gsakmp policy token spec
play

GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt - PowerPoint PPT Presentation

Jan 21, 2023 •214 likes •321 views

GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA, Inc. (410) 872-1515 x203 hh@sparta.com Agenda GSAKMP Roles GSAKMP Policy Token Dissemination GSAKMP Token Spec. GSAKMP Roles GO

  1. GSAKMP Policy Token Spec Draft-ietf-msec-tokenspec-sec-00.txt Presented by Hugh Harney SPARTA, Inc. (410) 872-1515 x203 hh@sparta.com

  2. Agenda • GSAKMP Roles • GSAKMP Policy Token Dissemination • GSAKMP Token Spec.

  3. GSAKMP Roles GO • Group Owner – Policy Creation Authority GC/KS • Group Controller/Key Server – Policy enforcer Subordinate – Policy dissemination GC/KS • Subordinate GC/KS – Policy enforcer • Group Member – Policy enforcer GM GM

  4. GSAKMP Policy Token Dissemination Controller Message Member or S-GC/KS Request to Join Policy Enforcement Key Download (Policy Token) Policy Notification - Ack/Failure Enforcement Shared Keyed Group Session

  5. GSAKMP Token Specification - Top level • Identification – Uniquely identify policy token and group • Authorizations – Identifies • Group Owner • Authorized rekey initiator • Sub GC/KS s • Access Control – Who is allowed into the group • Mechanisms – What are the allowed mechanisms for this group – Pass through policy for crypto application (IPSec) • Signature – Verification of policy token veracity

  6. Identification Fields • Token ID – Version (Policy Token version) – Protocol ID (GSAKMP or other) – Group ID (Unique identity of cryptographic group) • Network Identifier (multicast IP address if appropriate) • Serial number – Time (Group Owner Time)

  7. Authorization Fields • Group Owner Name: explicit – Owner Name PKI • Rekey Controller Name: explicit or rules – Rekey Controller Name PKI • Key Server Authorizations : explicit or rules

  8. Access Control Fields • Access control – Inclusionary • Permission level • Rules based on certificates – Names (X.509 Subject field) NAME (Explicit or Rule) PKI – Exclusionary • Permission Level • Rules based on certificates – Name rules NAME (Explicit or Rule) PKI

  9. Mechanism Fields Internal for GSAKMP • GSAKMP Key API – Key Management SA (GSAKMP security – Key use (Encryption) suite) • Algorithm • Encryption • Mode • Rekey – Rekey Information • Key length • Frequency • Key lifespan • Rollover – Type • Key type – Time • Key Creation methodology – Unicast SA (Management messages) – Group Specific Data (PF Key Data) • Encryption • Type (IPSec) • Rekey – Number of SAs – Group Specific Data (PF Key Data) – Secure Associations (SAD/SPD) • Type (IPSec) – Number of SAs – Secure Associations (SAD/SPD)

  10. Signature Fields • Signature – Name • Group Owner Name • Certificate serial number – PKI • Type (type of certificate) • Key length • Serial number (for issuer cert) • Issuer PKI Length • Issuer PKI (x.509 subject data for issuer) – Signature Data (Group Owners Signature over Policy Token)

Recommend

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT

HOTNOW HOT Token HOTNOW l TOKEN SALE THE FIRST UTILITY TOKEN WITH REAL INTRINSIC VALUE REINVENT DIGITAL MARKETING BY ENABLING THE FIRST GAMIFIED ONLINE-TO-OFFLINE ECONOMY FOR EMERGING ASIA PURPOSE Make Digital Marketing Accessible For All

374 views • 14 slides
RSpec on Rails Tutorial https://ihower.tw 2016/8 Agenda Rails RSpec

RSpec on Rails Tutorial https://ihower.tw 2016/8 Agenda Rails RSpec

RSpec on Rails Tutorial https://ihower.tw 2016/8 Agenda Rails RSpec Model Spec, Routing Spec, Controller Spec, View Spec, Helper Spec Request Spec Feature Spec

945 views • 93 slides
PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1

PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1

PIV Token Issuance PIV Token Issuance Ketan Mehta Mehta_Ketan@bah.com October 6, 2004 1 Agenda Agenda Definition and Purpose Issuance Process Token Issuance Authority Requirements Token Personalization Requirements

324 views • 13 slides
SPEC MPI2007 Benchmarks for HPC Systems Ron Lieberman Dr. Matthias S. Mueller Chair, SPEC HPG

SPEC MPI2007 Benchmarks for HPC Systems Ron Lieberman Dr. Matthias S. Mueller Chair, SPEC HPG

