7 Internet Engineering Task Force (IETF) G. Zorn
8 Request for Comments: 5904 Network Zen
9 Category: Informational June 2010
13 RADIUS Attributes for IEEE 802.16
14 Privacy Key Management Version 1 (PKMv1) Protocol Support
18 This document defines a set of Remote Authentication Dial-In User
19 Service (RADIUS) Attributes that are designed to provide RADIUS
20 support for IEEE 802.16 Privacy Key Management Version 1.
24 This document is not an Internet Standards Track specification; it is
25 published for informational purposes.
27 This document is a product of the Internet Engineering Task Force
28 (IETF). It represents the consensus of the IETF community. It has
29 received public review and has been approved for publication by the
30 Internet Engineering Steering Group (IESG). Not all documents
31 approved by the IESG are a candidate for any level of Internet
32 Standard; see Section 2 of RFC 5741.
34 Information about the current status of this document, any errata,
35 and how to provide feedback on it may be obtained at
36 http://www.rfc-editor.org/info/rfc5904.
40 Copyright (c) 2010 IETF Trust and the persons identified as the
41 document authors. All rights reserved.
43 This document is subject to BCP 78 and the IETF Trust's Legal
44 Provisions Relating to IETF Documents
45 (http://trustee.ietf.org/license-info) in effect on the date of
46 publication of this document. Please review these documents
47 carefully, as they describe your rights and restrictions with respect
48 to this document. Code Components extracted from this document must
49 include Simplified BSD License text as described in Section 4.e of
50 the Trust Legal Provisions and are provided without warranty as
51 described in the Simplified BSD License.
58 Zorn Informational [Page 1]
60 RFC 5904 RADIUS Attributes for PKMv1 June 2010
63 This document may contain material from IETF Documents or IETF
64 Contributions published or made publicly available before November
65 10, 2008. The person(s) controlling the copyright in some of this
66 material may not have granted the IETF Trust the right to allow
67 modifications of such material outside the IETF Standards Process.
68 Without obtaining an adequate license from the person(s) controlling
69 the copyright in such materials, this document may not be modified
70 outside the IETF Standards Process, and derivative works of it may
71 not be created outside the IETF Standards Process, except to format
72 it for publication as an RFC or to translate it into languages other
77 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
78 2. Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
79 3. Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 3
80 3.1. PKM-SS-Cert . . . . . . . . . . . . . . . . . . . . . . . 4
81 3.2. PKM-CA-Cert . . . . . . . . . . . . . . . . . . . . . . . 5
82 3.3. PKM-Config-Settings . . . . . . . . . . . . . . . . . . . 6
83 3.4. PKM-Cryptosuite-List . . . . . . . . . . . . . . . . . . . 8
84 3.5. PKM-SAID . . . . . . . . . . . . . . . . . . . . . . . . . 9
85 3.6. PKM-SA-Descriptor . . . . . . . . . . . . . . . . . . . . 9
86 3.7. PKM-AUTH-Key . . . . . . . . . . . . . . . . . . . . . . . 10
87 3.7.1. AUTH-Key Protection . . . . . . . . . . . . . . . . . 12
88 4. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 12
89 5. Diameter Considerations . . . . . . . . . . . . . . . . . . . 13
90 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
91 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
92 8. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 14
93 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 14
94 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
95 10.1. Normative References . . . . . . . . . . . . . . . . . . . 14
96 10.2. Informative References . . . . . . . . . . . . . . . . . . 14
114 Zorn Informational [Page 2]
116 RFC 5904 RADIUS Attributes for PKMv1 June 2010
121 Privacy Key Management Version 1 (PKMv1) [IEEE.802.16-2004] is a
122 public-key-based authentication and key establishment protocol
123 typically used in fixed wireless broadband network deployments. The
124 protocol utilizes X.509 v3 certificates [RFC2459], RSA encryption
125 [RFC2437], and a variety of secret key cryptographic methods to allow
126 an 802.16 Base Station (BS) to authenticate a Subscriber Station (SS)
127 and perform key establishment and maintenance between an SS and BS.
129 This document defines a set of RADIUS Attributes that are designed to
130 provide support for PKMv1. The target audience for this document
131 consists of those developers implementing RADIUS support for PKMv1;
132 therefore, familiarity with both RADIUS [RFC2865] and the IEEE
133 802.16-2004 standard is assumed.
