RFC 2093 (rfc2093) - Page 1 of 23


Group Key Management Protocol (GKMP) Specification



Alternative Format: Original Text Document



Network Working Group                                          H. Harney
Request for Comments: 2093                                 C. Muckenhirn
Category: Experimental                                      SPARTA, Inc.
                                                               July 1997


           Group Key Management Protocol (GKMP) Specification

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Table of Contents

   1. Background..................................................... 1
   2. Overview:  GKMP Roles.......................................... 3
   3. Data Item primitives........................................... 4
   4. Message definitions............................................ 6
   5. State definitions.............................................. 9
   6. Functional Definitions--Group Key Management Protocol.......... 13
   7. Security Considerations........................................ 23
   8. Author's Address............................................... 23

Abstract

   This specification proposes a protocol to create grouped symmetric
   keys and distribute them amongst communicating peers. This protocol
   has the following advantages: 1) virtually invisible to operator, 2)
   no central key distribution site is needed, 3) only group members
   have the key, 4) sender or receiver oriented operation, 5) can make
   use of multicast communications protocols.

1 Background

   Traditional key management distribution has mimicked the military
   paper based key accounting system.  Key was distributed, ordered, and
   accounted physically leading to large lead times and expensive
   operations.

   Cooperative key management algorithms exist that allow pairwise keys
   to be generated between two equipment's.  This gives the a quicker
   more reliable key management structure capable of supporting large
   numbers of secure communications.  Unfortunately, only pairwise keys
   are supported using these methods today.




Harney & Muckenhirn           Experimental