RFC 3760 (rfc3760) - Page 2 of 22
Securely Available Credentials (SACRED) - Credential Server Framework
Alternative Format: Original Text Document
RFC 3760 Securely Available Credentials (SACRED) April 2004
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
6.1. Normative References . . . . . . . . . . . . . . . . . . 20
6.2. Informative References . . . . . . . . . . . . . . . . . 20
7. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 21
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 22
1 Introduction
Digital credentials, such as private keys and corresponding
certificates, are used to support various Internet protocols, e.g.,
S/MIME, IPSec, and TLS. In a number of environments end users wish
to use the same credentials on different end-user devices. In a
"typical" desktop environment, the user already has many tools
available to allow import/export of these credentials. However, this
is not very practical. In addition, with some devices, especially
wireless and other more constrained devices, the tools required
simply do not exist.
This document proposes a general framework for secure exchange of
such credentials and provides a high level outline that will help
guide the development of one or more securely available credentials
(SACRED) credential exchange protocols.
2. Functional Overview
Requirements for SACRED are fully described in [RFC 3157]. These
requirements assume that two distinctly different network
architectures will be created to support credential exchange for
roaming users:
a) Client/Server Credential Exchange
b) Peer-to-Peer Credential Exchange
This document describes the framework for one or more client/server
credential exchange protocols.
In all cases, adequate user authentication methods will be used to
ensure credentials are not divulged to unauthorized parties. As
well, adequate server authentication methods will be used to ensure
that each client's authentication information (see Section 2.1) is
not compromised, and to ensure that roaming users interact with
intended/authorized credential servers.
2.1. Definitions
This section provides definitions for several terms or phrases used
throughout this document.
Gustafson, et al. Informational