[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Modular approach to key management f 11/04/94 14:51:15
Reference: Your note of Fri, 4 Nov 1994 14:51:15 +0500
Hello Ted,
> Correct me if I'm wrong, but you are assuming in your design that there
> will always be a long-term shared symmetric key between the
> communicating parties.
No, we don't assume this. The derivation of long-term shared keys
is exactly the function of the "upper" module in our proposal.
As explained in the note, this protocol [module] would not assume the
existence of an already shared key, but is based on some form of
shared trust (e.g., manual key installation, KDC or public key).
The long-lived key is then used for the derivation of short-lived keys.
Reasons for having these short-lived keys are explained in our note
(in the "RATIONALE BEHIND THE MODULAR APPROACH" part).
> That doesn't seem to be a good assumption. You could generate the
> short-lived keys from a public key exchange, or the communicating
> parties may have a long-term symmetric key which they both share with a
> trusted third party (Kerberos).
>
> As near as I can tell, you're proposing that if you use one of these
>schemes, such as Kerberos or X.509 public-key certificates, they be used
> only to establish a long-term shared secret key --- and that long-term
> secret key would only be used to establish short-term session keys.
> Is this a fair characterization?
>
> If so, it would seem that in some cases there will be a needless extra
> indirection in setting up the session key.
>
> - Ted
Our proposal doesn't force a user to use the "lower" module, thru
which short-lived keys are derived . However, distributing keys thru
the means mentioned above is more expensive, and we believe ipsec
has to provide a more modular and efficient option. Our proposal
accommodates this situation.
Juan