135 Please note that this document relies on IEEE.802.16-2004, which
136 references RFC 2437 and RFC 2459, rather than any more recent RFCs on
137 RSA and X.509 certificates (e.g., RFC 3447 and RFC 5280).
142 Certification Authority; a trusted party issuing and signing X.509
145 For further information on the following terms, please see Section 7
146 of [IEEE.802.16-2004].
152 Security Association Identifier
155 Traffic Encryption Key
159 The following subsections describe the Attributes defined by this
160 document. This specification concerns the following values:
166 139 PKM-Config-Settings
170 Zorn Informational [Page 3]
172 RFC 5904 RADIUS Attributes for PKMv1 June 2010
175 140 PKM-Cryptosuite-List
179 142 PKM-SA-Descriptor
187 The PKM-SS-Cert Attribute is variable length and MAY be
188 transmitted in the Access-Request message. The Value field is of
189 type string and contains the X.509 certificate [RFC2459] binding a
190 public key to the identifier of the Subscriber Station.
192 The minimum size of an SS certificate exceeds the maximum size of
193 a RADIUS attribute. Therefore, the client MUST encapsulate the
194 certificate in the Value fields of two or more instances of the
195 PKM-SS-Cert Attribute, each (except possibly the last) having a
196 length of 255 octets. These multiple PKM-SS-Cert Attributes MUST
197 appear consecutively and in order within the packet. Upon
198 receipt, the RADIUS server MUST recover the original certificate
199 by concatenating the Value fields of the received PKM-SS-Cert
202 A summary of the PKM-SS-Cert Attribute format is shown below. The
203 fields are transmitted from left to right.
206 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
207 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
208 | Type | Len | Value...
209 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
221 The Value field is variable length and contains a (possibly
222 complete) portion of an X.509 certificate.
226 Zorn Informational [Page 4]
228 RFC 5904 RADIUS Attributes for PKMv1 June 2010
235 The PKM-CA-Cert Attribute is variable length and MAY be
236 transmitted in the Access-Request message. The Value field is of
237 type string and contains the X.509 certificate [RFC2459] used by
238 the CA to sign the SS certificate carried in the PKM-SS-Cert
239 attribute (Section 3.1) in the same message.
241 The minimum size of a CA certificate exceeds the maximum size of a
242 RADIUS attribute. Therefore, the client MUST encapsulate the
243 certificate in the Value fields of two or more instances of the
244 PKM-CA-Cert Attribute, each (except possibly the last) having a
245 length of 255 octets. These multiple PKM-CA-Cert Attributes MUST
246 appear consecutively and in order within the packet. Upon
247 receipt, the RADIUS server MUST recover the original certificate
248 by concatenating the Value fields of the received PKM-CA-Cert
251 A summary of the PKM-CA-Cert Attribute format is shown below. The
252 fields are transmitted from left to right.
255 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
256 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
257 | Type | Len | Value...
258 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
270 The Value field is variable length and contains a (possibly
271 complete) portion of an X.509 certificate.
282 Zorn Informational [Page 5]
284 RFC 5904 RADIUS Attributes for PKMv1 June 2010
287 3.3. PKM-Config-Settings
291 The PKM-Config-Settings Attribute is of type string [RFC2865]. It
292 is 30 octets in length and consists of seven independent fields,
293 each of which is conceptually an unsigned integer. Each of the
294 fields contains a timeout value and corresponds to a Type-Length-
295 Value (TLV) tuple encapsulated in the IEEE 802.16 "PKM
296 configuration settings" attribute; for details on the contents of
297 each field, see Section 11.9.19 of [IEEE.802.16-2004]. One
298 instance of the PKM-Config-Settings Attribute MAY be included in
299 the Access-Accept message.
