Re: SKIP and interactive key management

[" " <amir@watson.ibm.com>]

Hi Sara!

We have considered several ways of combining SKIP and the modular key
management proposal. What you suggest is to take the non-interactive part
from SKIP, but to use a general master key which is refreshed in some
yet-to-be-specified way. Namely, to adopt the `encrypt packet key in the
packet' idea, but not the specific DH key distribution choice of Master key.

I think this makes lots of sense; if somebody wants DH key distribution, they
would be welcome to use it to get the original master key, and then use our
scheme to refresh it. So, the idea essentially boils down to allowing also
this non-interactive option in our protocol, to be used if there are no
short lived keys. Let me admit that our experiments suggest that in most
common networking scenarios, the overhead would not be justified, and it'll
be better to use the interactive method. But then, I agree that there may be
scenarios where the interaction would be expensive or impossible.

I hate to raise the patent issue again but this is a small concern I do have:
I'll welcome inputs from the list on this. Namely, should we have this if
it would require license fees? Maybe as an option it is Ok? I've asked Aziz
about it off-list, i.e. what exactly is the aspect they applied for patent for.
But, I think DEC has a patent which may cover this technique as well. I'm
cc:ing Charlie Kaufman on this note so he can tell us more details.

Best, Amir Herzberg

---

References:

• SKIP and interactive key management
• From: "Sara Bitan" <sarab@radmail.rad.co.il>

---

• Prev by Date: Re: Modular approach to key management
• Next by Date: IPSEC at Dec IETF
• Prev by thread: SKIP and interactive key management
• Next by thread: Key Management Proposal
• Index(es):
  • Main
  • Thread