Cryptographic Token Key Initialization Protocol (CT-KIP) Version 1.0 Revision 1
RFC 4758
Document | Type |
RFC - Informational
(November 2006; Errata)
Was draft-nystrom-ct-kip (individual in sec area)
|
|
---|---|---|---|
Author | Magnus Nystrom | ||
Last updated | 2020-01-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized with errata bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4758 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group M. Nystroem Request for Comments: 4758 RSA Security Category: Informational November 2006 Cryptographic Token Key Initialization Protocol (CT-KIP) Version 1.0 Revision 1 Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2006). Abstract This document constitutes Revision 1 of Cryptographic Token Key Initialization Protocol (CT-KIP) Version 1.0 from RSA Laboratories' One-Time Password Specifications (OTPS) series. The body of this document, except for the intellectual property considerations section, is taken from the CT-KIP Version 1.0 document, but comments received during the IETF review are reflected; hence, the status of a revised version. As no "bits-on-the-wire" have changed, the protocol specified herein is compatible with CT-KIP Version 1.0. CT-KIP is a client-server protocol for initialization (and configuration) of cryptographic tokens. The protocol requires neither private-key capabilities in the cryptographic tokens, nor an established public-key infrastructure. Provisioned (or generated) secrets will only be available to the server and the cryptographic token itself. Nystroem Informational [Page 1] RFC 4758 CT-KIP Version 1.0 Revision 1 November 2006 Table of Contents 1. Introduction ....................................................4 1.1. Scope ......................................................4 1.2. Background .................................................4 1.3. Document Organization ......................................5 2. Acronyms and Notation ...........................................5 2.1. Acronyms ...................................................5 2.2. Notation ...................................................5 3. CT-KIP ..........................................................6 3.1. Overview ...................................................6 3.2. Entities ...................................................7 3.3. Principles of Operation ....................................7 3.4. The CT-KIP One-Way Pseudorandom Function, CT-KIP-PRF ......10 3.4.1. Introduction .......................................10 3.4.2. Declaration ........................................11 3.5. Generation of Cryptographic Keys for Tokens ...............11 3.6. Encryption of Pseudorandom Nonces Sent from the CT-KIP Client .............................................12 3.7. CT-KIP Schema Basics ......................................13 3.7.1. Introduction .......................................13 3.7.2. General XML Schema Requirements ....................13 3.7.3. The AbstractRequestType Type .......................13 3.7.4. The AbstractResponseType type ......................14 3.7.5. The StatusCode Type ................................14 3.7.6. The IdentifierType Type ............................16 3.7.7. The NonceType Type .................................16 3.7.8. The ExtensionsType and the AbstractExtensionType Types ........................17 3.8. CT-KIP Messages ...........................................17 3.8.1. Introduction .......................................17 3.8.2. CT-KIP Initialization ..............................17 3.8.3. The CT-KIP Client's Initial PDU ....................18 3.8.4. The CT-KIP server's initial PDU ....................20 3.8.5. The CT-KIP Client's Second PDU .....................23 3.8.6. The CT-KIP Server's Final PDU ......................24 3.9. Protocol Extensions .......................................27 3.9.1. The ClientInfoType Type ............................27 3.9.2. The ServerInfoType Type ............................28 3.9.3. The OTPKeyConfigurationDataType Type ...............28 4. Protocol Bindings ..............................................29 4.1. General Requirement .......................................29 4.2. HTTP/1.1 binding for CT-KIP ...............................29 4.2.1. Introduction .......................................29 4.2.2. Identification of CT-KIP Messages ..................29 4.2.3. HTTP Headers .......................................29 4.2.4. HTTP Operations ....................................30 4.2.5. HTTP Status Codes ..................................30Show full document text