301 A summary of the PKM-Config-Settings Attribute format is shown below.
302 The fields are transmitted from left to right.
305 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
306 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
307 | Type | Len | Auth Wait Timeout
308 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
309 Auth Wait Timeout (cont.) | Reauth Wait Timeout
310 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
311 Reauth Wait Timeout (cont.) | Auth Grace Time
312 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
313 Auth Grace Time (cont.) | Op Wait Timeout
314 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
315 Op Wait Timeout (cont.) | Rekey Wait Timeout
316 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
317 Rekey Wait Timeout (cont.) | TEK Grace Time
318 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
319 TEK Grace Time (cont.) | Auth Rej Wait Timeout
320 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
321 Auth Rej Wait Timeout (cont.) |
322 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
326 139 for PKM-Config-Settings
338 Zorn Informational [Page 6]
340 RFC 5904 RADIUS Attributes for PKMv1 June 2010
345 The Auth Wait Timeout field is 4 octets in length and corresponds
346 to the "Authorize wait timeout" field of the 802.16 "PKM
347 configuration settings" attribute.
351 The Reauth Wait Timeout field is 4 octets in length and
352 corresponds to the "Reauthorize wait timeout" field of the 802.16
353 "PKM configuration settings" attribute.
357 The Auth Grace Time field is 4 octets in length and corresponds to
358 the "Authorize grace time" field of the 802.16 "PKM configuration
363 The Op Wait Timeout field is 4 octets in length and corresponds to
364 the "Operational wait timeout" field of the 802.16 "PKM
365 configuration settings" attribute.
369 The Rekey Wait Timeout field is 4 octets in length and corresponds
370 to the "Rekey wait timeout" field of the 802.16 "PKM configuration
375 The TEK Grace Time field is 4 octets in length and corresponds to
376 the "TEK grace time" field of the 802.16 "PKM configuration
379 Auth Rej Wait Timeout
381 The Auth Rej Wait Timeout field is 4 octets in length and
382 corresponds to the "Authorize reject wait timeout" field of the
383 802.16 "PKM configuration settings" attribute.
394 Zorn Informational [Page 7]
396 RFC 5904 RADIUS Attributes for PKMv1 June 2010
399 3.4. PKM-Cryptosuite-List
403 The PKM-Cryptosuite-List Attribute is of type string [RFC2865] and
404 is variable length; it corresponds roughly to the "Cryptographic-
405 Suite-List" 802.16 attribute (see Section 11.19.15 of
406 [IEEE.802.16-2004]), the difference being that the RADIUS
407 Attribute contains only the list of 3-octet cryptographic suite
408 identifiers, omitting the IEEE Type and Length fields.
410 The PKM-Cryptosuite-List Attribute MAY be present in an Access-
411 Request message. Any message in which the PKM-Cryptosuite-List
412 Attribute is present MUST also contain an instance of the Message-
413 Authenticator Attribute [RFC3579].
417 The PKM-Cryptosuite-List Attribute is used as a building block
418 to create the 802.16 "Security-Capabilities" attribute
419 ([IEEE.802.16-2004], Section 11.9.13); since this document only
420 pertains to PKM version 1, the "Version" sub-attribute in that
421 structure MUST be set to 0x01 when the RADIUS client constructs
424 A summary of the PKM-Cryptosuite-List Attribute format is shown
425 below. The fields are transmitted from left to right.
428 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
429 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
430 | Type | Len | Value...
431 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
435 140 for PKM-Cryptosuite-List
439 2 + 3n < 39, where 'n' is the number of cryptosuite identifiers in
450 Zorn Informational [Page 8]
452 RFC 5904 RADIUS Attributes for PKMv1 June 2010
457 The Value field is variable length and contains a sequence of one
458 or more cryptosuite identifiers, each of which is 3 octets in
459 length and corresponds to the Value field of an IEEE 802.16
460 Cryptographic-Suite attribute.
466 The PKM-SAID Attribute is of type string [RFC2865]. It is 4
467 octets in length and contains a PKM Security Association
468 Identifier ([IEEE.802.16-2004], Section 11.9.7). It MAY be
469 included in an Access-Request message.
471 A summary of the PKM-SAID Attribute format is shown below. The
472 fields are transmitted from left to right.
