Photuris: Session-Key Management Protocol
RFC 2522

Document Type RFC - Experimental (March 1999; No errata)
Was draft-simpson-photuris (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2522 (Experimental)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                            P. Karn
Request for Comments: 2522                                      Qualcomm
Category: Experimental                                        W. Simpson
                                                              DayDreamer
                                                              March 1999

               Photuris: Session-Key Management Protocol

Status of this Memo

   This document defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  Copyright (C) Philip Karn
   and William Allen Simpson (1994-1999).  All Rights Reserved.

Abstract

   Photuris is a session-key management protocol intended for use with
   the IP Security Protocols (AH and ESP).  This document defines the
   basic protocol mechanisms.

Karn & Simpson                Experimental                      [Page i]


RFC 2522                   Photuris Protocol                  March 1999

Table of Contents

     1.     Introduction ..........................................    1
        1.1       Terminology .....................................    1
        1.2       Protocol Overview ...............................    3
        1.3       Security Parameters .............................    5
        1.4       LifeTimes .......................................    6
           1.4.1  Exchange LifeTimes ..............................    6
           1.4.2  SPI LifeTimes ...................................    7
        1.5       Random Number Generation ........................    8

     2.     Protocol Details ......................................    9
        2.1       UDP .............................................    9
        2.2       Header Format ...................................   10
        2.3       Variable Precision Integers .....................   11
        2.4       Exchange-Schemes ................................   13
        2.5       Attributes ......................................   13

     3.     Cookie Exchange .......................................   14
           3.0.1  Send Cookie_Request .............................   14
           3.0.2  Receive Cookie_Request ..........................   15
           3.0.3  Send Cookie_Response ............................   15
           3.0.4  Receive Cookie_Response .........................   16
        3.1       Cookie_Request ..................................   17
        3.2       Cookie_Response .................................   18
        3.3       Cookie Generation ...............................   19
           3.3.1  Initiator Cookie ................................   19
           3.3.2  Responder Cookie ................................   20

     4.     Value Exchange ........................................   21
           4.0.1  Send Value_Request ..............................   21
           4.0.2  Receive Value_Request ...........................   22
           4.0.3  Send Value_Response .............................   22
           4.0.4  Receive Value_Response ..........................   23
        4.1       Value_Request ...................................   24
        4.2       Value_Response ..................................   25
        4.3       Offered Attribute List ..........................   26

     5.     Identification Exchange ...............................   28
           5.0.1  Send Identity_Request ...........................   29
           5.0.2  Receive Identity_Request ........................   29
           5.0.3  Send Identity_Response ..........................   30
           5.0.4  Receive Identity_Response .......................   30
        5.1       Identity_Messages ...............................   31
        5.2       Attribute Choices List ..........................   33
        5.3       Shared-Secret ...................................   34
        5.4       Identity Verification ...........................   34

Karn & Simpson                Experimental                     [Page ii]


RFC 2522                   Photuris Protocol                  March 1999

        5.5       Privacy-Key Computation .........................   36
        5.6       Session-Key Computation .........................   37

     6.     SPI Messages ..........................................   38
           6.0.1  Send SPI_Needed .................................   38
           6.0.2  Receive SPI_Needed ..............................   39
           6.0.3  Send SPI_Update .................................   39
           6.0.4  Receive SPI_Update ..............................   39
           6.0.5  Automated SPI_Updates ...........................   40
        6.1       SPI_Needed ......................................   41
Show full document text