MIKEY: Multimedia Internet KEYing
RFC 3830
Document | Type |
RFC - Proposed Standard
(August 2004; Errata)
Was draft-ietf-msec-mikey (msec WG)
|
|
---|---|---|---|
Authors | Karl Norrman , Fredrik Lindholm , Elisabetta Carrara , Jari Arkko , Mats Naslund | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3830 (Proposed Standard) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | <canetti@watson.ibm.com>, <thardjono@verisign.com> |
Network Working Group J. Arkko Request for Comments: 3830 E. Carrara Category: Standards Track F. Lindholm M. Naslund K. Norrman Ericsson Research August 2004 MIKEY: Multimedia Internet KEYing Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). Abstract This document describes a key management scheme that can be used for real-time applications (both for peer-to-peer communication and group communication). In particular, its use to support the Secure Real- time Transport Protocol is described in detail. Security protocols for real-time multimedia applications have started to appear. This has brought forward the need for a key management solution to support these protocols. Arkko, et al. Standards Track [Page 1] RFC 3830 MIKEY August 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Existing Solutions . . . . . . . . . . . . . . . . . . . 4 1.2. Notational Conventions . . . . . . . . . . . . . . . . . 4 1.3. Definitions. . . . . . . . . . . . . . . . . . . . . . . 4 1.4. Abbreviations. . . . . . . . . . . . . . . . . . . . . . 6 1.5. Outline. . . . . . . . . . . . . . . . . . . . . . . . . 6 2. Basic Overview . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1. Scenarios. . . . . . . . . . . . . . . . . . . . . . . . 7 2.2. Design Goals . . . . . . . . . . . . . . . . . . . . . . 8 2.3. System Overview. . . . . . . . . . . . . . . . . . . . . 8 2.4. Relation to GKMARCH. . . . . . . . . . . . . . . . . . . 10 3. Basic Key Transport and Exchange Methods . . . . . . . . . . . 10 3.1. Pre-shared Key . . . . . . . . . . . . . . . . . . . . . 12 3.2. Public-Key Encryption. . . . . . . . . . . . . . . . . . 13 3.3. Diffie-Hellman Key Exchange. . . . . . . . . . . . . . . 14 4. Selected Key Management Functions. . . . . . . . . . . . . . . 15 4.1. Key Calculation. . . . . . . . . . . . . . . . . . . . . 16 4.1.1. Assumptions. . . . . . . . . . . . . . . . . . . 16 4.1.2. Default PRF Description. . . . . . . . . . . . . 17 4.1.3. Generating keys from TGK . . . . . . . . . . . . 18 4.1.4. Generating keys for MIKEY Messages from an Envelope/Pre-Shared Key . . . . . . . . . . . 19 4.2 Pre-defined Transforms and Timestamp Formats . . . . . . . 19 4.2.1. Hash Functions . . . . . . . . . . . . . . . . . 19 4.2.2. Pseudo-Random Number Generator and PRF . . . . . 20 4.2.3. Key Data Transport Encryption. . . . . . . . . . 20 4.2.4. MAC and Verification Message Function. . . . . . 21 4.2.5. Envelope Key Encryption. . . . . . . . . . . . . 21 4.2.6. Digital Signatures . . . . . . . . . . . . . . . 21 4.2.7. Diffie-Hellman Groups. . . . . . . . . . . . . . 21 4.2.8. Timestamps . . . . . . . . . . . . . . . . . . . 21 4.2.9. Adding New Parameters to MIKEY . . . . . . . . . 22 4.3. Certificates, Policies and Authorization . . . . . . . . 22 4.3.1. Certificate Handling . . . . . . . . . . . . . . 22 4.3.2. Authorization. . . . . . . . . . . . . . . . . . 23 4.3.3. Data Policies. . . . . . . . . . . . . . . . . . 24 4.4. Retrieving the Data SA . . . . . . . . . . . . . . . . . 24 4.5. TGK Re-Keying and CSB Updating . . . . . . . . . . . . . 25 5. Behavior and Message Handling. . . . . . . . . . . . . . . . . 26 5.1. General. . . . . . . . . . . . . . . . . . . . . . . . . 26 5.1.1. Capability Discovery . . . . . . . . . . . . . . 26 5.1.2. Error Handling . . . . . . . . . . . . . . . . . 27 5.2. Creating a Message . . . . . . . . . . . . . . . . . . . 28 5.3. Parsing a Message. . . . . . . . . . . . . . . . . . . . 29 5.4. Replay Handling and Timestamp Usage. . . . . . . . . . . 30 6. Payload Encoding . . . . . . . . . . . . . . . . . . . . . . . 32Show full document text