
Group Domain of Interpretation (GDOI) Payloads - per [RFC3547]

(last updated 9 December 2004)

Related Registries:
GDOI ID Payload Type Values 
SA KEK Payload Values
   -POP Algorithm 
   -KEK Attributes 
SA TEK Payload Values
   -Protocol-ID 
Key Download Type Values
   -TEK Download Type
   -KEK Download Type 
   -LKH Download Type 

In all cases, new assigned numbers and values must be added due to a 
Standards Action as defined in [RFC2434]. 
 
GDOI ID Payload Type Values 
---------------------------
 
When an ISAKMP identification payload is used with GDOI, the assigned 
values for the Identification Type field are interpreted according to 
this registry. 
 
The GDOI ID Payload Type is an 8-bit value that is used as a 
discriminator for interpretation of the variable-length Identification 
Payload. The following table describes ID Payload Types. 
 
       ID Type                   Value     Reference
       -------                   -----     ---------
       RESERVED                  0 - 10    [RFC3547]
       ID_KEY_ID                   11      [RFC3547]
       RESERVED                 12 - 127   [RFC3547]
       Private Use             128 - 255   [RFC3547]
 
SA KEK Payload Values 
---------------------

 POP Algorithm 
 
 The POP algorithm is a 16-bit value that is used to describe the 
 encryption algorithm of the POP payload. 
 
             Algorithm Type  Value   Reference
             --------------  -----   ---------
             RESERVED           0    [RFC3547]
             POP_ALG_RSA        1    [RFC3547]
             POP_ALG_DSS        2    [RFC3547]
             POP_ALG_ECDSS      3    [RFC3547]
             RESERVED         4-127  [RFC3547]
             Private Use    128-255  [RFC3547]
 
 KEK Attributes 

 The KEK Attribute consists of a 16-bit type and its associated value.  
 KEK attributes are used to pass policy from a GCKS to a group member.   
 
 The following attributes may be present in a SAK Payload. The attributes 
 must follow the format defined in ISAKMP [RFC2408] section 3.3. In the 
 table, attributes that are defined as TV are marked as Basic (B); 
 attributes that are defined as TLV are marked as Variable (V). 
 
          ID Class                   Value    Type  Reference
          --------                   -----    ----  ---------
          RESERVED                     0 
          KEK_MANAGEMENT_ALGORITHM     1        B   [RFC3547]
          KEK_ALGORITHM                2        B   [RFC3547]
          KEK_KEY_LENGTH               3        B   [RFC3547]
          KEK_KEY_LIFETIME             4        V   [RFC3547]
          SIG_HASH_ALGORITHM           5        B   [RFC3547]
          SIG_ALGORITHM                6        B   [RFC3547]
          SIG_KEY_LENGTH               7        B   [RFC3547]
          KE_OAKLEY_GROUP              8        B   [RFC3547]
 
  KEK_MANAGEMENT_ALGORITHM 
 
    The KEK_MANAGEMENT_ALGORITHM class specifies the group KEK management 
    algorithm used to provide forward or backward access control (i.e., used 
    to exclude group members). Defined values are specified in the following 
    table. 
 
            KEK Management Type      Value   Reference
            -------------------      -----   ---------
            RESERVED                   0     [RFC3547]
            LKH                        1     [RFC3547]
            RESERVED                  2-127  [RFC3547]
            Private Use             128-255  [RFC3547]
 
  KEK_ALGORITHM 
 
    The KEK_ALGORITHM class specifies the encryption algorithm using with 
    the KEK. Defined values are specified in the following table. 
 
             Algorithm Type  Value   Reference
             --------------  -----   ---------
             RESERVED           0    [RFC3547]
             KEK_ALG_DES        1    [RFC3547]
             KEK_ALG_3DES       2    [RFC3547]
             KEK_ALG_AES        3    [RFC3547]
             RESERVED         4-127  [RFC3547]
             Private Use    128-255  [RFC3547]
 
  KEK_KEY_LENGTH 
 
    The KEK_KEY_LENGTH class specifies the KEK Algorithm key length (in 
    bits). 
 
  KEK_KEY_LIFETIME 
 
    The KEK_KEY_LIFETIME class specifies the maximum time for which the KEK 
    is valid. The GCKS may refresh the KEK at any time before the end of the 
    valid period. The value is a four (4) octet number defining a valid time 
    period in seconds. 
 
  SIG_HASH_ALGORITHM 
 
    SIG_HASH_ALGORITHM specifies the SIG payload hash algorithm.  The 
    following tables define the algorithms for SIG_HASH_ALGORITHM. 
 
             Algorithm Type  Value   Reference
             --------------  -----   ---------
             RESERVED           0    [RFC3547]
             SIG_HASH_MD5       1    [RFC3547]
             SIG_HASH_SHA1      2    [RFC3547]
             RESERVED          3-127 [RFC3547]
             Private Use     128-255 [RFC3547]
 
  SIG_ALGORITHM 
 
    The SIG_ALGORITHM class specifies the SIG payload signature algorithm. 
    Defined values are specified in the following table. 
 
             Algorithm Type  Value   Reference
             --------------  -----   ---------
             RESERVED           0    [RFC3547]
             SIG_ALG_RSA        1    [RFC3547]
             SIG_ALG_DSS        2    [RFC3547]
             SIG_ALG_ECDSS      3    [RFC3547]
             RESERVED         4-127  [RFC3547]
             Private Use    128-255  [RFC3547]
 
  SIG_KEY_LENGTH 
 
    The SIG_KEY_LENGTH class specifies the length of the SIG payload key. 
 
  KE_OAKLEY_GROUP 
 
    The KE_OAKLEY_GROUP class defines the OAKLEY Group used to compute the 
    PFS secret in the optional KE payload of the GDOI GROUPKEY-PULL 
    exchange.  This attribute uses the values assigned to Group Definitions 
    in the IANA IPsec-registry [IPSEC-REG]. 
 
 
SA TEK Payload Values
---------------------
 
 Protocol-ID 
 
 The SA_TEK protocol-ID is an 8-bit value that is used to describe the 
 type of TEK is included in the SA_TEK payload. The following table 
 defines values for the Security Protocol 
 
       Protocol ID               Value   Reference 
       -----------               -----   ---------
       RESERVED                    0     [RFC3547]
       GDOI_PROTO_IPSEC_ESP        1     [RFC3547]
       RESERVED                   2-127  [RFC3547]
       Private Use              128-255  [RFC3547]
 
 
Key Download Type Values
------------------------

Te Key Download Type is an 8-bit value that is used as a discriminator 
for interpretation of the variable-length Key Packet. 
 
          Key Download Type        Value  Reference 
          -----------------        -----  ---------
          RESERVED                   0    [RFC3547]
          TEK                        1    [RFC3547]
          KEK                        2    [RFC3547]
          LKH                        3    [RFC3547]
          RESERVED                  4-127 [RFC3547]
          Private Use             128-255 [RFC3547]
       
 TEK Download Type 
 
 The following attributes may be present in a TEK Download Type. The 
 attributes must follow the format defined in ISAKMP [RFC2408] section 
 3.3. In the table, attributes that are defined as TV are marked as Basic 
 (B); attributes that are defined as TLV are marked as Variable (V). 
 
          TEK Class                 Value      Type  Reference
          ---------                 -----      ----  ---------
          RESERVED                     0             [RFC3547]
          TEK_ALGORITHM_KEY            1        V    [RFC3547]
          TEK_INTEGRITY_KEY            2        V    [RFC3547]
          TEK_SOURCE_AUTH_KEY          3        V    [RFC3547]
 
 KEK Download Type 
 
 The following attributes may be present in a KEK download Type. In the 
 table, attributes that are defined as TV are marked as Basic (B); 
 attributes which are defined as TLV are marked as Variable (V). 
 
         KEK Class                 Value      Type   Reference
         ---------                 -----      ----   ---------
         RESERVED                     0              [RFC3547]
         KEK_ALGORITHM_KEY            1        V     [RFC3547]
         SIG_ALGORITHM_KEY            2        V     [RFC3547]
 
 LKH Download Type 
 
 The LKH key packet is comprised of attributes representing different 
 leaves in the LKH key tree.  
 
 The following attributes are used to pass an LKH KEK array in the KD 
 payload. The attributes must follow the format defined in ISAKMP 
 [RFC2408] section 3.3. In the table, attributes that are defined as TV 
 are marked as Basic (B); attributes that are defined as TLV are marked 
 as Variable (V). 
 
          KEK Class                 Value      Type  Reference
          ---------                 -----      ----  ---------
          RESERVED                     0             [RFC3547]
          LKH_DOWNLOAD_ARRAY           1        V    [RFC3547]
          LKH_UPDATE_ARRAY             2        V    [RFC3547]
          SIG_ALGORITHM_KEY            3        V    [RFC3547]
          RESERVED                    4-127          [RFC3547]
          Private Use               128-255          [RFC3547]

References
----------
[RFC3547]   M. Baugher, T. hardjono, H. harney, and B. Weis, "The Group Domain 
            of Interpretation", RFC 3547, July 2003.

(registry created 28 March 2003)

[]




