> -----Original Message----- > From: Russ Housley [mailto:housley@xxxxxxxxxxxx] > Sent: Wednesday, November 15, 2006 3:13 PM > To: Joseph Salowey (jsalowey); Bernard Aboba; ietf@xxxxxxxx > Subject: RE: Last Call: 'Guidance for AAA Key management' to > BCP (draft-housley-aaa-key-mgmt) > > Joe: > > > > 5. Unique Key Names > > > > > > This section states "the key name MUST NOT be based on the keying > > > material itself." 802.11i uses this technique; are there > > > vulnerabilities associated with this? > > Does this proposed text resolve your concern? > > AAA key management proposals require a robust key naming > scheme, particularly where key caching is supported. The key > name provides a way to refer to a key in a protocol so that > it is clear to all parties which key is being referenced. > Objects that cannot be named cannot be managed. All keys > MUST be uniquely named, and the key name MUST NOT directly or > indirectly disclose the keying material. If the key name is > not based on the keying material, then one can be sure that > it cannot be used to assist in a search for the key value. [Joe] Looks good. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf