RFC 2094 (rfc2094) - Page 2 of 22
Group Key Management Protocol (GKMP) Architecture
Alternative Format: Original Text Document
RFC 2094 GKMP Architecture July 1997 1.1 Multicast Communications Environments The work leading to this report was primarily concerned with military command and control and weapons control systems, these systems tend to have top--down, commander--commanded, communications flows. The choice of what parties will be members of a particular communication (a multicast group for example) is at the discretion of the "higher" level party(ies). This "sender-initiated" (assuming the higher-level party is sending) model maps well to broadcast (as in electromagnetic, free-space, transmission) and circuit switched communications media (e.g., video teleconferencing, ATM multicast). In looking to apply this technology to the Internet, a somewhat different model appears to be at work (at least for some portion of Internet multicast traffic). IDRP and Distance Vector Multicast Routing Protocol (DVMRP) use multicast as a mechanism for parties to relay common information to their peers. Each party both sends and receives information in the multicast channel. As appropriate, a party may choose to leave or join the communication without the express permission of any of the other parties (this begs the question of meta-authorizations which allow the parties to cooperate). More interestingly, the multicast IP model has the receiver telling the network to add it to the distribution for a particular multicast address, whether it exists yet or not, and the transmitter not being consulted as to the addition of the receiver. Other applications of multicast communications in the Internet, for example NASA Select broadcasts, can be viewed as implementing the sender model since the sender selects the broadcast time, channel, and content, though not the destinations. It is our intention to provide key management services which support both communications (and implied access control) models and operate in either a circuit switched or packet switched environment. 1.2 Security for Multicast Multicast communications, as with unicast, may require any of the security services defined in ISO 7498, access control, data confidentiality, traffic confidentiality, integrity/data authentication, source authentication, sender and receiver non- repudiation and service assurance. From the perspective of key management processes, only data confidentiality, data authentication, and source authentication can be supported. The other services, traffic confidentiality, non-repudiation, and service assurance must be provided by the communications protocol, they may rely on cryptographic services but are not guaranteed by them. Harney & Muckenhirn Experimental
