Group Security Policy Token v1
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, msec mailing list <email@example.com>, msec chair <firstname.lastname@example.org> Subject: Protocol Action: 'Group Security Policy Token v1' to Proposed Standard The IESG has approved the following document: - 'Group Security Policy Token v1 ' <draft-ietf-msec-policy-token-sec-07.txt> as a Proposed Standard This document is the product of the Multicast Security Working Group. The IESG contact persons are Russ Housley and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-policy-token-sec-07.txt
Technical Summary MSEC recognizes three major aspects to multicast and group security: key management, source authentication and group policy. The Group Security Policy Token (GSPT) is a structure used to specify the security policy and configurable parameters for a secure multicast group. In the unicast case, point-to-point security association parameters are negotiated, but in groups the group owner specifies the policy unilaterally via, for instance, a GSPT. Some of the attributes within a GSPT include group membership policy, rekeying policy, and data security policy. A key management protocol such as GSAKMP (or GDOI), TESLA, and the GSPT comprise a complete group security solution. Working Group Summary The GSPT is a generic structure that can be used with any key management system. GSAKMP uses it, whereas GDOI uses SA proposal and transform payloads similar to those in IKE for a similar purpose; however, the GSPT can also be used with GDOI. GSPT is a product of the MSEC WG. There was no significant opposition to GSPT as a work item or to its structure. There was healthy debate on the nuts and bolts of the specification. Protocol Quality There are at least two implementations: one by SPARTA and another by IdentAware. Both implementations use GSAKMP as the key management protocol. The policy token itself has been reviewed closely by the implementors and the MSEC WG. This document was reviewed by Russ Housley for the IESG.