RFC 2523 (rfc2523) - Page 1 of 19
Photuris: Extended Schemes and Attributes
Alternative Format: Original Text Document
Network Working Group P. Karn
Request for Comments: 2523 Qualcomm
Category: Experimental W. Simpson
DayDreamer
March 1999
Photuris: Extended Schemes and Attributes
Status of this Memo
This document defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). Copyright (C) Philip Karn
and William Allen Simpson (1994-1999). All Rights Reserved.
Abstract
Photuris is a session-key management protocol. Extensible Exchange-
Schemes are provided to enable future implementation changes without
affecting the basic protocol.
Additional authentication attributes are included for use with the IP
Authentication Header (AH) or the IP Encapsulating Security Protocol
(ESP).
Additional confidentiality attributes are included for use with ESP.
Karn & Simpson Experimental [Page i]
RFC 2523 Schemes and Attributes March 1999
Table of Contents
1. Additional Exchange-Schemes ........................... 1
2. Additional Key-Generation-Function .................... 5
2.1 SHA1 Hash ....................................... 5
3. Additional Privacy-Methods ............................ 5
3.1 DES-CBC over Mask ............................... 5
3.2 DES-EDE3-CBC over Mask .......................... 6
4. Additional Validity-Method ............................ 6
4.1 SHA1-IPMAC Check ................................ 6
5. Additional Attributes ................................. 7
5.1 SHA1-IPMAC ...................................... 7
5.1.1 Symmetric Identification ........................ 8
5.1.2 Authentication .................................. 9
5.2 RIPEMD-160-IPMAC ................................ 9
5.2.1 Symmetric Identification ........................ 10
5.2.2 Authentication .................................. 11
5.3 DES-CBC ......................................... 11
5.4 Invert (Decryption/Encryption) .................. 12
5.5 XOR Whitening ................................... 13
APPENDICES ................................................... 15
A. Exchange-Scheme Selection ............................. 15
A.1 Responder ....................................... 15
A.2 Initiator ....................................... 15
SECURITY CONSIDERATIONS ...................................... 16
ACKNOWLEDGEMENTS ............................................. 16
REFERENCES ................................................... 17
CONTACTS ..................................................... 18
COPYRIGHT .................................................... 19
Karn & Simpson Experimental [Page ii]
RFC 2523 Schemes and Attributes March 1999
1. Additional Exchange-Schemes
The packet format and basic facilities are already defined for
Photuris [RFC-2522].
These optional Exchange-Schemes are specified separately, and no
single implementation is expected to support all of them.
This document defines the following values:
(3) Implementation Optional. Any modulus (p) with a recommended
generator (g) of 3. When the Exchange-Scheme Size is non-zero,
the modulus is contained in the Exchange-Scheme Value field in
the list of Offered-Schemes.
An Exchange-Scheme Size of zero is invalid.
Key-Generation-Function "MD5 Hash"
Privacy-Method "Simple Masking"
Validity-Method "MD5-IPMAC Check"
This combination of features requires a modulus with at least
64-bits of cryptographic strength.
(4) Implementation Optional. Any modulus (p) with a recommended
generator (g) of 2. When the Exchange-Scheme Size is non-zero,
the modulus is contained in the Exchange-Scheme Value field in
the list of Offered-Schemes.
When the Exchange-Scheme Size field is zero, includes by
reference all of the moduli specified in the list of Offered-
Schemes for Scheme #2.
Key-Generation-Function "MD5 Hash"
Privacy-Method "DES-CBC over Mask"
Validity-Method "MD5-IPMAC Check"
This combination of features requires a modulus with at least
64-bits of cryptographic strength.
(5) Implementation Optional. Any modulus (p) with a recommended
generator (g) of 5. When the Exchange-Scheme Size is non-zero,
the modulus is contained in the Exchange-Scheme Value field in
the list of Offered-Schemes.
An Exchange-Scheme Size of zero is invalid.
Karn & Simpson Experimental