[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: key management

To: "ipsec" <ipsec@ans.net>
Subject: Re: Re[2]: key management
From: "Tim Dean" <DEAN@hydra.dra.hmg.gb>
Date: 15 Dec 94 11:24:00 GMT

For what it's worth, when we were building an IP-layer security protocol, we
realized at an early stage that user level authentication and other security
services could be achieved *without* the necessity of having a separate key per
user in the security layer: in fact one key per end system pair is all that is
needed, provided some kind of user identification field is carried inside each
encrypted packet.

The reason is that you have to trust your security layer to properly handle
data before encryption and after decryption, whether one key or many is used;
and an attacker on the network can't do anything more if everything is
encrypted with one key than he can do with many keys (provided a bit of careful
thought is given to Integrity Check Values).  Therefore you might as well just
use one key.

Doing this also has several other added benefits:

1) The cost of key management is greatly reduced.

2) Management of user ids is totally decoupled from management of Security
Associations (SAs): SAs are hard enough things to manage without interactions
with higher layers adding further complexity.  If they're decoupled, key/SA
rollover can be achieved transparently to the user.

3) The number of users operating over a particular SA is hidden from
eavesdroppers on the network.

Best,
Tim Dean
dean@hydra.dra.hmg.gb

Prev by Date: Ephemeral RSA
Next by Date: Re: Human I&A, IPsec, and their non-relationship
Prev by thread: Re: Re[2]: key management
Next by thread: Re: Re[2]: key management
Index(es):
- Main
- Thread