FW: Key Recovery

[CJ Gibson <cjgibson@semaphorecom.com>]

Can anybody out there help us with this issue of Key Recovery ?? Have
any of you decided to implement this ??
Thanks in advance,
					CJ

-----Original Message-----
From:	CJ Gibson [SMTP:cjgibson@semaphorecom.com]
Sent:	Thursday, April 09, 1998 11:52 AM
To:	Margaret Gaynes
Cc:	cj; Roger Wang
Subject:	RE: Key Recovery

Reply at bottom of note..
	-----Original Message-----
	From:	Margaret Gaynes [SMTP:mgaynes@semaphorecom.com]
	Sent:	Thursday, April 09, 1998 11:11 AM
	To:	CJ
	Cc:	Roger Wang
	Subject:	Key Recovery

By the end of the year we have to implement Key Recovery using
the TIS
RecoverKey tool kit. The way it works is that each encrypted
packet has
a Key Recovery Field (KRF) that travels with the encrypted data.
It is
the session key and recovery info encrypted with the public RSA
key of
the Key Recovery Center (KRC). If the key needs to be recovered,
it can
only be done with the private key of the KRC. You have to prove
to the
KRC with a subpoena or whatever that you are entitled to the data. 
For FR and SMDS adding this data to the packet is no problem
because we
control the packet contents. However, how does this fit in with
IPSEC
and IKE? 
Is there an IKE option that says "TIS key recovery" packet format?



Not that I know of.  I'll send this out on the IPSEC list to see what
others are doing...
--CJ

---

Follow-Ups:

• Re: [ipsec] FW: Key Recovery
• From: Robert Moskowitz <rgm@ns.ncsa.com>
• Re: FW: Key Recovery
• From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

---

• Prev by Date: Re: a simple question, I hope. Why do we need tunnel mode?
• Next by Date: Re: ESP Pad byte changes
• Prev by thread: Re: IPsec re-defining IP-in-IP?
• Next by thread: Re: [ipsec] FW: Key Recovery
• Index(es):
  • Main
  • Thread