GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools


rfc:rfc5904

Internet Engineering Task Force (IETF) G. Zorn Request for Comments: 5904 Network Zen Category: Informational June 2010 ISSN: 2070-1721

                 RADIUS Attributes for IEEE 802.16
     Privacy Key Management Version 1 (PKMv1) Protocol Support

Abstract

 This document defines a set of Remote Authentication Dial-In User
 Service (RADIUS) Attributes that are designed to provide RADIUS
 support for IEEE 802.16 Privacy Key Management Version 1.

Status of This Memo

 This document is not an Internet Standards Track specification; it is
 published for informational purposes.
 This document is a product of the Internet Engineering Task Force
 (IETF).  It represents the consensus of the IETF community.  It has
 received public review and has been approved for publication by the
 Internet Engineering Steering Group (IESG).  Not all documents
 approved by the IESG are a candidate for any level of Internet
 Standard; see Section 2 of RFC 5741.
 Information about the current status of this document, any errata,
 and how to provide feedback on it may be obtained at
 http://www.rfc-editor.org/info/rfc5904.

Copyright Notice

 Copyright (c) 2010 IETF Trust and the persons identified as the
 document authors.  All rights reserved.
 This document is subject to BCP 78 and the IETF Trust's Legal
 Provisions Relating to IETF Documents
 (http://trustee.ietf.org/license-info) in effect on the date of
 publication of this document.  Please review these documents
 carefully, as they describe your rights and restrictions with respect
 to this document.  Code Components extracted from this document must
 include Simplified BSD License text as described in Section 4.e of
 the Trust Legal Provisions and are provided without warranty as
 described in the Simplified BSD License.

Zorn Informational [Page 1] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 This document may contain material from IETF Documents or IETF
 Contributions published or made publicly available before November
 10, 2008.  The person(s) controlling the copyright in some of this
 material may not have granted the IETF Trust the right to allow
 modifications of such material outside the IETF Standards Process.
 Without obtaining an adequate license from the person(s) controlling
 the copyright in such materials, this document may not be modified
 outside the IETF Standards Process, and derivative works of it may
 not be created outside the IETF Standards Process, except to format
 it for publication as an RFC or to translate it into languages other
 than English.

Table of Contents

 1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
 2.  Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . .  3
 3.  Attributes . . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.1.  PKM-SS-Cert  . . . . . . . . . . . . . . . . . . . . . . .  4
   3.2.  PKM-CA-Cert  . . . . . . . . . . . . . . . . . . . . . . .  5
   3.3.  PKM-Config-Settings  . . . . . . . . . . . . . . . . . . .  6
   3.4.  PKM-Cryptosuite-List . . . . . . . . . . . . . . . . . . .  8
   3.5.  PKM-SAID . . . . . . . . . . . . . . . . . . . . . . . . .  9
   3.6.  PKM-SA-Descriptor  . . . . . . . . . . . . . . . . . . . .  9
   3.7.  PKM-AUTH-Key . . . . . . . . . . . . . . . . . . . . . . . 10
     3.7.1.  AUTH-Key Protection  . . . . . . . . . . . . . . . . . 12
 4.  Table of Attributes  . . . . . . . . . . . . . . . . . . . . . 12
 5.  Diameter Considerations  . . . . . . . . . . . . . . . . . . . 13
 6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13
 7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 13
 8.  Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14
 9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
   10.1. Normative References . . . . . . . . . . . . . . . . . . . 14
   10.2. Informative References . . . . . . . . . . . . . . . . . . 14

Zorn Informational [Page 2] RFC 5904 RADIUS Attributes for PKMv1 June 2010

1. Introduction

 Privacy Key Management Version 1 (PKMv1) [IEEE.802.16-2004] is a
 public-key-based authentication and key establishment protocol
 typically used in fixed wireless broadband network deployments.  The
 protocol utilizes X.509 v3 certificates [RFC2459], RSA encryption
 [RFC2437], and a variety of secret key cryptographic methods to allow
 an 802.16 Base Station (BS) to authenticate a Subscriber Station (SS)
 and perform key establishment and maintenance between an SS and BS.
 This document defines a set of RADIUS Attributes that are designed to
 provide support for PKMv1.  The target audience for this document
 consists of those developers implementing RADIUS support for PKMv1;
 therefore, familiarity with both RADIUS [RFC2865] and the IEEE
 802.16-2004 standard is assumed.
 Please note that this document relies on IEEE.802.16-2004, which
 references RFC 2437 and RFC 2459, rather than any more recent RFCs on
 RSA and X.509 certificates (e.g., RFC 3447 and RFC 5280).

