RFC 3588:Diameter Base Protocol
RFC-Ref

1 - 2 - 3 - 6 - 7 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W

TLS

Click on the red underlined text to get to the source

1. Introduction
... IPsec support is mandatory in Diameter, and TLS support is optional. Security is discussed in Section 13. ...
... processor speeds and the widespread availability of embedded IPsec and TLS implementations. ...
... End-to-End Security TLS and IPsec provide hop-by-hop security, or security ...


2. Protocol Overview
... Agents MUST support IP Security [SECARCH], and MAY support TLS [TLS]. Diameter ...
... TLS]. Diameter servers MUST support TLS and IPsec. The Diameter protocol ...
... Diameter protocol MUST NOT be used without any security mechanism (TLS or IPsec). ...
... inter-domain traffic would primarily use TLS. See Sections 13.1 and 13.2 for more details on IPsec and TLS ...
... TLS. See Sections 13.1 and 13.2 for more details on IPsec and TLS usage. ...
... entries are to be either refreshed, or expired. TLS Enabled Specifies whether TLS is to be used when communicating with the ...
... TLS Enabled Specifies whether TLS is to be used when communicating with the peer. ...
... Diameter peer or by destination realm. For example, where TLS or IPsec transmission- level security ...
... security to be used on each connection (TLS or IPsec). Therefore, each connection ...


5. Diameter Peers
... certificate handed out by the server in the TLS or IKE exchange. Similarly, the domain name in the SRV ...
... Authentication via IKE or TLS, or validation of DNS RRs ...
... web server may have obtained a valid TLS certificate, and secured RRs may be ...
... CA. Alternatively this can be achieved by definition of OIDs within TLS or IKE certificates so as to signify ...
... inverse of the results on the other. For TLS usage, a TLS handshake will begin when both ends are in the ...
... For TLS usage, a TLS handshake will begin when both ends are in the open state ...
... handshake will begin when both ends are in the open state. If the TLS handshake is successful, all further messages will be sent via TLS ...
... TLS handshake is successful, all further messages will be sent via TLS. If the handshake fails, both ends move to the closed state ...


6. Diameter message processing
... NO_INBAND_SECURITY 0 This peer does not support TLS. This is the default value, if the AVP ...
... AVP is omitted. TLS 1 This node supports TLS ...
... TLS 1 This node supports TLS security, as defined by [TLS]. ...


9. Accounting
... IKE] MAY be used to negotiate the compression parameters. If TLS is used to secure the Diameter session, then TLS ...
... TLS is used to secure the Diameter session, then TLS compression [TLS ...


13. Security Considerations
... base protocol assumes that messages are secured by using either IPSec or TLS. This security mechanism is acceptable in environments where there is no untrusted third party ...
... Agents MUST support IP Security [SECARCH] and MAY support TLS [TLS]. Diameter ...
... TLS]. Diameter servers MUST support TLS and IPsec. Diameter ...
... security of some kind (IPsec or TLS) on each connection. ...
... exchange MUST include an Inband-Security-ID AVP with a value of TLS. For TLS usage, a TLS ...
... AVP with a value of TLS. For TLS usage, a TLS handshake will begin when both ends are in the ...
... TLS. For TLS usage, a TLS handshake will begin when both ends are in the open state ...
... open state, after completion of the CER/CEA exchange. If the TLS handshake is successful, all further messages will be sent via TLS ...
... TLS handshake is successful, all further messages will be sent via TLS. If the handshake fails, both ends move to the closed state ...
... For protection of inter-domain exchanges, TLS is recommended. See Sections 13.1 and 13.2 for more details on IPsec and TLS ...
... TLS is recommended. See Sections 13.1 and 13.2 for more details on IPsec and TLS usage. ...
... TLS Usage ...
... connection to another Diameter node acts as a TLS client according to [TLS], and a Diameter node ...
... Diameter node that accepts a connection acts as a TLS server. Diameter nodes implementing TLS ...
... TLS server. Diameter nodes implementing TLS for security MUST mutually authenticate as part of ...
... security MUST mutually authenticate as part of TLS session establishment. In order to ensure mutual authentication, the Diameter node ...
... mutual authentication, the Diameter node acting as TLS server must request a certificate from the Diameter node ...
... certificate from the Diameter node acting as TLS client, and the Diameter node ...
... client, and the Diameter node acting as TLS client MUST be prepared to supply a certificate on ...
... Diameter nodes MUST be able to negotiate the following TLS cipher suites: ...
... cipher suites: TLS_RSA_WITH_RC4_128_MD5 ...
... RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA ...
... RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA ...
... Diameter nodes SHOULD be able to negotiate the following TLS cipher suite: ...
... cipher suite: TLS_RSA_WITH_AES_128_CBC ...
... Diameter nodes MAY negotiate other TLS cipher suites. ...
... Note that IPsec is considerably less flexible than TLS when it comes to configuring root CAs ...
... trusted to protect SNMP. These restrictions can be awkward at best. Since TLS supports application-level granularity in certificate policy, TLS ...
... TLS supports application-level granularity in certificate policy, TLS SHOULD be used to protect Diameter connections between ...
... Diameter peer implement the same security mechanism (IPsec or TLS) across all its peer-to-peer connections. ...
... security mechanisms can result in redundant security mechanisms being used (e.g., TLS over IPsec) or worse, potential security vulnerabilities ...
... One implication of the recommended policy is that if a node is using both TLS and IPsec, there is not a convenient way in which to use either TLS ...
... TLS and IPsec, there is not a convenient way in which to use either TLS or IPsec, but not both, without reserving an additional port ...
... IPsec, but not both, without reserving an additional port for TLS usage. Since Diameter uses the same port for TLS ...
... TLS usage. Since Diameter uses the same port for TLS and non-TLS usage, where the recommended IPsec ...
... port for TLS and non-TLS usage, where the recommended IPsec policy is put in place, a TLS ...
... TLS usage, where the recommended IPsec policy is put in place, a TLS-protected connection will match the IPsec policy, and both IPsec ...
... IPsec policy, and both IPsec and TLS will be used to protect the Diameter connection. To avoid ...


14. References
... Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246prop(-> 4346prop), January 1999. ...

1 - 2 - 3 - 6 - 7 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org