BCP 107, RFC 4107 on Guidelines for Cryptographic Key Management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A new Request for Comments is now available in online RFC libraries.


        BCP 107
        RFC 4107

        Title:      Guidelines for Cryptographic Key Management
        Author(s):  S. Bellovin, R. Housley
        Status:     Best Current Practice
        Date:       June 2005
        Mailbox:    bellovin@acm.org, housley@vigilsec.com
        Pages:      7
        Characters: 14752
        SeeAlso:    BCP 107

        I-D Tag:    draft-bellovin-mandate-keymgmt-03.txt

        URL:        ftp://ftp.rfc-editor.org/in-notes/rfc4107.txt


The question often arises of whether a given security system requires
some form of automated key management, or whether manual keying is
sufficient.  This memo provides guidelines for making such decisions.
When symmetric cryptographic mechanisms are used in a protocol, the
presumption is that automated key management is generally but not
always needed.  If manual keying is proposed, the burden of proving
that automated key management is not required falls to the proposer.

This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements.  Distribution of this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST@IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST@RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info@RFC-EDITOR.ORG with the message body 
help: ways_to_get_rfcs.  For example:

        To: rfc-info@RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager@RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR@RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


Joyce K. Reynolds and Sandy Ginoza
USC/Information Sciences Institute

...

Below is the data which will enable a MIME compliant Mail Reader 
implementation to automatically retrieve the ASCII version
of the RFCs.
<ftp://ftp.isi.edu/in-notes/rfc4107.txt>
_______________________________________________

IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux