Re: Modular approach to key management

[Hugh Harney <hh@columbia.sparta.com>]

Hello Amir,

I strongly disagree with the goal of implementing key management for IP in
routers. This would make the routers, and anyone or thing with access to them,
a potential vulnerability. I believe that keys should only exist at the actual
enpoints where encryption takes place. This reduces the exposure of the keys
to the minimum set and results in a more secure solution.

If we intend to place key management at the routers and have a secure system,
we place an burden of trust on the routers. The routers have to be trusted to
enforce access control policy for the keys. This means that the routers need to
be able to treat the key data as separate from other data it may contain. This
line quickly leads one to a "requirement" for a trusted operating system at the
routers. 

>>  No, the "lower layer" does not have to be at the IP
>> layer.  X9.17 includes a three tier key management approach that meets the
>> modular idea, but all of the key management is done at the application
>> layer.  I think that key management should be done in the application
>> layer, not IP.
>

>Let me clarify I also think the lower layer could be an application.

>However I suggest we use an application over UDP for two
>reasons: efficiency and minimizing the requirements (as we hope that the
>key management for IP would be implemented in routers etc.).

>Do you agree?

Best, 
Hugh

---

Follow-Ups:

• Re: basic question: should we allow firewall-like implementations?
• From: " " <amir@watson.ibm.com>

References:

• Re: Modular approach to key management
• From: " " <amir@watson.ibm.com>

---

• Prev by Date: Re: Modular approach to key management
• Next by Date: Re[2]: basic question: should we allow firewall-like impleme
• Prev by thread: Re: Modular approach to key management
• Next by thread: Re: basic question: should we allow firewall-like implementations?
• Index(es):
  • Main
  • Thread