RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Vidya:

My concern is the origins of this whole effort.

In March 2003, I was asked to put together criteria for acceptable AAA key management. I received this request at the beginning of IETF 56, and it resulted in the "Key Management in AAA" presentation to the AAA WG a few days later. This was the meeting where I was appointed to the position of Security Area Director. The slides are the basis of this document:
   http://www.ietf.org/proceedings/03mar/slides/aaa-5/index.html

People asked for explanation of the bullets on two slides. This document captures the verbal explanation that has been given many times. The goal is to generate a BCP, putting an end to verbal lore.

As a result, this document is focused on AAA-based key management, and while the principles surely apply to other contexts, it uses AAA jargon and other AAA-specific stuff.

Russ

At 03:54 PM 11/7/2006, Narayanan, Vidya wrote:
> Vidya:
>
> > > I agree, the document is really addressing AAA/EAP key management.
> >
> >Why would the scope be limited to EAP? It seems to me that
> most, if not
> >all, of the requirements would be applicable to just about any
> >AAA-based key management protocol. Would it not be useful to
> generalize it?
>
> You are right.  It is about AAA key management protocols,
> which includes various features of EAP, RADIUS, Diameter, and
> secure association protocols.
>


Hmmm, I was thinking that the scope could be broader than that. There
are key management protocols that try to re-use the AAA framework, some
just for transport and others for more than that. Many of these may
start with a PSK and define derivation of keys needed for the specific
application, but then use AAA for transport of the exchange and
generated keys.

Is there a reason why this document would not be applicable to such
scenarios?

Vidya


> Is the document introduction clear about the scope?
>
> Russ
>
>


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]