Download
1 / 3
30 likes | 157 Views
GKDP. Rekey Mechanism. Multicast: very similar to RFC3547 GCKS->Member: HDR, SK {[N], SEQ, GSA, KD, [GCKS_CERT,] SIG} STATUS NOTIFY TYPE (useful addition) KEKUPDATE 40960 TEKUPDATE 40961 KEKTEKUPDATE 40962 More TBD SIG of Hash{"GKDP-rekey", [N], SEQ, GSA, KD, [GKCS-CERT]}
E N D
Rekey Mechanism • Multicast: very similar to RFC3547 GCKS->Member: HDR, SK {[N], SEQ, GSA, KD, [GCKS_CERT,] SIG} • STATUS NOTIFY TYPE (useful addition) KEKUPDATE 40960 TEKUPDATE 40961 KEKTEKUPDATE 40962 More TBD • SIG of Hash{"GKDP-rekey", [N], SEQ, GSA, KD, [GKCS-CERT]} • Remaining fields unchanged from RFC3547
Delete Mechanism • Use Rekey Message just as in RFC3547with IKEv2 Headers & Payloads HDR, SK {[N], SEQ, D1, [D2], SIG } i.e.,D1 = KEK , D2 = TEK
