RFC 2093 (rfc2093) - Page 3 of 23
Group Key Management Protocol (GKMP) Specification
Alternative Format: Original Text Document
RFC 2093 GKMP Specification July 1997
The GKMP is an application layer protocol. It's independent of the
underlying communication protocol. However, if multicast service is
available it will speed the rekey of the cryptographic groups.
Hence, the GKMP does use multicast services if they are available.
2 Overview: GKMP Roles
Creation and distribution of grouped key require assignment of roles.
These identify what functions the individual hosts perform in the
protocol. The two primary roles are those of key distributor and
member. The controller initiates the creation of the key, forms the
key distribution messages, and collects acknowledgment of key receipt
from the receivers. The members wait for a distribution message,
decrypt, validate, and acknowledge the receipt of new key.
2.1 Group controller
The group controller (GC) is the a group member with authority to
perform critical protocol actions (i.e., create key, distribute key,
create group rekey messages, and report on the progress of these
actions). All group members have the capability to be a GC and could
assume this duty upon assignment.
The GC helps the cryptographic group reach and maintain key
synchronization. A group must operate on the same symmetric
cryptographic key. If part of the group loses or inappropriately
changes it's key, it will not be able to send or receive data to
another host operating on the correct key. Therefor, it is important
that those operations that create or change key are unambiguous and
controlled (i.e., it would not be appropriate for multiple hosts to
try to rekey a net simultaneously). Hence, someone has to be in
charge -- that is the controller.
2.2 Group member
Simply stated a group member is any group host who is not acting as
the controller. The group members will: assist the controller in
creating key, validate the controller authorization to perform
actions, accept key from the controller, request key from the
controller, maintain local CRL lists, perform peer review of key
management actions, and manage local key.
Harney & Muckenhirn Experimental