[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Key Managment Query/Comments...
Hello all:
It seems to me that key managment has two major functional parts: 1)
the managment and exchange of security association attributes in a
secure fashion, and 2) a key distribution mechanism so keys can be
securely exchanged and used as part of the security association
attributes.
Assuming all of this is true, there seems to be two possible
architectural solutions (actually there are more, but these two in
particular are more interesting). The first (and the one I've seen
explored more often) would be to develop a simple managment and key
distribution protocol specifically designed to use installed lower
layer security mechanisms to provide a secure managment channel. Some
very small amount of security might exist in this protocol, but most
would be provided by already existing security (IPSP).
The second model would be to use an existing managment protocol that
contains robust security (SNMP-V2) to protect it's managed objects.
Creating a MIB to manage security protocol objects shouldn't be that
difficult. The only thing that seems to be missing from SNMP-V2 is a
scalable key distribution protocol. An interim solution would be to
start with a manual "master" key (one with a long lifetime). This key
would have to be entered manually, but would be used to distribute
future keys, (sort of an initial jump-start key), including future
"master" keys. If the master key is ever comprimised, another would
have to be entered manually. Like I said, this probably doesn't scale,
but until a "better" key distribution protocol is added to network
managment this *should* work.
I know that there is a little hesitation to "add" additional purpose to
the Great Network Managment Solution. Has anyone explored the
"managment of security" solution vs. the "security managment" solution?
If so what were the conclusions (if any)?
Rob G.
glenn@osi.ncsl.nist.gov
Follow-Ups: