The Group Key Distribution Protocol is used by clients to obtain cryptographic keys that correspond to arbitrary security descriptors that can be evaluated by an Active Directorydomain controller (DC). These keys can then be used by the client for various purposes, including encrypting data such that it can only be decrypted by a desired set of security principals (3).
Familiarity with cryptography concepts such as asymmetric and symmetric cryptography is required for a complete understanding of this specification. For more information about cryptography concepts, see [CRYPTO].
Sections 1.8, 2, and 3 of this specification are normative and can contain the terms MAY, SHOULD, MUST, MUST NOT, and SHOULD NOT as defined in RFC 2119. Sections 1.5 and 1.9 are also normative but cannot contain those terms. All other sections and examples in this specification are informative.