RE: Last Call: 'Guidance for AAA Key management' to BCP (draft-housley-aaa-key-mgmt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joe:

> 5. Unique Key Names
>
> This section states "the key name MUST NOT be based on the
> keying material itself." 802.11i uses this technique; are
> there vulnerabilities associated with this?

Does this proposed text resolve your concern?

AAA key management proposals require a robust key naming scheme,
particularly where key caching is supported.  The key name provides a
way to refer to a key in a protocol so that it is clear to all parties
which key is being referenced.  Objects that cannot be named cannot be
managed.  All keys MUST be uniquely named, and the key name MUST NOT
directly or indirectly disclose the keying material.  If the key name
is not based on the keying material, then one can be sure that it cannot
be used to assist in a search for the key value.

Russ

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]