Re: [dtn-interest] BSP and key management
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 30 October 2007 18:17 UTC
Received: from mail.newbay.com (87-198-172-198.ptr.magnet.ie [87.198.172.198]) by maillists.intel-research.net (8.13.8/8.13.7) with ESMTP id l9UIHncv011340 for <dtn-interest@mailman.dtnrg.org>; Tue, 30 Oct 2007 11:17:49 -0700
Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.newbay.com (Postfix) with ESMTP id 1C6CF1004154F; Tue, 30 Oct 2007 18:17:45 +0000 (GMT)
X-Virus-Scanned: amavisd-new at newbay.com
Received: from mail.newbay.com ([127.0.0.1]) by localhost (mail.newbay.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5G+R55qWd1k; Tue, 30 Oct 2007 18:17:44 +0000 (GMT)
Received: from [127.0.0.1] (unknown [192.168.2.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.newbay.com (Postfix) with ESMTP id 3D5A41004154A; Tue, 30 Oct 2007 18:17:44 +0000 (GMT)
Message-ID: <4727754A.5060903@cs.tcd.ie>
Date: Tue, 30 Oct 2007 18:17:46 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Peter Lovell <peter.lovell@sparta.com>
References: <20071030180202.1187477270@127.0.0.1>
In-Reply-To: <20071030180202.1187477270@127.0.0.1>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: dtn interest <dtn-interest@mailman.dtnrg.org>
Subject: Re: [dtn-interest] BSP and key management
X-BeenThere: dtn-interest@mailman.dtnrg.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Delay Tolerant Networking Interest List <dtn-interest.mailman.dtnrg.org>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-interest>, <mailto:dtn-interest-request@mailman.dtnrg.org?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-interest>
List-Post: <mailto:dtn-interest@mailman.dtnrg.org>
List-Help: <mailto:dtn-interest-request@mailman.dtnrg.org?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-interest>, <mailto:dtn-interest-request@mailman.dtnrg.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2007 18:17:50 -0000
Good that we're starting on this (and well done with the BSP code!). Something that might be attractive here is TESLA. [1] I reckon it, or some variant, might be an interesting way of versioning keys based on symmetric crypto. Whatcha think? S. [1] http://www.ietf.org/rfc/rfc4082.txt Peter Lovell wrote: > The first open issue relates to how we handle key management. > > Various of us have different ideas of exactly what it means -- what's in > and what's not. And each of these has a number of component parts. > > One obvious component is some kind of information-store or database > where keys or key-material are saved. There are also the processes for > interacting with local users of the key storage, forming what might be > called a "key service". Another is the interaction mechanism for a key- > service at one location and a remote key-service at another. > > My goal is for this thread to decide which things should go into BSP > specification and which should more properly be in the new KM spec > initiated by Stephen > <http://www.ietf.org/internet-drafts/draft-farrell-dtnrg-km-00.txt> > and then reach closure on at least the BSP portions. > >>From the BSP standpoint, I see two main items:- > 1. what minimum capability is required in support of the mandatory > ciphersuites > 2. what does key material look like in a bundle > > The term "key material" used for a bundle is expansive and encompasses > all the keys and related "stuff" such as certificates, IVs, signatures, > key references or identifiers, etc etc. > > The other requirements and characteristics seem to be better placed in > the KM spec, things like:- > 1. key-wrap using symmetric and assymetric keys > (algorithms, procedures etc) > 2. rules for storage (protection) and usage of key material > 3. key exchange and/or negotiation protocol between nodes > (BSP itself never negotiates keys) > > > Thanks.....Peter > > p.s. we only look at KEKs here, not traffic keys > > > > _______________________________________________ > dtn-interest mailing list > dtn-interest@mailman.dtnrg.org > http://maillists.intel-research.net/mailman/listinfo/dtn-interest >
- Re: [dtn-interest] BSP and key management Stephen Farrell
- [dtn-interest] BSP and key management Peter Lovell