1 Introduction


This document specifies a security protocol used for client registration and authentication within the Simple Symmetrical Transmission Protocol (SSTP). SSTP Security is a sub protocol of the SSTP protocol.

SSTP Security is a block-oriented application-layer binary protocol designed so that a client and a relay server are mutually authenticated before a client retrieves data from a relay server. It provides a mechanism for a client and a relay server to securely exchange secret keys that are then used to authenticate each other through a simple challenge/response message sequence.

This SSTP Security protocol is embedded in the SSTP protocol – it relies on SSTP commands to transport its protocol messages. This protocol depends on and works only within SSTP.

Protocol data for SSTP Security is encoded as authentication tokens in several predefined SSTP commands: Connect, ConnectResponse, ConnectAuthenticate, Register, RegisterResponse, Attach, AttachResponse and AttachAuthenticate. Refer to [MS-GRVSSTP] for a complete specification of these SSTP commands.

SSTP Security is a protocol used only between a client and a relay server.

Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples in this specification are informative.