Group Security Policy Token v1
RFC 4534

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    msec mailing list <msec@ietf.org>, 
    msec chair <msec-chairs@tools.ietf.org>
Subject: Protocol Action: 'Group Security Policy Token v1' to 
         Proposed Standard 

The IESG has approved the following document:

- 'Group Security Policy Token v1 '
   <draft-ietf-msec-policy-token-sec-07.txt> as a Proposed Standard

This document is the product of the Multicast Security Working Group. 

The IESG contact persons are Russ Housley and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-msec-policy-token-sec-07.txt

Technical Summary

  MSEC recognizes three major aspects to multicast and group security:
  key management, source authentication and group policy.  The Group
  Security Policy Token (GSPT) is a structure used to specify the
  security policy and configurable parameters for a secure multicast
  group.  In the unicast case, point-to-point security association
  parameters are negotiated, but in groups the group owner specifies the
  policy unilaterally via, for instance, a GSPT.  Some of the attributes
  within a GSPT include group membership policy, rekeying policy, and
  data security policy.

  A key management protocol such as GSAKMP (or GDOI), TESLA, and the
  GSPT comprise a complete group security solution.

Working Group Summary

  The GSPT is a generic structure that can be used with any key
  management system.  GSAKMP uses it, whereas GDOI uses SA proposal and
  transform payloads similar to those in IKE for a similar purpose;
  however, the GSPT can also be used with GDOI.

  GSPT is a product of the MSEC WG.  There was no significant opposition
  to GSPT as a work item or to its structure.  There was healthy debate
  on the nuts and bolts of the specification.

Protocol Quality

  There are at least two implementations: one by SPARTA and another by
  IdentAware.  Both implementations use GSAKMP as the key management
  protocol.  The policy token itself has been reviewed closely by the
  implementors and the MSEC WG.

  This document was reviewed by Russ Housley for the IESG.