RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

To: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>, "Bernard Aboba" <aboba at internaut.com>,<ietf at ietf.org>
Subject: RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)
From: Russ Housley <housley at vigilsec.com>
Date: Wed, 15 Nov 2006 18:13:23 -0500
Cc:
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE502C370FC@xmb-sjc-225.amer. cisco.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <AC1CFD94F59A264488DC2BEC3E890DE502C370FC@xmb-sjc-225.amer.cisco.com>

Joe:

> 5. Unique Key Names
>
> This section states "the key name MUST NOT be based on the
> keying material itself." 802.11i uses this technique; are
> there vulnerabilities associated with this?


Does this proposed text resolve your concern?

AAA key management proposals require a robust key naming scheme,
particularly where key caching is supported.  The key name provides a
way to refer to a key in a protocol so that it is clear to all parties
which key is being referenced.  Objects that cannot be named cannot be
managed.  All keys MUST be uniquely named, and the key name MUST NOT
directly or indirectly disclose the keying material.  If the key name
is not based on the keying material, then one can be sure that it cannot
be used to assist in a search for the key value.

Russ


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)
  - From: Joseph Salowey \(jsalowey\)

Prev by Date: Re: WG Review: Recharter of Internet Emergency Preparedness (ieprep)
Next by Date: review of draft-cam-winget-eap-fast-05.txt
Previous by thread: RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)
Next by thread: RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.