RFC 2094 (rfc2094) - Page 1 of 22


Group Key Management Protocol (GKMP) Architecture



Alternative Format: Original Text Document



Network Working Group                                         H. Harney
Request for Comments: 2094                                C. Muckenhirn
Category: Experimental                                     SPARTA, Inc.
                                                              July 1997


           Group Key Management Protocol (GKMP) Architecture

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Table of Contents

   1. Introduction.................................................   1
   2. Multicast Key Management Architectures.......................   3
   3. GKMP Protocol Overview.......................................   9
   4. Issues.......................................................  19
   5. Security Considerations......................................  22
   6. Authors' Address.............................................  22

Abstract

   This specification proposes a protocol to create grouped symmetric
   keys and distribute them amongst communicating peers. This protocol
   has the following advantages: 1) virtually invisible to operator, 2)
   no central key distribution site is needed, 3) only group members
   have the key, 4) sender or receiver oriented operation, 5) can make
   use of multicast communications protocols.

1 Introduction

   This document describes an architecture for the management of
   cryptographic keys for multicast communications.  We identify the
   roles and responsibilities of communications system elements in
   accomplishing multicast key management, define security and
   functional requirements of each, and provide a detailed introduction
   to the Group Key Management Protocol (GKMP) which provides the
   ability to create and distribute keys within arbitrary-sized groups
   without the intervention of a global/centralized key manager.  The
   GKMP combines techniques developed for creation of pairwise keys with
   techniques used to distribute keys from a KDC (i.e., symmetric
   encryption of keys) to distribute symmetric key to a group of hosts.





Harney & Muckenhirn           Experimental