2. Acronyms

 CA
    Certification Authority; a trusted party issuing and signing X.509
    certificates.
 For further information on the following terms, please see Section 7
 of [IEEE.802.16-2004].
 SA
    Security Association
 SAID
    Security Association Identifier
 TEK
    Traffic Encryption Key

3. Attributes

 The following subsections describe the Attributes defined by this
 document.  This specification concerns the following values:
    137 PKM-SS-Cert
    138 PKM-CA-Cert
    139 PKM-Config-Settings

Zorn Informational [Page 3] RFC 5904 RADIUS Attributes for PKMv1 June 2010

    140 PKM-Cryptosuite-List
    141 PKM-SAID
    142 PKM-SA-Descriptor
    143 PKM-Auth-Key

3.1. PKM-SS-Cert

 Description
    The PKM-SS-Cert Attribute is variable length and MAY be
    transmitted in the Access-Request message.  The Value field is of
    type string and contains the X.509 certificate [RFC2459] binding a
    public key to the identifier of the Subscriber Station.
    The minimum size of an SS certificate exceeds the maximum size of
    a RADIUS attribute.  Therefore, the client MUST encapsulate the
    certificate in the Value fields of two or more instances of the
    PKM-SS-Cert Attribute, each (except possibly the last) having a
    length of 255 octets.  These multiple PKM-SS-Cert Attributes MUST
    appear consecutively and in order within the packet.  Upon
    receipt, the RADIUS server MUST recover the original certificate
    by concatenating the Value fields of the received PKM-SS-Cert
    Attributes in order.
 A summary of the PKM-SS-Cert Attribute format is shown below.  The
 fields are transmitted from left to right.
                        1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Type       |      Len      |    Value...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    137 for PKM-SS-Cert
 Len
    > 2
 Value
    The Value field is variable length and contains a (possibly
    complete) portion of an X.509 certificate.

Zorn Informational [Page 4] RFC 5904 RADIUS Attributes for PKMv1 June 2010

3.2. PKM-CA-Cert

 Description
    The PKM-CA-Cert Attribute is variable length and MAY be
    transmitted in the Access-Request message.  The Value field is of
    type string and contains the X.509 certificate [RFC2459] used by
    the CA to sign the SS certificate carried in the PKM-SS-Cert
    attribute (Section 3.1) in the same message.
    The minimum size of a CA certificate exceeds the maximum size of a
    RADIUS attribute.  Therefore, the client MUST encapsulate the
    certificate in the Value fields of two or more instances of the
    PKM-CA-Cert Attribute, each (except possibly the last) having a
    length of 255 octets.  These multiple PKM-CA-Cert Attributes MUST
    appear consecutively and in order within the packet.  Upon
    receipt, the RADIUS server MUST recover the original certificate
    by concatenating the Value fields of the received PKM-CA-Cert
    Attributes in order.
 A summary of the PKM-CA-Cert Attribute format is shown below.  The
 fields are transmitted from left to right.
                        1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Type       |      Len      |    Value...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    138 for PKM-CA-Cert
 Len
    > 2
 Value
    The Value field is variable length and contains a (possibly
    complete) portion of an X.509 certificate.

Zorn Informational [Page 5] RFC 5904 RADIUS Attributes for PKMv1 June 2010

3.3. PKM-Config-Settings

 Description
    The PKM-Config-Settings Attribute is of type string [RFC2865].  It
    is 30 octets in length and consists of seven independent fields,
    each of which is conceptually an unsigned integer.  Each of the
    fields contains a timeout value and corresponds to a Type-Length-
    Value (TLV) tuple encapsulated in the IEEE 802.16 "PKM
    configuration settings" attribute; for details on the contents of
    each field, see Section 11.9.19 of [IEEE.802.16-2004].  One
    instance of the PKM-Config-Settings Attribute MAY be included in
    the Access-Accept message.
 A summary of the PKM-Config-Settings Attribute format is shown below.
 The fields are transmitted from left to right.
                      1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |    Type       |      Len      |       Auth Wait Timeout
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     Auth Wait Timeout (cont.)   |      Reauth Wait Timeout
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    Reauth Wait Timeout (cont.)  |        Auth Grace Time
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      Auth Grace Time (cont.)    |        Op Wait Timeout
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      Op Wait Timeout (cont.)    |       Rekey Wait Timeout
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    Rekey Wait Timeout (cont.)   |         TEK Grace Time
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      TEK Grace Time (cont.)     |     Auth Rej Wait Timeout
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   Auth Rej Wait Timeout (cont.) |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    139 for PKM-Config-Settings
 Len
    30

