MIKEY-RSA-R: An Additional Mode of Key Distribution in Multimedia Internet KEYing (MIKEY)
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: Internet Architecture Board <firstname.lastname@example.org>, RFC Editor <email@example.com>, msec mailing list <firstname.lastname@example.org>, msec chair <email@example.com> Subject: Protocol Action: 'An additional mode of key distribution in MIKEY: MIKEY-RSA-R' to Proposed Standard The IESG has approved the following document: - 'An additional mode of key distribution in MIKEY: MIKEY-RSA-R ' <draft-ietf-msec-mikey-rsa-r-08.txt> as a Proposed Standard This document is the product of the Multicast Security Working Group. The IESG contact persons are Russ Housley and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-mikey-rsa-r-08.txt
Technical Summary The document specifies a new MIKEY mode. The main goal of the new mode is to address the one-to-many use case, where the transmitter does not know in advance the certificates of all receivers. None of the existing MIKEY modes covers this case. In the new mode, the recipient initiates the exchange. In response, a key comes from the transmitter of the protected data. The entire exchange takes one round trip. Replay protection is obtained via timestamps, as in other MIKEY modes. The mode can also support unicast, where the usability is roughly the same as existing DH modes. This new mode allows MIKEY the same flexibility and usability as other multicast key management protocols, enabling a single sender to manage keys for a dynamic large group of recipients. Working Group Summary The document was discussed several times in MSEC WG meetings and on the MSEC WG mailing list. The authors have SIP, RTP, and MSEC expertise. Several people provided reviews, and at least two of them were comprehensive. There were no objections to publishing this document as a standards-track RFC. Protocol Quality The protocol is specified in sufficient detail to allow independent implementations. There are no known implementations, but implementing MIKEY-RSA-R mode, given a MIKEY-RSA mode implementation is fairly straightforward. This document was reviewed by Russ Housley for the IESG.