RFC 3079 (rfc3079) - Page 1 of 21


Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE)



Alternative Format: Original Text Document



Network Working Group                                            G. Zorn
Request for Comments: 3079                                 cisco Systems
Category: Informational                                       March 2001


 Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   The Point-to-Point Protocol (PPP) provides a standard method for
   transporting multi-protocol datagrams over point-to-point links.

   The PPP Compression Control Protocol provides a method to negotiate
   and utilize compression protocols over PPP encapsulated links.

   Microsoft Point to Point Encryption (MPPE) is a means of representing
   PPP packets in an encrypted form.  MPPE uses the RSA RC4 algorithm to
   provide data confidentiality.  The length of the session key to be
   used for initializing encryption tables can be negotiated.  MPPE
   currently supports 40-bit, 56-bit and 128-bit session keys.  MPPE
   session keys are changed frequently; the exact frequency depends upon
   the options negotiated, but may be every packet.  MPPE is negotiated
   within option 18 in the Compression Control Protocol.

   This document describes the method used to derive initial MPPE
   session keys from a variety of credential types.  It is expected that
   this memo will be updated whenever Microsoft defines a new key
   derivation method for MPPE, since its primary purpose is to provide
   an open, easily accessible reference for third-parties wishing to
   interoperate with Microsoft products.

   MPPE itself (including the protocol used to negotiate its use, the
   details of the encryption method used and the algorithm used to
   change session keys during a session) is described in RFC 3078.







Zorn                         Informational