[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Modular approach to key management 11/08/94 19:22:22



Reference:  Your note of Tue, 08 Nov 94 19:22:22


> Juan A. Garay Says:
>
>     Our proposal doesn't force a user to use the "lower" module, thru
>     which short-lived keys are derived . However, distributing keys thru
>     the means mentioned above is more expensive, and we believe ipsec has
>     to provide a more modular and efficient option. Our proposal
>     accommodates this situation.
>
> But, the proposal suggests that we start by standardizing the lower module.
> In my opinion, the upper module is the one that needs our attention. The
> upper module is the one that uses key distribution centers,
> certificate-based key management, or manual key management.
>
> Russ

Russ,
we are not proposing to forget about the upper module but, rather, follow
a "first things first" approach. We believe that there are *very*
convincing reasons (security and efficiency - need for
frequent key updates; deployment and interoperability - support
the variety of existing key distribution technologies. and it's
fundamental to have a common module!; methodological; etc.) to do the
lower module first and get us going.

Juan