Zorn Informational [Page 6] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 Auth Wait Timeout
    The Auth Wait Timeout field is 4 octets in length and corresponds
    to the "Authorize wait timeout" field of the 802.16 "PKM
    configuration settings" attribute.
 Reauth Wait Timeout
    The Reauth Wait Timeout field is 4 octets in length and
    corresponds to the "Reauthorize wait timeout" field of the 802.16
    "PKM configuration settings" attribute.
 Auth Grace Time
    The Auth Grace Time field is 4 octets in length and corresponds to
    the "Authorize grace time" field of the 802.16 "PKM configuration
    settings" attribute.
 Op Wait Timeout
    The Op Wait Timeout field is 4 octets in length and corresponds to
    the "Operational wait timeout" field of the 802.16 "PKM
    configuration settings" attribute.
 Rekey Wait Timeout
    The Rekey Wait Timeout field is 4 octets in length and corresponds
    to the "Rekey wait timeout" field of the 802.16 "PKM configuration
    settings" attribute.
 TEK Grace Time
    The TEK Grace Time field is 4 octets in length and corresponds to
    the "TEK grace time" field of the 802.16 "PKM configuration
    settings" attribute.
 Auth Rej Wait Timeout
    The Auth Rej Wait Timeout field is 4 octets in length and
    corresponds to the "Authorize reject wait timeout" field of the
    802.16 "PKM configuration settings" attribute.

Zorn Informational [Page 7] RFC 5904 RADIUS Attributes for PKMv1 June 2010

3.4. PKM-Cryptosuite-List

 Description
    The PKM-Cryptosuite-List Attribute is of type string [RFC2865] and
    is variable length; it corresponds roughly to the "Cryptographic-
    Suite-List" 802.16 attribute (see Section 11.19.15 of
    [IEEE.802.16-2004]), the difference being that the RADIUS
    Attribute contains only the list of 3-octet cryptographic suite
    identifiers, omitting the IEEE Type and Length fields.
    The PKM-Cryptosuite-List Attribute MAY be present in an Access-
    Request message.  Any message in which the PKM-Cryptosuite-List
    Attribute is present MUST also contain an instance of the Message-
    Authenticator Attribute [RFC3579].
    Implementation Note
       The PKM-Cryptosuite-List Attribute is used as a building block
       to create the 802.16 "Security-Capabilities" attribute
       ([IEEE.802.16-2004], Section 11.9.13); since this document only
       pertains to PKM version 1, the "Version" sub-attribute in that
       structure MUST be set to 0x01 when the RADIUS client constructs
       it.
 A summary of the PKM-Cryptosuite-List Attribute format is shown
 below.  The fields are transmitted from left to right.
                      1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |      Type     |      Len      |          Value...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    140 for PKM-Cryptosuite-List
 Len
    2 + 3n < 39, where 'n' is the number of cryptosuite identifiers in
    the list.

Zorn Informational [Page 8] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 Value
    The Value field is variable length and contains a sequence of one
    or more cryptosuite identifiers, each of which is 3 octets in
    length and corresponds to the Value field of an IEEE 802.16
    Cryptographic-Suite attribute.

3.5. PKM-SAID

 Description
    The PKM-SAID Attribute is of type string [RFC2865].  It is 4
    octets in length and contains a PKM Security Association
    Identifier ([IEEE.802.16-2004], Section 11.9.7).  It MAY be
    included in an Access-Request message.
 A summary of the PKM-SAID Attribute format is shown below.  The
 fields are transmitted from left to right.
                      1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |      Type     |      Len      |            SAID               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    141 for PKM-SAID
 Len
    4
 SAID
    The SAID field is two octets in length and corresponds to the
    Value field of the 802.16 PKM SAID attribute

3.6. PKM-SA-Descriptor

 Description
    The PKM-SA-Descriptor Attribute is of type string and is 8 octets
    in length.  It contains three fields, described below, which
    together specify the characteristics of a PKM security
    association.  One or more instances of the PKM-SA-Descriptor
    Attribute MAY occur in an Access-Accept message.

