RFC 3594 (rfc3594) - Page 2 of 7
PacketCable Security Ticket Control Sub-Option for the DHCP CableLabs Client Configuration (CCC) Option
Alternative Format: Original Text Document
RFC 3594 Security Ticket Control September 2003
MTA - Media Terminal Adapter. The CCD specific to the PacketCable
architecture.
PacketCable - multimedia architecture developed by CableLabs. See
[8] for full details.
3. Introduction
The CableLabs Client Configuration Option [1] defines several
sub-options used to configure devices deployed into CableLabs
architectures. These architectures implement the PacketCable
Security Specification [4] (based on Kerberos V5 [5]), to support CCD
authentication and establishment of security associations between
CCDs and application servers.
CCDs are permitted to retain security tickets in local persistent
storage. Thus a power-cycled CCD is enabled to avoid expensive
ticket acquisition for locally persisted, non-expired tickets. This
feature greatly reduces the security overhead of a deployment.
This sub-option allows the service provider to control the lifetime
of tickets persisted locally on a CCD. The service provider requires
this capability to support operational functions such as forcing re-
establishment of security associations, remote testing, and remote
diagnostic of CCDs.
It should be noted that, although based on the Kerberos V5 RFC [5],
the PacketCable Security Specification is not a strict implementation
of this RFC. See [4] for details of the PacketCable Security
Specification.
4. Security Ticket Control Sub-option
This sub-option defines a Ticket Control Mask (TCM) that instructs
the CCD to validate/invalidate specific application server tickets.
The sub-option is encoded as follows:
Code Len TCM
+-----+-----+-----+-----+
| 9 | 2 | m1 | m2 |
+-----+-----+-----+-----+
The length MUST be 2. The TCM field is encoded as an unsigned 16 bit
quantity per network byte order. Each bit of the TCM is assigned to
a specific server or server group. A bit value of 0 means the CCD
MUST apply normal invalidation rules (defined in [4]) to the locally
Duffy Standards Track