RFC 2522 (rfc2522) - Page 2 of 76
Photuris: Session-Key Management Protocol
Alternative Format: Original Text Document
RFC 2522 Photuris Protocol March 1999
key-pair. An example is a user password.
Security Association (SA)
A collection of parameters describing the security
relationship between two nodes. These parameters
include the identities of the parties, the transform
(including algorithm and algorithm mode), the key(s)
(such as a session-key, secret-key, or appropriate
public/private key-pair), and possibly other
information such as sensitivity labelling.
Security Parameters Index (SPI)
A number that indicates a particular set of uni-
directional attributes used under a Security
Association, such as transform(s) and session-
key(s). The number is relative to the IP
Destination, which is the SPI Owner, and is unique
per IP (Next Header) Protocol. That is, the same
value MAY be used by multiple protocols to
concurrently indicate different Security Association
parameters.
session-key A key that is independently derived from a shared-
secret by the parties, and used for keying one
direction of traffic. This key is changed
frequently.
shared-secret As used in this document, the calculated result of
the Photuris exchange.
SPI Owner The party that corresponds to the IP Destination;
the intended recipient of a protected datagram.
SPI User The party that corresponds to the IP Source; the
sender of a protected datagram.
transform A cryptographic manipulation of a particular set of
data. As used in this document, refers to certain
well-specified methods (defined elsewhere). For
example, AH-MD5 [RFC-1828] transforms an IP datagram
into a cryptographic hash, and ESP-DES-CBC [RFC-
1829] transforms plaintext to ciphertext and back
again.
Karn & Simpson Experimental