Re: Public key distribution methods?

[Stephen Kent <kent@bbn.com>]

At 12:03 PM +0200 11/4/02, Teemu Alakoski wrote:
>Hi,
>
>I'm writing my diploma thesis about key exchange and public key
>distribution in IPSec environment.
>
>I would like to know what are opinions on this list concerning different
>ways to distribute public keys for use in IKE/IKEv2 authentication. I have
>understood that LDAPv3 is the strongest candidate for this purpose, and
>another mechanism is DNS TXT RRs as described in
>draft-richardson-ipsec-opportunistic -draft. Are there other mechanisms that
>should be taken into consideration?
>
>Or should I be asking this on the pkix mailing list?
>
>Thanks
>Teemu Alakoski

Teemu,

Since IKE has provisions to "push" certs and CRLs to an IPsec (IKE) 
peer, neither DNS nor LDAP is needed as a means to distribute these 
data items. Note that unlike e-mail, where a sender needs to know the 
cert for a recipient before the sender can encrypt a message for that 
recipient, IPsec as a realtime protocol can exchange all of the PKI 
data items needed during the SA establishment procedure.

To be fair, there are some limitations with this approach. First, it 
means moving more bits across the wire during SA establishment, and 
we have seen some problems re fragmentation when the IKE UDP packets 
get big, e.g., as a result of packing in too many certs/CRLs.  Also, 
if one wants to keep the number of messages exchanged to a minimum, 
there is the issue of what cert path to send to the other IPsec peer. 
In general, one does not know what roots the other peer knows and 
thus what path will be usable by them. So, one can argue for using 
repositories such as the DNS or LDAP servers to hold certs and CRLs 
for CAs "higher up the cert path" to minimize the amount of PKI data 
two IKE peers put in messages, and to keep the message exchanges to a 
minimum.

Steve