[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ipsec] FW: Key Recovery
IETF protocols (like IKE) tend to not support technologies such as key
recovery.
That is "the Danvers Doctrine".
>From: CJ Gibson <cjgibson@semaphorecom.com>
>To: ipsec@tis.com, ipsec@ns.ncsa.com
>Cc: margaret <mgaynes@semaphorecom.com>,
> prashant
> <prashant@semaphorecom.com>
>Subject: [ipsec] FW: Key Recovery
>Date: Thu, 9 Apr 1998 12:00:03 -0700
>X-Mailer: Internet Mail Service (5.0.1458.49)
>Sender: owner-ipsec@ns.ncsa.com
>
>Can anybody out there help us with this issue of Key Recovery ?? Have
>any of you decided to implement this ??
>Thanks in advance,
> CJ
>
>-----Original Message-----
>From: CJ Gibson [SMTP:cjgibson@semaphorecom.com]
>Sent: Thursday, April 09, 1998 11:52 AM
>To: Margaret Gaynes
>Cc: cj; Roger Wang
>Subject: RE: Key Recovery
>
>Reply at bottom of note..
> -----Original Message-----
> From: Margaret Gaynes [SMTP:mgaynes@semaphorecom.com]
> Sent: Thursday, April 09, 1998 11:11 AM
> To: CJ
> Cc: Roger Wang
> Subject: Key Recovery
>
>By the end of the year we have to implement Key Recovery using
>the TIS
>RecoverKey tool kit. The way it works is that each encrypted
>packet has
>a Key Recovery Field (KRF) that travels with the encrypted data.
>It is
>the session key and recovery info encrypted with the public RSA
>key of
>the Key Recovery Center (KRC). If the key needs to be recovered,
>it can
>only be done with the private key of the KRC. You have to prove
>to the
>KRC with a subpoena or whatever that you are entitled to the data.
>For FR and SMDS adding this data to the packet is no problem
>because we
>control the packet contents. However, how does this fit in with
>IPSEC
>and IKE?
>Is there an IKE option that says "TIS key recovery" packet format?
>
>
>
>Not that I know of. I'll send this out on the IPSEC list to see what
>others are doing...
>--CJ
>
>