[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key Managment Query/Comments...
Ran:
You make some excellent points. Let me just add:
1. SNMPvX is really not useful for negotiating session keys
anyway, since it does not support 'actions' in any
standard way.
And, of course, you want to have the two ends negotiate
keys directly. Having each propose their own Diffie-Hellman
vectors (signed using a the public key algorithm)
can protect against later overrun/replay attacks.
For these reasons, a completely out of band key management
'daemon' makes a lot of sense.
2. SNMP might be useful for 'publishing' certificates in
conjunction with some kind of in-line key exchange, but this
gets kludgy for datagrams, where it seems better to negotiate
a 'session' key for the appropriate algorithm. Separating
key distribution from the actual protocol makes sense for
the reasons you outline (but is somewhat offensive to some
'layer independence' architecture purists I know). But why
would you need to use SNMP if you could contact a key management
daemon who could just tell you its certificate?
3. DNS seems unnecessary for distributing host certificates
since you can just get them from the target anyway. The only
situation I can imagine is some kind of single-datagram
scenario, in which case you are limited to an initiator-
proposed key. I contend this is a rather degenerate case that
represents an exception and not something you want to
optimize around.
-- Joe
Follow-Ups:
References: