gsakmp policy token spec
play

GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt - PowerPoint PPT Presentation

Jan 21, 2023 •214 likes •321 views

GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA, Inc. (410) 872-1515 x203 hh@sparta.com Agenda GSAKMP Roles GSAKMP Policy Token Dissemination GSAKMP Token Spec. GSAKMP Roles GO

  1. GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA, Inc. (410) 872-1515 x203 hh@sparta.com

  2. Agenda • GSAKMP Roles • GSAKMP Policy Token Dissemination • GSAKMP Token Spec.

  3. GSAKMP Roles GO • Group Owner – Policy Creation Authority GC/KS • Group Controller/Key Server – Policy enforcer Subordinate – Policy dissemination GC/KS • Subordinate GC/KS – Policy enforcer • Group Member – Policy enforcer GM GM

  4. GSAKMP Policy Token Dissemination Controller Message Member or S-GC/KS Request to Join Policy Enforcement Key Download (Policy Token) Policy Notification - Ack/Failure Enforcement Shared Keyed Group Session

  5. GSAKMP Token Specification - Top level • Identification – Uniquely identify policy token and group • Authorizations – Identifies • Group Owner • Authorized rekey initiator • Sub GC/KS s • Access Control – Who is allowed into the group • Mechanisms – What are the allowed mechanisms for this group – Pass through policy for crypto application (IPSec) • Signature – Verification of policy token veracity

  6. Identification Fields • Token ID – Version (Policy Token version) – Protocol ID (GSAKMP or other) – Group ID (Unique identity of cryptographic group) • Network Identifier (multicast IP address if appropriate) • Serial number – Time (Group Owner Time)

  7. Authorization Fields • Group Owner Name: explicit – Owner Name PKI • Rekey Controller Name: explicit or rules – Rekey Controller Name PKI • Key Server Authorizations : explicit or rules

  8. Access Control Fields • Access control – Inclusionary • Permission level • Rules based on certificates – Names (X.509 Subject field) NAME (Explicit or Rule) PKI – Exclusionary • Permission Level • Rules based on certificates – Name rules NAME (Explicit or Rule) PKI

  9. Mechanism Fields Internal for GSAKMP • GSAKMP Key API – Key Management SA (GSAKMP security – Key use (Encryption) suite) • Algorithm • Encryption • Mode • Rekey – Rekey Information • Key length • Frequency • Key lifespan • Rollover – Type • Key type – Time • Key Creation methodology – Unicast SA (Management messages) – Group Specific Data (PF Key Data) • Encryption • Type (IPSec) • Rekey – Number of SAs – Group Specific Data (PF Key Data) – Secure Associations (SAD/SPD) • Type (IPSec) – Number of SAs – Secure Associations (SAD/SPD)

  10. Signature Fields • Signature – Name • Group Owner Name • Certificate serial number – PKI • Type (type of certificate) • Key length • Serial number (for issuer cert) • Issuer PKI Length • Issuer PKI (x.509 subject data for issuer) – Signature Data (Group Owners Signature over Policy Token)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT DIGITAL MARKETING BY ENABLING THE FIRST GAMIFIED ONLINE-TO-OFFLINE ECONOMY FOR EMERGING ASIA PURPOSE Make Digital Marketing Accessible For All

374 views • 14 slides
RSpec on Rails Tutorial https://ihower.tw 2016/8 Agenda Rails RSpec

RSpec on Rails Tutorial https://ihower.tw 2016/8 Agenda Rails RSpec

RSpec on Rails Tutorial https://ihower.tw 2016/8 Agenda Rails RSpec Model Spec, Routing Spec, Controller Spec, View Spec, Helper Spec Request Spec Feature Spec

945 views • 93 slides
PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1

PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1

PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1 Agenda Agenda Definition and Purpose Issuance Process Token Issuance Authority Requirements Token Personalization Requirements

324 views • 13 slides
SPEC MPI2007 Benchmarks for HPC Systems Ron Lieberman Dr. Matthias S. Mueller Chair, SPEC HPG

SPEC MPI2007 Benchmarks for HPC Systems Ron Lieberman Dr. Matthias S. Mueller Chair, SPEC HPG

SPEC MPI2007 Benchmarks for HPC Systems Ron Lieberman Dr. Matthias S. Mueller Chair, SPEC HPG Vice Chair, SPEC HPG HP-MPI Performance Deputy Director, CTO Hewlett-Packard Company Center for Information Services and High Performance

364 views • 20 slides
Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss Founder and CEO A i F d d CEO I have been working on security for + 8 years I have found and helped to fix hundreds of

335 views • 16 slides
La La ser Spec Spec troscopy of Radioactive Atoms at the L ow E nergy B eamline Wilfried

La La ser Spec Spec troscopy of Radioactive Atoms at the L ow E nergy B eamline Wilfried

CORE Meeting, GSI, June 1 st 2005 La La ser Spec Spec troscopy of Radioactive Atoms at the L ow E nergy B eamline Wilfried Nrtershuser for the LaSpec collaboration University of Tbingen GSI Darmstadt Content Introduction and

511 views • 19 slides
Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter

Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter

Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter extended to FDDI (Fiber Distributed Data Interface) and 802.17 (Resilient Packet Ring) standards Nodes connected in a ring Data always flows in

809 views • 16 slides
GROVEDALE AVENUE BANNERMAN STREET ST. FIDELIS CATHOLIC ELEMENTARY SCHOOL RUSTIC ROAD SPEC ED

GROVEDALE AVENUE BANNERMAN STREET ST. FIDELIS CATHOLIC ELEMENTARY SCHOOL RUSTIC ROAD SPEC ED

GROVEDALE AVENUE BANNERMAN STREET ST. FIDELIS CATHOLIC ELEMENTARY SCHOOL RUSTIC ROAD SPEC ED SPEC ED SPEC ED SPEC ED CR1 WR WR STAIR C OFFICE KITCHEN ELEC GENERAL PURPOSE CUDOIAL WASTE ATRIUM LAN CUST STAIR A STOR WR WR WR

438 views • 6 slides
GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface NIIBE Yutaka <gniibe@fsij.org> FOSDEM 2018 This is a talk of my experience to have better control (by its user) of computing for privacy

610 views • 37 slides
Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list homographs+type = words symbols broken down and pronounced unknown words: as word or letter sequence 11-752, LTI, Carnegie Mellon (define (token_to_words

836 views • 48 slides
Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

P R E S E N T A T I O N B Y A M I B E N D A V I D Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully tokenized VC fund 4 th ever Security Token 1 st Regulation-enforcing Token (DS Protocol) Focused on

488 views • 21 slides
Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to

Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to

Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to tokens(filename): 2 with open (filename) as fin: 3 return fin.read().split() Create token counts for each unique token: 1 def wc list(tokens): 2 uniq =

259 views • 7 slides
1 SPEC CPU Benchmark Other SPEC Benchmarks SPEC: Standard Performance Evaluation SPECviewperf

1 SPEC CPU Benchmark Other SPEC Benchmarks SPEC: Standard Performance Evaluation SPECviewperf

What Does Performance Mean? Response time Lecture 2: Performance Evaluation A simulation program finishes in 5 minutes Methods Throughput A web server serves 5 million request per Performance definition, benchmark, second summarizing

341 views • 4 slides
UI Presentation Design Spec Description So for this project we have a design spec for our UI,

UI Presentation Design Spec Description So for this project we have a design spec for our UI,

UI Presentation Design Spec Description So for this project we have a design spec for our UI, which gave us the requirements to achieve within the designs, those being user experience, usability and utility. The user experience is important as

514 views • 10 slides
Security model for hybrid token-based networking models By Rudy Borgstede Contents

Security model for hybrid token-based networking models By Rudy Borgstede Contents

Security model for hybrid token-based networking models By Rudy Borgstede Contents Project Background Complex Resource Provisioning and Token-Based Networking Token Validation Service, the Java Aaauthreach project

504 views • 21 slides
Beyond Microbenchmarks The SPEC-RG Vision for A Comprehensive Serverless Benchmark Erwin van Eyk

