Guidance for Authentication, Authorization, and Accounting (AAA) Key Management
RFC 4962
| Document | Type |
RFC - Best Current Practice
(July 2007; No errata)
Also known as BCP 132
Was draft-housley-aaa-key-mgmt (individual in sec area)
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4962 (Best Current Practice) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sam Hartman | ||
| Send notices to | (None) | ||
Network Working Group R. Housley
Request for Comments: 4962 Vigil Security
BCP: 132 B. Aboba
Category: Best Current Practice Microsoft
July 2007
Guidance for Authentication, Authorization, and Accounting (AAA)
Key Management
Status of This Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The IETF Trust (2007).
Abstract
This document provides guidance to designers of Authentication,
Authorization, and Accounting (AAA) key management protocols. The
guidance is also useful to designers of systems and solutions that
include AAA key management protocols. Given the complexity and
difficulty in designing secure, long-lasting key management
algorithms and protocols by experts in the field, it is almost
certainly inappropriate for IETF working groups without deep
expertise in the area to be designing their own key management
algorithms and protocols based on Authentication, Authorization, and
Accounting (AAA) protocols. The guidelines in this document apply to
documents requesting publication as IETF RFCs. Further, these
guidelines will be useful to other standards development
organizations (SDOs) that specify AAA key management.
Housley & Aboba Best Current Practice [Page 1]
RFC 4962 Guidance for AAA Key Management July 2007
Table of Contents
1. Introduction ....................................................2
1.1. Requirements Specification .................................3
1.2. Mandatory to Implement .....................................3
1.3. Terminology ................................................3
2. AAA Environment Concerns ........................................5
3. AAA Key Management Requirements .................................7
4. AAA Key Management Recommendations .............................13
5. Security Considerations ........................................14
6. Normative References ...........................................15
7. Informative References .........................................15
Appendix: AAA Key Management History ..............................20
Acknowledgments ...................................................22
1. Introduction
This document provides architectural guidance to designers of AAA key
management protocols. The guidance is also useful to designers of
systems and solutions that include AAA key management protocols.
AAA key management often includes a collection of protocols, one of
which is the AAA protocol. Other protocols are used in conjunction
with the AAA protocol to provide an overall solution. These other
protocols often provide authentication and security association
establishment.
Given the complexity and difficulty in designing secure, long-lasting
key management algorithms and protocols by experts in the field, it
is almost certainly inappropriate for IETF working groups without
deep expertise in the area to be designing their own key management
algorithms and protocols based on Authentication, Authorization and
Accounting (AAA) protocols. These guidelines apply to documents
requesting publication as IETF RFCs. Further, these guidelines will
be useful to other standards development organizations (SDOs) that
specify AAA key management that depends on IETF specifications for
protocols such as Extensible Authentication Protocol (EAP) [RFC3748],
Remote Authentication Dial-In User Service (RADIUS) [RFC2865], and
Diameter [RFC3588].
In March 2003, at the IETF 56 AAA Working Group Session, Russ Housley
gave a presentation on "Key Management in AAA" [H]. That
presentation established the vast majority of the requirements
contained in this document. Over the last three years, this
collection of requirements have become known as the "Housley
Criteria".
Housley & Aboba Best Current Practice [Page 2]
RFC 4962 Guidance for AAA Key Management July 2007
1.1. Requirements Specification
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [RFC2119].
An AAA key management proposal is not compliant with this
specification if it fails to satisfy one or more of the MUST or MUST
NOT statements. An AAA key management proposal that satisfies all
the MUST, MUST NOT, SHOULD, and SHOULD NOT statements is said to be
Show full document text