RFC 2522 (rfc2522) - Page 2 of 76


Photuris: Session-Key Management Protocol



Alternative Format: Original Text Document



RFC 2522                   Photuris Protocol                  March 1999


                    key-pair.  An example is a user password.

   Security Association (SA)
                    A collection of parameters describing the security
                    relationship between two nodes.  These parameters
                    include the identities of the parties, the transform
                    (including algorithm and algorithm mode), the key(s)
                    (such as a session-key, secret-key, or appropriate
                    public/private key-pair), and possibly other
                    information such as sensitivity labelling.

   Security Parameters Index (SPI)
                    A number that indicates a particular set of uni-
                    directional attributes used under a Security
                    Association, such as transform(s) and session-
                    key(s).  The number is relative to the IP
                    Destination, which is the SPI Owner, and is unique
                    per IP (Next Header) Protocol.  That is, the same
                    value MAY be used by multiple protocols to
                    concurrently indicate different Security Association
                    parameters.

   session-key      A key that is independently derived from a shared-
                    secret by the parties, and used for keying one
                    direction of traffic.  This key is changed
                    frequently.

   shared-secret    As used in this document, the calculated result of
                    the Photuris exchange.

   SPI Owner        The party that corresponds to the IP Destination;
                    the intended recipient of a protected datagram.

   SPI User         The party that corresponds to the IP Source; the
                    sender of a protected datagram.

   transform        A cryptographic manipulation of a particular set of
                    data.  As used in this document, refers to certain
                    well-specified methods (defined elsewhere).  For
                    example, AH-MD5 [RFC-1828] transforms an IP datagram
                    into a cryptographic hash, and ESP-DES-CBC [RFC-
                    1829] transforms plaintext to ciphertext and back
                    again.








Karn & Simpson                Experimental