commanded, communications flows. The
choice of what parties will be members of a particular communication
(a multicast group for example) is at the discretion of the "higher"
level party(ies). This "sender-initiated" (assuming the higher-level
party is sending) model maps well to broadcast (as in
electromagnetic, free-space, transmission) and circuit switched
communications media (e.g., video teleconferencing, ATM multicast).
In looking to apply this technology to the Internet, a somewhat
different model appears to be at work (at least for some portion of
Internet multicast traffic). IDRP and Distance Vector Multicast
Routing Protocol (DVMRP) use multicast as a mechanism for parties to
relay common information to their peers. Each party both sends and
receives information in the multicast channel. As appropriate, a
party may choose to leave or join the communication without the
express permission of any of the other parties (this begs the
question of meta-authorizations which allow the parties to
cooperate). More interestingly, the multicast IP model has the
receiver telling the network to add it to the distribution for a
particular multicast address, whether it exists yet or not, and the
transmitter not being consulted as to the addition of the receiver.
Other applications of multicast communications in the Internet, for
example NASA Select broadcasts, can be viewed as implementing the
sender model since the sender selects the broadcast time, channel,
and content, though not the destinations.
It is our intention to provide key management services which support
both communications (and implied access control) models and operate
in either a circuit switched or packet switched environment.
1.2 Security for Multicast
Multicast communications, as with unicast, may require any of the
security services defined in ISO 7498, access control, data
confidentiality, traffic confidentiality, integrity/data
authentication, source authentication, sender and receiver non-
repudiation and service assurance. From the perspective of key
management processes, only data confidentiality, data authentication,
and source authentication can be supported. The other services,
traffic confidentiality, non-repudiation, and service assurance must
be provided by the communications protocol, they may rely on
cryptographic services but are not guaranteed by them.
Harney & Muckenhirn Experimental