IETF Logo Mail Archive

[dtn-security] Key Distribution

Ian Glennon <ianglennon@gmail.com> Tue, 29 November 2011 21:26 UTC

Return-Path: <ianglennon@gmail.com>
X-Original-To: dtn-security@ietfa.amsl.com
Delivered-To: dtn-security@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C82B11E80C4 for <dtn-security@ietfa.amsl.com>; Tue, 29 Nov 2011 13:26:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P2JVx9q8mtIH for <dtn-security@ietfa.amsl.com>; Tue, 29 Nov 2011 13:26:35 -0800 (PST)
Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by ietfa.amsl.com (Postfix) with ESMTP id 723E621F8BBA for <dtn-security@irtf.org>; Tue, 29 Nov 2011 13:26:34 -0800 (PST)
Received: by yenq9 with SMTP id q9so9872471yen.13 for <dtn-security@irtf.org>; Tue, 29 Nov 2011 13:26:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=SJvyGkv/nd/sNwqBaNiAix+CLiZEj9Toqng+gDKczRs=; b=a+wQ+PV/LoCYkXdxvnHRrrZZveU5Z6PSt4ymEWmdNvnomvCXgiCK6Rg/aWzN5t3jsq e5YYC7cLKcRgWcbyWBBaeheVJcg0lX+wuF2bXdVDmYETgjCsUq4D2dEOQJEZC3XMrWdo k89RGCBp2xY/b56VepC0Mje/er8IDfqUHHuhI=
MIME-Version: 1.0
Received: by 10.68.5.162 with SMTP id t2mr776677pbt.73.1322601993633; Tue, 29 Nov 2011 13:26:33 -0800 (PST)
Received: by 10.143.163.11 with HTTP; Tue, 29 Nov 2011 13:26:33 -0800 (PST)
Date: Tue, 29 Nov 2011 21:26:33 +0000
Message-ID: <CAJCiAQ2PrKM5WkCbs3CuLNy8HpxvzdkJw8uavx0qpdjF4yF0bQ@mail.gmail.com>
From: Ian Glennon <ianglennon@gmail.com>
To: dtn-security@irtf.org
Content-Type: multipart/alternative; boundary="bcaec52159a502814404b2e646ca"
Subject: [dtn-security] Key Distribution
X-BeenThere: dtn-security@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The Delay-Tolerant Networking Research Group \(DTNRG\) - Security." <dtn-security.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/dtn-security>
List-Post: <mailto:dtn-security@irtf.org>
List-Help: <mailto:dtn-security-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 21:26:39 -0000

I'm considering the following situation...

Nodes A, B and C are Security Aware DTN Nodes.  Node B is an intermediate
DTN node which handles bundles from Node A to Node C.

1) Node A wishes to encrypt a payload for Node C but does not have a local
copy of the public key for Node C.  Node A will sign the payload using its
private key.  How does Node A obtain the public key?

2) Assuming Node A can obtain Node C's public key, Node B wishes to verify
the integrity of the payload.  How does Node B obtain Node A's public key?

3) On receiving the bundle from Node A, Node C wishes to verify the
integrity of the payload.  How does Node C obtain Node A's public key?

Now clearly the answer to 2) will be the same as that for 3), and also
probably the same for 1).  I am considering some kind of Key Distribution
Node, which would manage the distribution of the public keys to the various
DTN nodes.  At what point, though, would the key request be made?  Would it
be made within the DTN protocol, or would it be made by some application
receiving the bundle payload?  My guess is it would be within the DTN
protocol - certainly for 2) as the verification is handled by the protocol
rather than some application overlaying the protocol.

You may see where I'm going with this - a Key Distribution Network
consisting of nodes handling the distribution of public keys - but I'm not
sure whether requests to a node within the KDNetwork needs to be integrated
into the DTN protocol, or whether it can be an application receiving
requests which sits above the DTN protocol.

Any help, guidance or advice gratefully received.

Ian Glennon
ianglennon@gmail.com

v2.23.0 | Report a Bug | By Email