5. Payloads and Defined Values

This document specifies use of several ISAKMP payloads, which are defined in accordance with RFC2408. The following payloads are used in GDOI exchanges:

Identification Payload (ID): Identifies group identities and security associations
Security Association Payload (SA): Defines security attributes for both KEK and TEK
SA KEK Payload: Specifies Key Encrypting Key attributes
SA TEK Payload: Specifies Traffic Encrypting Key attributes
Key Download Payload (KD): Carries cryptographic key material
Sequence Number Payload (SEQ): Provides replay protection for rekey messages
Proof of Possession: Authenticates group member's possession of keys
Nonce Payload: Provides freshness guarantees

This section defines the format and usage of each payload type in the context of GDOI protocol operations.

5.1 Identification Payload
5.2 Security Association Payload
5.3 SA KEK Payload
5.4 SA TEK Payload
5.5 Key Download Payload
5.6 Sequence Number Payload
5.7 Proof of Possession
5.8 Nonce

Related Subsections​

Related Subsections