Zorn Informational [Page 9] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 A summary of the PKM-SA-Descriptor Attribute format is shown below.
 The fields are transmitted from left to right.
                      1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |      Type     |      Len      |            SAID               |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |    SA Type    |                Cryptosuite                    |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    142 for PKM-SA-Descriptor
 Len
    8
 SAID
    The SAID field is two octets in length and contains a PKM SAID
    (Section 3.5).
 SA Type
    The SA Type field is one octet in length.  The contents correspond
    to those of the Value field of an IEEE 802.16 SA-Type attribute.
 Cryptosuite
    The Cryptosuite field is 3 octets in length.  The contents
    correspond to those of the Value field of an IEEE 802.16
    Cryptographic-Suite attribute.

3.7. PKM-AUTH-Key

 Description
    The PKM-AUTH-Key Attribute is of type string, 135 octets in
    length.  It consists of 3 fields, described below, which together
    specify the characteristics of a PKM authorization key.  The PKM-
    AUTH-Key Attribute MAY occur in an Access-Accept message.  Any
    packet that contains an instance of the PKM-AUTH-Key Attribute
    MUST also contain an instance of the Message-Authenticator
    Attribute [RFC3579].

Zorn Informational [Page 10] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 A summary of the PKM-AUTH-Key Attribute format is shown below.  The
 fields are transmitted from left to right.
                      1                   2                   3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |      Type     |      Len      |           Lifetime
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           Lifetime (cont.)      |    Sequence   |     Key...
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 Type
    143 for PKM-AUTH-Key
 Len
    135
 Lifetime
    The Lifetime field is 4 octets in length and represents the
    lifetime, in seconds, of the authorization key.  For more
    information, see Section 11.9.4 of [IEEE.802.16-2004].
 Sequence
    The Sequence field is one octet in length.  The contents
    correspond to those of the Value field of an IEEE 802.16 Key-
    Sequence-Number attribute (see [IEEE.802.16-2004], Section
    11.9.5).
 Key
    The Key field is 128 octets in length.  The contents correspond to
    those of the Value field of an IEEE 802.16 AUTH-Key attribute.
    The Key field MUST be encrypted under the public key from the
    Subscriber Station certificate (Section 3.1) using RSA encryption
    [RFC2437]; see Section 7.5 of [IEEE.802.16-2004] for further
    details.
    Implementation Note
       It is necessary that a plaintext copy of this field be returned
       in the Access-Accept message; appropriate precautions MUST be
       taken to ensure the confidentiality of the key.

Zorn Informational [Page 11] RFC 5904 RADIUS Attributes for PKMv1 June 2010

3.7.1. AUTH-Key Protection

 The PKM-AUTH-Key Attribute (Section 3.7) contains the AUTH-Key
 encrypted with the SS's public key.  The BS also needs the AK, so a
 second copy of the AK needs to be returned in the Access-Accept
 message.
 It is RECOMMENDED that the AK is encapsulated in an instance of the
 MS-MPPE-Send-Key Attribute [RFC2548].  However, see Section 4.3.4 of
 RFC 3579 [RFC3579] for details regarding weaknesses in the encryption
 scheme used.
 If better means for protecting the Auth-Key are available (such as
 RADIUS key attributes with better security properties, or means of
 protecting the whole Access-Accept message), they SHOULD be used
 instead of (or in addition to) the MS-MPPE-Send-Key Attribute.

4. Table of Attributes

 The following table provides a guide to which attributes may be found
 in which kinds of packets, and in what quantity.
 Request Accept Reject Challenge Acct-Req  #   Attribute
 0+      0      0      0         0        137 PKM-SS-Cert [Note 1]
 0+      0      0      0         0        138 PKM-CA-Cert [Note 2]
 0       0-1    0      0         0        139 PKM-Config-Settings
 0-1     0      0      0         0        140 PKM-Cryptosuite-List
 0-1     0      0      0         0        141 PKM-SAID
 0       0+     0      0         0        142 PKM-SA-Descriptor
 0       0-1    0      0         0        143 PKM-Auth-Key
 0       0-1    0      0         0             MS-MPPE-Send-Key
                                                  [Note 3]
 [Note 1]
    No more than one Subscriber Station Certificate may be transferred
    in an Access-Request packet.
 [Note 2]
    No more than one CA Certificate may be transferred in an Access-
    Request packet.
 [Note 3]
    MS-MPPE-Send-Key is one possible attribute that can be used to
    convey the AK to the BS; other attributes can be used instead (see
    Section 3.7.1).