SPEC MPI2007 Benchmarks for HPC Systems Ron Lieberman Dr. Matthias S. Mueller Chair, SPEC HPG Vice Chair, SPEC HPG HP-MPI Performance Deputy Director, CTO Hewlett-Packard Company Center for Information Services and High Performance

364 views • 20 slides
Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss

Kidnapping's Cesar Cerrudo Revenge Argeniss Token Token Who am I? Who am I? Argeniss Founder and CEO A i F d d CEO I have been working on security for + 8 years I have found and helped to fix hundreds of

335 views • 16 slides
La La ser Spec Spec troscopy of Radioactive Atoms at the L ow E nergy B eamline Wilfried

La La ser Spec Spec troscopy of Radioactive Atoms at the L ow E nergy B eamline Wilfried

CORE Meeting, GSI, June 1 st 2005 La La ser Spec Spec troscopy of Radioactive Atoms at the L ow E nergy B eamline Wilfried Nrtershuser for the LaSpec collaboration University of Tbingen GSI Darmstadt Content Introduction and

511 views • 19 slides
Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter

Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter

Token Ring Developed by IBM, adopted by IEEE as 802.5 standard Token rings latter extended to FDDI (Fiber Distributed Data Interface) and 802.17 (Resilient Packet Ring) standards Nodes connected in a ring Data always flows in

809 views • 16 slides
GROVEDALE AVENUE BANNERMAN STREET ST. FIDELIS CATHOLIC ELEMENTARY SCHOOL RUSTIC ROAD SPEC ED

GROVEDALE AVENUE BANNERMAN STREET ST. FIDELIS CATHOLIC ELEMENTARY SCHOOL RUSTIC ROAD SPEC ED

GROVEDALE AVENUE BANNERMAN STREET ST. FIDELIS CATHOLIC ELEMENTARY SCHOOL RUSTIC ROAD SPEC ED SPEC ED SPEC ED SPEC ED CR1 WR WR STAIR C OFFICE KITCHEN ELEC GENERAL PURPOSE CUDOIAL WASTE ATRIUM LAN CUST STAIR A STOR WR WR WR

438 views • 6 slides
GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface

GNUK TOKEN AND GNUPG GNUK TOKEN AND GNUPG SCDAEMON SCDAEMON minimizing the attack surface NIIBE Yutaka <gniibe@fsij.org> FOSDEM 2018 This is a talk of my experience to have better control (by its user) of computing for privacy

610 views • 37 slides
Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list

Token to Words Expanding identified token to words numbers+type = word list homographs+type = words symbols broken down and pronounced unknown words: as word or letter sequence 11-752, LTI, Carnegie Mellon (define (token_to_words

836 views • 48 slides
Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully

P R E S E N T A T I O N B Y A M I B E N D A V I D Co-Founder, Managing Partner, SPiCE VC - Security Token Pioneers @AmiBenDavid 1 st Fully tokenized VC fund 4 th ever Security Token 1 st Regulation-enforcing Token (DS Protocol) Focused on

488 views • 21 slides
Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to

Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to

Lecture 19: Dictionaries Counting Words Creating token from a text file: 1 def file to tokens(filename): 2 with open (filename) as fin: 3 return fin.read().split() Create token counts for each unique token: 1 def wc list(tokens): 2 uniq =

259 views • 7 slides
1 SPEC CPU Benchmark Other SPEC Benchmarks SPEC: Standard Performance Evaluation SPECviewperf

1 SPEC CPU Benchmark Other SPEC Benchmarks SPEC: Standard Performance Evaluation SPECviewperf

What Does Performance Mean? Response time Lecture 2: Performance Evaluation A simulation program finishes in 5 minutes Methods Throughput A web server serves 5 million request per Performance definition, benchmark, second summarizing

341 views • 4 slides
UI Presentation Design Spec Description So for this project we have a design spec for our UI,

UI Presentation Design Spec Description So for this project we have a design spec for our UI,

UI Presentation Design Spec Description So for this project we have a design spec for our UI, which gave us the requirements to achieve within the designs, those being user experience, usability and utility. The user experience is important as

514 views • 10 slides
Security model for hybrid token-based networking models By Rudy Borgstede Contents

Security model for hybrid token-based networking models By Rudy Borgstede Contents

Security model for hybrid token-based networking models By Rudy Borgstede Contents Project Background Complex Resource Provisioning and Token-Based Networking Token Validation Service, the Java Aaauthreach project