Beyond Microbenchmarks The SPEC-RG Vision for A Comprehensive Serverless Benchmark Erwin van Eyk

Beyond Microbenchmarks The SPEC-RG Vision for A Comprehensive Serverless Benchmark Erwin van Eyk Joel Scheuner Simon Eismann Cristina L. Abad Alexandru Iosup HotCloudPerf @ ICPE 2020 SPEC RG CLOUD Serverless Activity Exploring

264 views • 22 slides
Imputed Income Reporting Lorena Dema Business Analyst, Benefits Policy November 18, 2020 CPG

Imputed Income Reporting Lorena Dema Business Analyst, Benefits Policy November 18, 2020 CPG

Education for Benefits Administrators: Imputed Income Reporting Lorena Dema Business Analyst, Benefits Policy November 18, 2020 CPG Administrator Webinar Series Todays Agenda Definition of Imputed Income: What, Why, Who, When and How

524 views • 23 slides
Gods CV Gods CV God is love 1 Jn. 4:8 Matthew 13:41-42 The Son of Man will send

Gods CV Gods CV God is love 1 Jn. 4:8 Matthew 13:41-42 The Son of Man will send

The Greatness of God Examining Gods CV Gods CV God is love 1 Jn. 4:8 Matthew 13:41-42 The Son of Man will send his angels, and they will gather out of his kingdom all causes of sin and all law-breakers, and throw them into the

601 views • 49 slides
Lecture 4: Introduction to CSE 373: Data Structures and Code Analysis Algorithms CSE 373 19 SP

Lecture 4: Introduction to CSE 373: Data Structures and Code Analysis Algorithms CSE 373 19 SP

Lecture 4: Introduction to CSE 373: Data Structures and Code Analysis Algorithms CSE 373 19 SP - KASEY CHAMPION 1 5 Minutes Warm Up Read through the code on the worksheet given Come up with a test case for each of the described test

542 views • 16 slides
Chapter 4 ADT Sorted List Sorted Type Class Interface Diagram SortedType class MakeEmpty

Chapter 4 ADT Sorted List Sorted Type Class Interface Diagram SortedType class MakeEmpty

Chapter 4 ADT Sorted List Sorted Type Class Interface Diagram SortedType class MakeEmpty Private data: IsFull length GetLength info [ 0 ] [ 1 ] GetItem [ 2 ] PutItem [MAX_ITEMS-1] DeleteItem currentPos ResetList GetNextItem Member

650 views • 43 slides
11/12/2020 Disciplinary Removals of Students with Disabilities COUNTING THE DAYS Special

11/12/2020 Disciplinary Removals of Students with Disabilities COUNTING THE DAYS Special

11/12/2020 Disciplinary Removals of Students with Disabilities COUNTING THE DAYS Special Education Mediation Services Hello! A few details before we get started Locate the orange arrow (in the upper right hand corner of the screen), this

523 views • 12 slides
Pro Bono Design & Management Accelerator 1 Decem ecember er 12, 2 2018 2 Session 3

Pro Bono Design & Management Accelerator 1 Decem ecember er 12, 2 2018 2 Session 3

Pro Bono Design & Management Accelerator 1 Decem ecember er 12, 2 2018 2 Session 3 Impact Evaluation & Data Tracking 3 Coach introductions Peter James Senior Manager of Research & Evaluation Rene J. Schomp Senior Staff

957 views • 70 slides
Educating voters about their options COVID-19 and Election Administration: Approaches for

Educating voters about their options COVID-19 and Election Administration: Approaches for

Educating voters about their options COVID-19 and Election Administration: Approaches for Election Officials June 4, 2020 Housekeeping Be gracious about work-from-home setups Restart Zoom if needed Slides and captioned recordings

942 views • 47 slides
Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant

Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant

Presentation of the paper Proof-of-Execution: Reaching Consensus through Fault-Tolerant Speculation Presenter: Haojun (Howard) Zhu Background Due to time-tested safe design of PBFT and due to the limiting designs of other BFT protocols,

536 views • 26 slides

More recommend