Re: Modular approach to key management

["Housley, Russ" <housley@spyrus.com>]

Amir:

> 1. Do you agree with the `modular approach' to the problem? Namely, do
> you see the need and value of having a lower layer mechanism which
> refreshes the keys in an efficient and fault-tolerant manner on top
> of IP, whose input is a shared long-lived key from some higher layer
> mechanism? This is one critical design issue we need to get resolved.

Yes, modular is good.  No, the "lower layer" does not have to be at the IP 
layer.  X9.17 includes a three tier key management approach that meets the 
modular idea, but all of the key management is done at the application 
layer.  I think that key management should be done in the application 
layer, not IP.

> 2. Would you like to help us by contributing text on the higher-layer
> key management based on 802.10c to be merged into our proposal? We are
> working on a draft to be released Real Soon Now and would welcome help
> and cooperation toward reaching rough consensus.

I an very interested in confributing to this topic; however, I am under a 
very tight schedule between now and New Year's Day.  I cannot commit to any 
writing assignment in that time period.

Russ

---

Follow-Ups:

• Re: Modular approach to key management
• From: " " <amir@watson.ibm.com>

---

• Prev by Date: Re: Modular approach to key management
• Next by Date: Re: Modular approach to key management
• Prev by thread: Re[2]: Modular approach to key management
• Next by thread: Re: Modular approach to key management
• Index(es):
  • Main
  • Thread