Zorn Informational [Page 12] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 The following table defines the meaning of the above table entries.
 0   This attribute MUST NOT be present in packet
 0+  Zero or more instances of this attribute MAY be present in packet
 0-1 Zero or one instance of this attribute MAY be present in packet
 1   Exactly one instance of this attribute MUST be present in packet

5. Diameter Considerations

 Since the Attributes defined in this document are allocated from the
 standard RADIUS type space (see Section 7), no special handling is
 required by Diameter nodes.

6. Security Considerations

 Section 4 of RFC 3579 [RFC3579] discusses vulnerabilities of the
 RADIUS protocol.
 Section 3 of the paper "Security Enhancements for Privacy and Key
 Management Protocol in IEEE 802.16e-2005" [SecEn] discusses the
 operation and vulnerabilities of the PKMv1 protocol.
 If the Access-Request message is not subject to strong integrity
 protection, an attacker may be able to modify the contents of the
 PKM-Cryptosuite-List Attribute, weakening 802.16 security or
 disabling data encryption altogether.
 If the Access-Accept message is not subject to strong integrity
 protection, an attacker may be able to modify the contents of the
 PKM-Auth-Key Attribute.  For example, the Key field could be replaced
 with a key known to the attacker.
 See Section 3.7.1 for security considerations of sending the
 authorization key to the BS.

7. IANA Considerations

 IANA has assigned numbers for the following Attributes:
    137 PKM-SS-Cert
    138 PKM-CA-Cert
    139 PKM-Config-Settings
    140 PKM-Cryptosuite-List
    141 PKM-SAID

Zorn Informational [Page 13] RFC 5904 RADIUS Attributes for PKMv1 June 2010

    142 PKM-SA-Descriptor
    143 PKM-Auth-Key
 The Attribute numbers are to be allocated from the standard RADIUS
 Attribute type space according to the "IETF Review" policy [RFC5226].

8. Contributors

 Pasi Eronen provided most of the text in Section 3.7.1.

9. Acknowledgements

 Thanks (in no particular order) to Bernard Aboba, Donald Eastlake,
 Dan Romascanu, Avshalom Houri, Juergen Quittek, Pasi Eronen, and Alan
 DeKok for their mostly useful reviews of this document.

10. References

10.1. Normative References

 [IEEE.802.16-2004]
            Institute of Electrical and Electronics Engineers, "IEEE
            Standard for Local and metropolitan area networks, Part
            16: Air Interface for Fixed Broadband Wireless Access
            Systems", IEEE Standard 802.16, October 2004.
 [RFC2865]  Rigney, C., Willens, S., Rubens, A., and W. Simpson,
            "Remote Authentication Dial In User Service (RADIUS)",
            RFC 2865, June 2000.
 [RFC3579]  Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication
            Dial In User Service) Support For Extensible
            Authentication Protocol (EAP)", RFC 3579, September 2003.
 [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
            IANA Considerations Section in RFCs", BCP 26, RFC 5226,
            May 2008.

10.2. Informative References

 [RFC2437]  Kaliski, B. and J. Staddon, "PKCS #1: RSA Cryptography
            Specifications Version 2.0", RFC 2437, October 1998.
 [RFC2459]  Housley, R., Ford, W., Polk, T., and D. Solo, "Internet
            X.509 Public Key Infrastructure Certificate and CRL
            Profile", RFC 2459, January 1999.

Zorn Informational [Page 14] RFC 5904 RADIUS Attributes for PKMv1 June 2010

 [RFC2548]  Zorn, G., "Microsoft Vendor-specific RADIUS Attributes",
            RFC 2548, March 1999.
 [SecEn]    Altaf, A., Jawad, M., and A. Ahmed, "Security Enhancements
            for Privacy and Key Management Protocol in IEEE 802.16e-
            2005", Ninth ACIS International Conference on Software
            Engineering, Artificial Intelligence, Networking, and
            Parallel/Distributed Computing, 2008.

Author's Address

 Glen Zorn
 Network Zen
 1463 East Republican Street
 #358
 Seattle, WA  98112
 US
 EMail: gwz@net-zen.net

Zorn Informational [Page 15]

/data/webs/external/dokuwiki/data/pages/rfc/rfc5904.txt · Last modified: 2010/06/26 01:50 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki