Protocol Action: The Simple Public-Key GSS-API Mechanism (SPKM) to Proposed Standard

[The IESG <iesg-secretary@CNRI.Reston.VA.US>]

  The IESG has approved the Internet-Draft "The Simple Public-Key GSS-API
  Mechanism (SPKM)" <draft-ietf-cat-spkmgss-06.txt> as a Proposed Standard.
  This document is the product of the Common Authentication Technology
  Working Group. The IESG contact person is Jeffrey Schiller.


Technical Summary

  This  document describes  a  mechanism  to  be  used with  the Generic
  Security  Service  API  (GSSAPI,  RFC1508, RFC1509).  It provides  for
  authentication, integrity,  confidentiality and non-repudiation within
  the context of GSSAPI. It is based on the use of public key encryption
  technology for  digital  signatures and  key distribution. It provides
  for  the negotiation  of  the  actual cryptographic  algorithms  to be
  employed between communicating entities.

  It  makes  use of X.509  style certificates but  does  not  specify  a
  particular key hierarchy. The two end points communicating must have a
  common hierarchy in common  in order for  this  mechanism to  operate,
  however a particular hierarchy is not legislated by this document.

Working Group Summary

  The CAT  working  group came to  consensus reasonably quickly on these
  documents and no comments were received during IETF last call.


Protocol Quality


  Jeff Schiller reviewed this document for the IESG and found it  to  be
  competent and reasonable.  By adding a public  key based  mechanism to
  the repertoire of mechanisms available under the GSSAPI, this document
  adds value to GSSAPI itself.