==================================================================== README GDOI-1.2 ==================================================================== Group Domain of Interpretation (GDOI) Group Keying Protocol Release 1.2 October 14, 2003 ==================================================================== LICENSE AND COPYRIGHT ==================================================================== The license applies to all software incorporated in the "Cisco GDOI reference implementation" except for those portions incorporating third party software specifically identified as being licensed under separate license. The Cisco Systems Public Software License, Version 1.0 Copyright (c) 2001-2002 Cisco Systems, Inc. All rights reserved. Subject to the following terms and conditions, Cisco Systems, Inc., hereby grants you a worldwide, royalty-free, nonexclusive, license, subject to third party intellectual property claims, to create derivative works of the Licensed Code and to reproduce, display, perform, sublicense, distribute such Licensed Code and derivative works. All rights not expressly granted herein are reserved. 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names Cisco and "Cisco GDOI reference implementation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact opensource@cisco.com. 4. Products derived from this software may not be called "Cisco" or "Cisco GDOI reference implementation", nor may "Cisco" or "Cisco GDOI reference implementation" appear in their name, without prior written permission of Cisco Systems, Inc. THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL CISCO SYSTEMS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THAT EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. FURTHER, YOU AGREE THAT IN NO EVENT WILL CISCO'S LIABILITY UNDER OR RELATED TO THIS AGREEMENT EXCEED AMOUNT FIVE THOUSAND DOLLARS (US) (US$5,000). This software consists of voluntary contributions made by Cisco Systems, Inc. and many individuals on behalf of Cisco Systems, Inc. For more information on Cisco Systems, Inc., please see . This product includes software developed by Ericsson Radio Systems. ==================================================================== INTRODUCTION ==================================================================== This package implements the GDOI group key management protocol which is also known as RFC 3547. Group key management enables a group of users or devices to share the same encryption keys. This is useful when the group of users or devices need to securely exchange data amongst the group. The keys can be used by either IPSec or Secure RTP (SRTP) data encryption. Many types of applications can be secured with these protocols: audio or video conferences, multicasted application traffic, etc. Each group member contacts a key server which returns data encryption keys. This is called a "registration" exchange (or GROUPKEY-PULL in the Internet Draft), because the user "registers" to join the group. During registration the key server may also return keys which are used by the group member to decrypt "rekey" key management messages (also known as GROUPKEY-PUSH message). These messages are subsequently sent by the key server, usually as IP multicast packets. Rekey messages are used to to change or add data encryption keys to the group. A future version of this package will also support the LKH key tree algorithm which will allow a key server to remove group members with a single rekey message. ==================================================================== NEW FEATURES AND FUNCTIONS IN THIS RELEASE ==================================================================== * Supports AES for IPsec SAs. * Improves the operation of the rekey message, including supporting RSA signatures in the SIG payload. * Installation uses a configure script. ==================================================================== BUG FIXES ==================================================================== * Many bugs fixed. ==================================================================== KNOWN LIMITATIONS ==================================================================== This implementation does not include the following: * KE payload support * POP payload support * CERT payload support * Support of the most recent SRTP draft * Support for the LKH algorithm ==================================================================== GETTING STARTED ==================================================================== PLATFORM SUPPORTED -------------------------------------------------------------------- Linux: Red Hat (6.1, 7.1, 8.0), SUSE 8.2 OpenBSD: 2.9, 3.2 FreeBSD: 4.8 COMPILE INSTRUCTIONS -------------------------------------------------------------------- See the file INSTALL file in the package for compilation instructions. ==================================================================== SOURCE CODE INFORMATION ==================================================================== This code uses the isakmpd IPSec key managment package as a base for development. That code was obtained from OpenBSD 2.9. ==================================================================== DIRECTORY STRUCTURE ==================================================================== GDOI_PRIMER .................. A general guide on configuring GDOI clients and key servers. INSTALL ...................... Installation guidance. LICENSE ...................... Licence for the package. client_test .................. Contains a sample program which send an SRTP request to GDOI samples ...................... Example configuration for several scenarios src .......................... Source for producing the GDOI daemon. Within the src directory, all GDOI specific files are of the format gdoi_*.[ch]. ==================================================================== CONTRIBUTORS ==================================================================== This software consists of voluntary contributions made by Cisco Systems, Inc., and the following individuals. Brian Weis ==================================================================== CONTACT INFORMATION AND WEBSITE ==================================================================== We welcome your feedback, suggestions and contributions. Contact us via email if you have questions, feedback, code submissions, and bug reports. For general inquiries - info@vovida.org We have mailing lists for the VOCAL applications and proctocol stacks: VOCAL - vocal@vovida.org COPS - cops@vovida.org MGCP - mgcp@vovida.org RADIUS - radius@vovida.org RTP - rtp@vovida.org SIP - sip@vovida.org TRIP - trip@vovida.org GDOI - gdoi@vovida.org You can subscribe to the mailing lists on www.vovida.org. You can submit bug, patches, software contributions, and feature requests using Bugzilla. Access Bugzilla from www.vovida.org. ====================================================================