475 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
476 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
477 | Type | Len | SAID |
478 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
490 The SAID field is two octets in length and corresponds to the
491 Value field of the 802.16 PKM SAID attribute
493 3.6. PKM-SA-Descriptor
497 The PKM-SA-Descriptor Attribute is of type string and is 8 octets
498 in length. It contains three fields, described below, which
499 together specify the characteristics of a PKM security
500 association. One or more instances of the PKM-SA-Descriptor
501 Attribute MAY occur in an Access-Accept message.
506 Zorn Informational [Page 9]
508 RFC 5904 RADIUS Attributes for PKMv1 June 2010
511 A summary of the PKM-SA-Descriptor Attribute format is shown below.
512 The fields are transmitted from left to right.
515 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
516 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
517 | Type | Len | SAID |
518 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
519 | SA Type | Cryptosuite |
520 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
524 142 for PKM-SA-Descriptor
532 The SAID field is two octets in length and contains a PKM SAID
537 The SA Type field is one octet in length. The contents correspond
538 to those of the Value field of an IEEE 802.16 SA-Type attribute.
542 The Cryptosuite field is 3 octets in length. The contents
543 correspond to those of the Value field of an IEEE 802.16
544 Cryptographic-Suite attribute.
550 The PKM-AUTH-Key Attribute is of type string, 135 octets in
551 length. It consists of 3 fields, described below, which together
552 specify the characteristics of a PKM authorization key. The PKM-
553 AUTH-Key Attribute MAY occur in an Access-Accept message. Any
554 packet that contains an instance of the PKM-AUTH-Key Attribute
555 MUST also contain an instance of the Message-Authenticator
562 Zorn Informational [Page 10]
564 RFC 5904 RADIUS Attributes for PKMv1 June 2010
567 A summary of the PKM-AUTH-Key Attribute format is shown below. The
568 fields are transmitted from left to right.
571 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
572 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
573 | Type | Len | Lifetime
574 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
575 Lifetime (cont.) | Sequence | Key...
576 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
588 The Lifetime field is 4 octets in length and represents the
589 lifetime, in seconds, of the authorization key. For more
590 information, see Section 11.9.4 of [IEEE.802.16-2004].
594 The Sequence field is one octet in length. The contents
595 correspond to those of the Value field of an IEEE 802.16 Key-
596 Sequence-Number attribute (see [IEEE.802.16-2004], Section
601 The Key field is 128 octets in length. The contents correspond to
602 those of the Value field of an IEEE 802.16 AUTH-Key attribute.
603 The Key field MUST be encrypted under the public key from the
604 Subscriber Station certificate (Section 3.1) using RSA encryption
605 [RFC2437]; see Section 7.5 of [IEEE.802.16-2004] for further
610 It is necessary that a plaintext copy of this field be returned
611 in the Access-Accept message; appropriate precautions MUST be
612 taken to ensure the confidentiality of the key.
618 Zorn Informational [Page 11]
620 RFC 5904 RADIUS Attributes for PKMv1 June 2010
623 3.7.1. AUTH-Key Protection
625 The PKM-AUTH-Key Attribute (Section 3.7) contains the AUTH-Key
626 encrypted with the SS's public key. The BS also needs the AK, so a
627 second copy of the AK needs to be returned in the Access-Accept
630 It is RECOMMENDED that the AK is encapsulated in an instance of the
631 MS-MPPE-Send-Key Attribute [RFC2548]. However, see Section 4.3.4 of
632 RFC 3579 [RFC3579] for details regarding weaknesses in the encryption
635 If better means for protecting the Auth-Key are available (such as
636 RADIUS key attributes with better security properties, or means of
637 protecting the whole Access-Accept message), they SHOULD be used
638 instead of (or in addition to) the MS-MPPE-Send-Key Attribute.
640 4. Table of Attributes
642 The following table provides a guide to which attributes may be found
643 in which kinds of packets, and in what quantity.
645 Request Accept Reject Challenge Acct-Req # Attribute
646 0+ 0 0 0 0 137 PKM-SS-Cert [Note 1]
647 0+ 0 0 0 0 138 PKM-CA-Cert [Note 2]
648 0 0-1 0 0 0 139 PKM-Config-Settings
649 0-1 0 0 0 0 140 PKM-Cryptosuite-List
650 0-1 0 0 0 0 141 PKM-SAID
651 0 0+ 0 0 0 142 PKM-SA-Descriptor
652 0 0-1 0 0 0 143 PKM-Auth-Key
653 0 0-1 0 0 0 MS-MPPE-Send-Key
657 No more than one Subscriber Station Certificate may be transferred
658 in an Access-Request packet.
