RFC 4809:Requirements for an IPsec Certificate Man...
RFC-Ref

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

transaction

Click on the red underlined text to get to the source

1. Introduction
... This document describes and identifies the requirements for transactions to handle PKC lifecycle transactions between [IPsec ...
... This document describes and identifies the requirements for transactions to handle PKC lifecycle transactions between [IPsec] VPN ...
... PKI Systems. This document contains requirements for a transaction-based approach. Other models are conceivable, for example, a directory-centric approach, but their requirements ...
... Public Key Certificate (PKC) lifecycle transactions between different VPN System and PKI System products in order to better enable large scale, PKI-enabled ...
... IPsec deployments with a common set of transactions. Requirements for both the IPsec ...
... The requirements address transactions for the entire PKC lifecycle for PKI-enabled ...
... update, revoke, and confirm), and repository lookups. These transactions enable a VPN Operator to: ...
... to the pre-agreed template). These authorizations can occur either prior to the enrollment or in the same transaction as the enrollment. ...
... The document addresses requirements on transactions between the VPN Systems and the PKI Systems ...
... excluded, but are intentionally not a focus. Only VPN-PKI transactions that ease and enable scalable PKI-enabled IPsec ...
... VPN Administrator to Peer transactions will not be addressed. These interactions are considered vendor proprietary. These interactions may be ...
... vendors, but are far beyond the scope of this current effort, and will be described as opaque transactions in this document. The protocol specification ...
... identity in an IKE transaction has not been revoked. CRL Distribution Point ...


2. Architecture
... management profile. Requirements for [I] transactions are beyond the scope of this document. Additionally, the act of certification ...


3. Requirements
... Secure Transactions ...
... management profile MUST specify the [A], [E], [L], and [R] transactions between VPN and PKI Systems. To support ...
... VPN and PKI Systems. To support these transactions, the Admin and PKI MUST exchange policy details, identities, and keys. As such, the method ...
... identities, and keys. As such, the method of communication for [A], [E], and [L] transactions MUST be secured in a manner that ensures privacy, authentication ...
... trust be established between the PKI and the Admin (see Section 3.7.1). [R] transactions do not require authentication or message data ...
... PKCs and CRLs) are already digitally signed. Whether [R] transactions require privacy is determined by the local security policy. ...
... management profile will not specify [G] transactions. However, these transactions MUST be secured in a manner that ensures privacy ...
... profile will not specify [G] transactions. However, these transactions MUST be secured in a manner that ensures privacy, authentication ...
... message data integrity because these transactions are the basis for the other transactions. ...
... integrity because these transactions are the basis for the other transactions. ...
... Availability is REQUIRED initially for authorization transactions between the PKI and Admin. Further availability is required in most ...
... A PKC used for identity in VPN-PKI transactions MUST include all the [CERTPROFILE] mandatory fields. It MUST also contain contents ...
... PKC profiles for IPsec transactions [IKECERTPROFILE] and VPN-PKI transactions ...
... transactions [IKECERTPROFILE] and VPN-PKI transactions (in the certificate management ...
... profile) are the same so that one PKC could be used for both transaction sets. If the profiles are inconsistent, then different PKCs ...
... The protocol for the VPN-PKI transactions MUST specify error handling for each transaction ...
... VPN-PKI transactions MUST specify error handling for each transaction. Thorough error condition descriptions and handling instructions will greatly aid interoperability ...
... The authorization scenario for VPN-PKI transactions involves a two- step process: an authorization request and an authorization ...
... Figure 4 shows the salient interactions to perform authorization transactions. +--------------+ +-----------------------+ ...
... Figure 4. Authorization Transactions 1) Authorization ...
... Requirements for PKC fields used in IPsec transactions are specified in [IKECERTPROFILE]. ...
... Requirements for PKC fields used in VPN-PKI transactions are specified in Section 3.1.6. ...
... Thorough error condition descriptions and handling instructions MUST be provided to the Admin for each transaction in the authorization process. Providing such error codes ...
... 1) Opaque transaction [G]. Admin sends authorization identifier, ...
... 1) Opaque transaction [G]. Admin sends command to Peer to generate key pair, based on parameters provided in the command. ...
... 3) Opaque transaction [G]. Peer returns key pair to Admin. ...
... Thorough error condition descriptions and handling instructions MUST be provided for each transaction in the key generation and PKC request construction process. Providing such error codes ...
... 1) Opaque Transaction [E]. The IPsec Peer requests a PKC from the ...
... 4) Opaque Transaction [E]. The Admin forwards the enrollment response back to the IPsec Peer. ...
... 5) Opaque Transaction [E]. Peer positively acknowledges receipt of new PKC back to the Admin. ...
... 8) Opaque Transaction [E]. Admin forwards PKI's enrollment confirmation receipt back to the Peer. ...
... 3) Opaque Transaction [E]. The Admin forwards the enrollment response back to the IPsec Peer. ...
... 4) Opaque Transaction [E]. Peer positively acknowledges receipt of new PKC back to the Admin. ...
... 7) Opaque Transaction [E]. Admin forwards PKI's enrollment confirmation receipt back to the Peer. ...
... 3) Opaque Transaction [E]. The Admin forwards the enrollment response back to the IPsec Peer, along with the keys. ...
... 4) Opaque Transaction [E]. Peer positively acknowledges receipt of new PKC back to the Admin. ...
... 7) Opaque Transaction [E]. Admin forwards PKI's enrollment confirmation receipt back to the Peer. ...
... 2) Opaque Transaction [E]. The Admin forwards the enrollment response back to the IPsec Peer, along with the keys. ...
... 3) Opaque Transaction [E]. Peer positively acknowledge receipt of new PKC back to the Admin. ...
... 6) Opaque Transaction [E]. Admin forwards PKI's enrollment confirmation receipt back to the Peer. ...
... Thorough error condition descriptions and handling instructions are REQUIRED for each transaction in the enrollment process. Providing such error codes will greatly aid interoperability ...
... Thorough error condition descriptions and handling instructions are required for each transaction in the rekey, renewal, or update ...
... PKC it wishes to revoke. Whether the actual revocation request transaction occurs directly with the PKI or is first sent to Admin (who proxies ...
... The profile MUST identify the one protocol or transaction within a protocol to be used for both Peer and Admin initiated revocations. ...
... Below are guidelines for revocation in specific transactions: - AFTER RENEW, BEFORE EXPIRATION: The PKI ...
... the PKC revocation during a renew transaction. PKI MUST revoke the PKC ...
... PKC revocation during an update transaction. PKI MUST revoke the PKC ...
... communicated in the PKCs sent during the IKE transaction. All PKCs ...
... Thorough error condition descriptions and handling instructions are required for each transaction in the repository lookup process. Providing such error codes ...
... Thorough error condition descriptions and handling instructions are required for each transaction in the revocation checking and path validation ...

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org