RFC 2847 (rfc2847) - Page 2 of 22

LIPKEY - A Low Infrastructure Public Key Mechanism Using SPKM

Alternative Format: Original Text Document
< Previous
Next >
RFC 2847                         LIPKEY                        June 2000


   2.4.2.  REP-TI-TOKEN Content Requirements  . . . . . . . . . . . . 9
   2.4.2.1.  algId  . . . . . . . . . . . . . . . . . . . . . . . . . 9
   2.4.2.2.  rep-ti-integ . . . . . . . . . . . . . . . . . . . . . . 9
   2.5.  Quality of Protection (QOP)  . . . . . . . . . . . . . . . .10
   3.  How LIPKEY Uses SPKM . . . . . . . . . . . . . . . . . . . .  11
   3.1.  Tokens . . . . . . . . . . . . . . . . . . . . . . . . . .  11
   3.2.  Initiator  . . . . . . . . . . . . . . . . . . . . . . . .  11
   3.2.1.  GSS_Import_name  . . . . . . . . . . . . . . . . . . . .  11
   3.2.2.  GSS_Acquire_cred . . . . . . . . . . . . . . . . . . . .  11
   3.2.3.  GSS_Init_sec_context . . . . . . . . . . . . . . . . . .  12
   3.2.3.1.  LIPKEY Caller Specified anon_req_flag as TRUE  . . . .  12
   3.2.3.2.  LIPKEY Caller Specified anon_req_flag as FALSE . . . .  13
   3.2.4.  Other operations . . . . . . . . . . . . . . . . . . . .  14
   3.3.  Target . . . . . . . . . . . . . . . . . . . . . . . . . .  14
   3.3.1.  GSS_Import_name  . . . . . . . . . . . . . . . . . . . .  14
   3.3.2.  GSS_Acquire_cred . . . . . . . . . . . . . . . . . . . .  14
   3.3.3.  GSS_Accept_sec_context . . . . . . . . . . . . . . . . .  15
   4.  LIPKEY Description . . . . . . . . . . . . . . . . . . . . .  15
   4.1.  Mechanism Type . . . . . . . . . . . . . . . . . . . . . .  15
   4.2.  Name Types . . . . . . . . . . . . . . . . . . . . . . . .  15
   4.3.  Token Formats  . . . . . . . . . . . . . . . . . . . . . .  16
   4.3.1.  Context Tokens . . . . . . . . . . . . . . . . . . . . .  16
   4.3.1.1.  Context Tokens Prior to SPKM-3 Context Establishment .  16
   4.3.1.2.  Post-SPKM-3 Context Establishment Tokens . . . . . . .  16
   4.3.1.2.1.  From LIPKEY Initiator  . . . . . . . . . . . . . . .  17
   4.3.1.2.2.  From LIPKEY Target . . . . . . . . . . . . . . . . .  17
   4.3.2.  Tokens from GSS_GetMIC and GSS_Wrap  . . . . . . . . . .  17
   4.4.  Quality of Protection  . . . . . . . . . . . . . . . . . .  18
   5.  Security Considerations  . . . . . . . . . . . . . . . . . .  18
   5.1.  Password Management  . . . . . . . . . . . . . . . . . . .  18
   5.2.  Certification Authorities  . . . . . . . . . . . . . . . .  18
   5.3.  HMAC-MD5 and MD5 Weaknesses  . . . . . . . . . . . . . . .  18
   5.4.  Security of cast5CBC . . . . . . . . . . . . . . . . . . .  18
   References . . . . . . . . . . . . . . . . . . . . . . . . . . .  19
   Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . .  21
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . .  21
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . .  22

1.  Introduction

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

   This memorandum describes a new security mechanism under the GSS-API
   called the Low Infrastructure Public Key Mechanism (LIPKEY).  GSS-API
   provides a way for an application protocol to implement
   authentication, integrity, and privacy. TLS is another way. While TLS



Eisler                      Standards Track
< Previous
Next >