[dtn-security] Key Management hop-by-hop ciphersuite

<M.Bhutta@surrey.ac.uk> Mon, 08 June 2009 19:14 UTC

Received: from mail78.messagelabs.com (mail78.messagelabs.com [195.245.230.131]) by maillists.intel-research.net (8.13.8/8.13.8) with SMTP id n58JEI6h022246 for <dtn-security@maillists.intel-research.net>; Mon, 8 Jun 2009 12:14:18 -0700
X-VirusChecked: Checked
X-Env-Sender: M.Bhutta@surrey.ac.uk
X-Msg-Ref: server-10.tower-78.messagelabs.com!1244487989!63812660!1
X-StarScan-Version: 6.0.0; banners=-,-,-
X-Originating-IP: [131.227.102.140]
Received: (qmail 13126 invoked from network); 8 Jun 2009 19:06:29 -0000
Received: from ads40.surrey.ac.uk (HELO ads40.surrey.ac.uk) (131.227.102.140) by server-10.tower-78.messagelabs.com with SMTP; 8 Jun 2009 19:06:29 -0000
Received: from EVS-EC1-NODE2.surrey.ac.uk ([131.227.102.137]) by ads40.surrey.ac.uk with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Jun 2009 20:06:28 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9E86C.39D8256A"
Date: Mon, 8 Jun 2009 20:06:28 +0100
Message-ID: <89E48AE60E64EF4E8EB32B0B7EC74920A1B159@EVS-EC1-NODE2.surrey.ac.uk>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Key Management hop-by-hop ciphersuite
Thread-Index: AcnobDnQ7GznLCbpR2esYNvzODafxw==
From: <M.Bhutta@surrey.ac.uk>
To: <dtn-security@maillists.intel-research.net>
X-OriginalArrivalTime: 08 Jun 2009 19:06:28.0909 (UTC) FILETIME=[3A4E45D0:01C9E86C]
Subject: [dtn-security] Key Management hop-by-hop ciphersuite
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2009 19:14:19 -0000

Hi, 

>From internet-draft "Key Management Requirements", it is a requirement that key management should support all mandatory ciphersuites. 
      For Hop-by-Hop integrity and authentication, the ciphersuite BAB-HMAC only supports symmetric cryptography.. 

     1.  Does this means, when we are looking for key establishment while assuming pre-installed public keys, then we also have to take assumption that symmetric keys also exist between two nodes for hop-by-hop authentication and integrity.. 

     2. Are we not making Key Management dependent on distribution of symmetric keys between forwarder and intermediate receiver while using public key  only.. 

Please comment... 

thanks 

regards,
Nasir