661 No more than one CA Certificate may be transferred in an Access-
665 MS-MPPE-Send-Key is one possible attribute that can be used to
666 convey the AK to the BS; other attributes can be used instead (see
674 Zorn Informational [Page 12]
676 RFC 5904 RADIUS Attributes for PKMv1 June 2010
679 The following table defines the meaning of the above table entries.
681 0 This attribute MUST NOT be present in packet
682 0+ Zero or more instances of this attribute MAY be present in packet
683 0-1 Zero or one instance of this attribute MAY be present in packet
684 1 Exactly one instance of this attribute MUST be present in packet
686 5. Diameter Considerations
688 Since the Attributes defined in this document are allocated from the
689 standard RADIUS type space (see Section 7), no special handling is
690 required by Diameter nodes.
692 6. Security Considerations
694 Section 4 of RFC 3579 [RFC3579] discusses vulnerabilities of the
697 Section 3 of the paper "Security Enhancements for Privacy and Key
698 Management Protocol in IEEE 802.16e-2005" [SecEn] discusses the
699 operation and vulnerabilities of the PKMv1 protocol.
701 If the Access-Request message is not subject to strong integrity
702 protection, an attacker may be able to modify the contents of the
703 PKM-Cryptosuite-List Attribute, weakening 802.16 security or
704 disabling data encryption altogether.
706 If the Access-Accept message is not subject to strong integrity
707 protection, an attacker may be able to modify the contents of the
708 PKM-Auth-Key Attribute. For example, the Key field could be replaced
709 with a key known to the attacker.
711 See Section 3.7.1 for security considerations of sending the
712 authorization key to the BS.
714 7. IANA Considerations
716 IANA has assigned numbers for the following Attributes:
722 139 PKM-Config-Settings
724 140 PKM-Cryptosuite-List
730 Zorn Informational [Page 13]
732 RFC 5904 RADIUS Attributes for PKMv1 June 2010
735 142 PKM-SA-Descriptor
739 The Attribute numbers are to be allocated from the standard RADIUS
740 Attribute type space according to the "IETF Review" policy [RFC5226].
744 Pasi Eronen provided most of the text in Section 3.7.1.
748 Thanks (in no particular order) to Bernard Aboba, Donald Eastlake,
749 Dan Romascanu, Avshalom Houri, Juergen Quittek, Pasi Eronen, and Alan
750 DeKok for their mostly useful reviews of this document.
754 10.1. Normative References
757 Institute of Electrical and Electronics Engineers, "IEEE
758 Standard for Local and metropolitan area networks, Part
759 16: Air Interface for Fixed Broadband Wireless Access
760 Systems", IEEE Standard 802.16, October 2004.
762 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson,
763 "Remote Authentication Dial In User Service (RADIUS)",
766 [RFC3579] Aboba, B. and P. Calhoun, "RADIUS (Remote Authentication
767 Dial In User Service) Support For Extensible
768 Authentication Protocol (EAP)", RFC 3579, September 2003.
770 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
771 IANA Considerations Section in RFCs", BCP 26, RFC 5226,
774 10.2. Informative References
776 [RFC2437] Kaliski, B. and J. Staddon, "PKCS #1: RSA Cryptography
777 Specifications Version 2.0", RFC 2437, October 1998.
779 [RFC2459] Housley, R., Ford, W., Polk, T., and D. Solo, "Internet
780 X.509 Public Key Infrastructure Certificate and CRL
781 Profile", RFC 2459, January 1999.
786 Zorn Informational [Page 14]
788 RFC 5904 RADIUS Attributes for PKMv1 June 2010
791 [RFC2548] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes",
792 RFC 2548, March 1999.
794 [SecEn] Altaf, A., Jawad, M., and A. Ahmed, "Security Enhancements
795 for Privacy and Key Management Protocol in IEEE 802.16e-
796 2005", Ninth ACIS International Conference on Software
797 Engineering, Artificial Intelligence, Networking, and
798 Parallel/Distributed Computing, 2008.
804 1463 East Republican Street
809 EMail: gwz@net-zen.net
842 Zorn Informational [Page 15]