Dynamic Symmetric Key Provisioning Protocol
RFC 6063, “Dynamic Symmetric Key Provisioning Protocol”, is a Proposed Standard document published in December 2010 by A. Doherty, M. Pei, S. Machani, M. Nystrom. The canonical text is published by the RFC Editor.
Abstract
The Dynamic Symmetric Key Provisioning Protocol (DSKPP) is a client-server protocol for initialization (and configuration) of symmetric keys to locally and remotely accessible cryptographic modules. The protocol can be run with or without private key capabilities in the cryptographic modules and with or without an established public key infrastructure.
Two variations of the protocol support multiple usage scenarios. With the four-pass variant, keys are mutually generated by the provisioning server and cryptographic module; provisioned keys are not transferred over-the-wire or over-the-air. The two-pass variant enables secure and efficient download and installation of pre-generated symmetric keys to a cryptographic module. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 6063 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 6062 Traversal Using Relays around NAT Extensions for TCP Allocations
- RFC 6065 Using Authentication, Authorization, and Accounting Services to Dynamically Provision View-Based Access Control Model User-to-Group Mappings
- RFC 6059 Simple Procedures for Detecting Network Attachment in IPv6
- RFC 6067 BCP 47 Extension U
- RFC 6068 The 'mailto' URI Scheme
- RFC 6057 Comcast's Protocol-Agnostic Congestion Management System
- RFC 6069 Making TCP More Robust to Long Connectivity Disruptions
- RFC 6054 Using Counter Modes with Encapsulating Security Payload and Authentication Header to Protect Group Traffic