RFC 3760 (rfc3760) - Page 2 of 22


Securely Available Credentials (SACRED) - Credential Server Framework



Alternative Format: Original Text Document



RFC 3760        Securely Available Credentials (SACRED)       April 2004


   6.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
       6.1.  Normative References . . . . . . . . . . . . . . . . . . 20
       6.2.  Informative References . . . . . . . . . . . . . . . . . 20
   7.  Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 21
   8.  Full Copyright Statement . . . . . . . . . . . . . . . . . . . 22

1 Introduction

   Digital credentials, such as private keys and corresponding
   certificates, are used to support various Internet protocols, e.g.,
   S/MIME, IPSec, and TLS.  In a number of environments end users wish
   to use the same credentials on different end-user devices.  In a
   "typical" desktop environment, the user already has many tools
   available to allow import/export of these credentials.  However, this
   is not very practical.  In addition, with some devices, especially
   wireless and other more constrained devices, the tools required
   simply do not exist.

   This document proposes a general framework for secure exchange of
   such credentials and provides a high level outline that will help
   guide the development of one or more securely available credentials
   (SACRED) credential exchange protocols.

2.  Functional Overview

   Requirements for SACRED are fully described in [RFC 3157].  These
   requirements assume that two distinctly different network
   architectures will be created to support credential exchange for
   roaming users:

   a) Client/Server Credential Exchange
   b) Peer-to-Peer Credential Exchange

   This document describes the framework for one or more client/server
   credential exchange protocols.

   In all cases, adequate user authentication methods will be used to
   ensure credentials are not divulged to unauthorized parties.  As
   well, adequate server authentication methods will be used to ensure
   that each client's authentication information (see Section 2.1) is
   not compromised, and to ensure that roaming users interact with
   intended/authorized credential servers.

2.1.  Definitions

   This section provides definitions for several terms or phrases used
   throughout this document.




Gustafson, et al.            Informational