[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Modular approach to key management 11/08/94 19:22:22
Reference: Your note of Tue, 08 Nov 94 19:22:22
> Juan A. Garay Says:
>
> Our proposal doesn't force a user to use the "lower" module, thru
> which short-lived keys are derived . However, distributing keys thru
> the means mentioned above is more expensive, and we believe ipsec has
> to provide a more modular and efficient option. Our proposal
> accommodates this situation.
>
> But, the proposal suggests that we start by standardizing the lower module.
> In my opinion, the upper module is the one that needs our attention. The
> upper module is the one that uses key distribution centers,
> certificate-based key management, or manual key management.
>
> Russ
Russ,
we are not proposing to forget about the upper module but, rather, follow
a "first things first" approach. We believe that there are *very*
convincing reasons (security and efficiency - need for
frequent key updates; deployment and interoperability - support
the variety of existing key distribution technologies. and it's
fundamental to have a common module!; methodological; etc.) to do the
lower module first and get us going.
Juan