504 views • 21 slides
Beyond Microbenchmarks The SPEC-RG Vision for A Comprehensive Serverless Benchmark Erwin van Eyk

Beyond Microbenchmarks The SPEC-RG Vision for A Comprehensive Serverless Benchmark Erwin van Eyk

Beyond Microbenchmarks The SPEC-RG Vision for A Comprehensive Serverless Benchmark Erwin van Eyk Joel Scheuner Simon Eismann Cristina L. Abad Alexandru Iosup HotCloudPerf @ ICPE 2020 SPEC RG CLOUD Serverless Activity Exploring

264 views • 22 slides
Measuring QoS in fixed and mobile networks Mari Ivona , spec. sci. E.E. Manager for Cable

Measuring QoS in fixed and mobile networks Mari Ivona , spec. sci. E.E. Manager for Cable

Measuring QoS in fixed and mobile networks Mari Ivona , spec. sci. E.E. Manager for Cable Distribution Systems Vujovi Ivan, spec. sci. E.E. Senior advisor for RF spectrum control & monitoring Agency for Electronic Communications &

781 views • 18 slides
Benchmark Design for Robust Profile-Directed Optimization SPEC Workshop 2007 Paul Berube and

Benchmark Design for Robust Profile-Directed Optimization SPEC Workshop 2007 Paul Berube and

Benchmark Design for Robust Profile-Directed Optimization SPEC Workshop 2007 Paul Berube and Jos Nelson Amaral University of Alberta NSERC Alberta Ingenuity iCore January 21, 2007 Paul Berube 1 In this talk SPEC: SPEC

616 views • 36 slides
Self-Stabilizing Token Distribution with Constant-Space for Trees Yuichi Sudo 1 , Ajoy K. Datta 2

Self-Stabilizing Token Distribution with Constant-Space for Trees Yuichi Sudo 1 , Ajoy K. Datta 2

OPODIS 2018 Self-Stabilizing Token Distribution with Constant-Space for Trees Yuichi Sudo 1 , Ajoy K. Datta 2 , Lawrence L. Larmore 2 , Toshimitsu Masuzawa 1 , 1. Osaka University, Japan 2. The University of Nevada, Las Vegas, USA Token

436 views • 18 slides
17.10.2019 What is EXW 01 The company Store. Who is EXW 02 The founders Share. EXW-token

17.10.2019 What is EXW 01 The company Store. Who is EXW 02 The founders Share. EXW-token

Store. Share. Grow. 17.10.2019 What is EXW 01 The company Store. Who is EXW 02 The founders Share. EXW-token 03 ERC-20 Eco-system Grow. 04 The foundation of the token Real Estate Cloud 05 New economy COMPANY NAME What is

468 views • 30 slides
Compilers Recursive Descent Algorithm Alex Aiken RD Algorithm Let TOKEN be the type of

Compilers Recursive Descent Algorithm Alex Aiken RD Algorithm Let TOKEN be the type of

Compilers Recursive Descent Algorithm Alex Aiken RD Algorithm Let TOKEN be the type of tokens Special tokens INT, OPEN, CLOSE, PLUS, TIMES Let the global next point to the next input token Alex Aiken RD Algorithm Define boolean

87 views • 8 slides
TREE = TOKEN The Frontier of Impact Finance T TREE T TREE Token = oken = 1 The Frontier

TREE = TOKEN The Frontier of Impact Finance T TREE T TREE Token = oken = 1 The Frontier

TREE = TOKEN The Frontier of Impact Finance T TREE T TREE Token = oken = 1 The Frontier of Impact Finance THE FRONTIER OF IMPACT FINANCE TREE Token is an investment platform for impact finance projects. On this platform, qualified

874 views • 30 slides
Pavement Preservation Overband Crack Seal ODOT Spec #423 Fog Seal ODOT Special

Pavement Preservation Overband Crack Seal ODOT Spec #423 Fog Seal ODOT Special

Pavement Preservation Overband Crack Seal ODOT Spec #423 Fog Seal ODOT Special Provision Onyx ODOT Special Provision Chip Seal ODOT Spec #422 Micro Surfacing ODOT Spec #421 Overband Crack Seal ODOT Spec #423

884 views • 69 slides
FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium

FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium

FSIJ USB Token for GnuPG Niibe Yutaka <gniibe@fsij.org> 2009-10-21 Japan Linux Symposium Contents Who am I? GNU Privacy Guard FSIJ USB Token PCB design V-USB (AVR-USB) CCID/ICCD Protocol OpenPGP Protocol RSA

991 views • 26 slides

More recommend