RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

To: "Russ Housley" <housley at vigilsec.com>, "Bernard Aboba" <aboba at internaut.com>, <ietf at ietf.org>
Subject: RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)
From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
Date: Mon, 20 Nov 2006 20:47:18 -0800
Authentication-results: sj-dkim-1; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1002 verified; );
Cc:
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1221; t=1164084439; x=1164948439; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20Last=20Call=3A=20'Guidance=20for=20AAA=20Key=20manage ment'=20to=20BCP=20=20(draft-housley-aaa-key-mgmt) |Sender:=20; bh=Oiv/lZP8a19Z8soA1Rg8GK4DMgrDFkVU5PjPo4MlYG8=; b=AzWqoEo82SoAhM6sCHe2Jsm91S8q8acpfvC+aaHu3Z8U7x4khWwq5vR0hJwRD0HRHRZ0tAFo qD7zh4aaIkPgCdwOp+9riqR0JA6GNoe4mQDIFwLyPkImekV/2J7bonnH;
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
Thread-index: AccJLzriv9vOsrGSSH6SljGoTihIyAD+LceQ
Thread-topic: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

 

> -----Original Message-----
> From: Russ Housley [mailto:housley at vigilsec.com] 
> Sent: Wednesday, November 15, 2006 3:13 PM
> To: Joseph Salowey (jsalowey); Bernard Aboba; ietf at ietf.org
> Subject: RE: Last Call: 'Guidance for AAA Key management' to 
> BCP (draft-housley-aaa-key-mgmt)
> 
> Joe:
> 
> > > 5. Unique Key Names
> > >
> > > This section states "the key name MUST NOT be based on the keying 
> > > material itself." 802.11i uses this technique; are there 
> > > vulnerabilities associated with this?
> 
> Does this proposed text resolve your concern?
> 
> AAA key management proposals require a robust key naming 
> scheme, particularly where key caching is supported.  The key 
> name provides a way to refer to a key in a protocol so that 
> it is clear to all parties which key is being referenced.  
> Objects that cannot be named cannot be managed.  All keys 
> MUST be uniquely named, and the key name MUST NOT directly or 
> indirectly disclose the keying material.  If the key name is 
> not based on the keying material, then one can be sure that 
> it cannot be used to assist in a search for the key value.

[Joe] Looks good.  

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Prev by Date: RE: [ietf-dkim] Re: Last Call: 'DomainKeys Identified Mail (DKIM)Signatures' to Proposed Standard (draft-ietf-dkim-base)
Next by Date: Re: [ietf-dkim] Re: Last Call: 'DomainKeys Identified Mail (DKIM)Signatures' to Proposed Standard (draft-ietf-dkim-base)
Previous by thread: RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)
Next by thread: Re: WG Review: Network Endpoint Assessment (nea)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.