RFC 2094 (rfc2094) - Page 3 of 22
Group Key Management Protocol (GKMP) Architecture
Alternative Format: Original Text Document
RFC 2094 GKMP Architecture July 1997
2 Multicast Key Management Architectures
2.1 Current Operations
There are several electronic mechanisms for generating and
distributing symmetric keys to several computers (i.e.,
communications groups). These techniques, generally, rely on a key
distribution center (KDC) to act as a go between in setting up the
symmetric key groups. Military systems, such as BLACKER, STU-
II/BELLFIELD, and EKMS, and commercial systems, such as X9.17 and
Kerberos, all operate using dedicated KDCs. A group key request is
sent to the KDC via various means (on- or off-line) The KDC acting as
an access controller decides whether or not the request is proper
(i.e., all members of a group are cleared to receive all the data on
a group). The KDC would then call up each individual member of the
group and down load the symmetric key. When each member had the key
the KDC would notify the requester. Then secure group communication
could begin. While this was certainly faster then anything that
requires human intervention. It still requires quite a bit of set-up
time. Also, a third party, whose primary interest isn't the
communication, needs to get involved.
Pairwise keys can be created autonomously by the host on a network by
using any number of key generation protocols (FireFly, Diffe-Hellman,
RSA). These protocols all rely on cooperative key generation
algorithms to create a cryptographic key. These algorithms rely on
random information generated by each host. These algorithms also
rely on peer review of permissions to ensure that the communication
partners are who they claim to be and have authorization to receive
the information being transmitted. This peer review process relies
on a trusted authority assigning permissions to each host in the
network that wants the ability to create these keys. The real beauty
of these pairwise key management protocols is that they can be
integrated into the communication protocol or the application. This
means that the key management becomes relatively invisible to the
people in the system.
2.2 GKMP-Based Operations
The GKMP described below, delegates the access control, key
generation, and distribution functions to the communicating entities
themselves rather than relying on a third party (KDC) for these
functions. As prelude to actually distributing key, a few things
must be assumed (for purposes of this document): there exists a
"security manager" responsible for creating and distributing to
parties authentic identification and security permission information
(The security manager function may be accomplished through a strictly
hierarchical system (a la STU-III) or a more ad hoc system of
Harney & Muckenhirn Experimental