Re: [HOKEY] Key Management Issues
li.chunqiang@huawei.com Tue, 18 March 2008 01:58 UTC
Return-Path: <hokey-bounces@ietf.org>
X-Original-To: ietfarch-hokey-archive@core3.amsl.com
Delivered-To: ietfarch-hokey-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 24A013A6EAF; Mon, 17 Mar 2008 18:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.844
X-Spam-Level:
X-Spam-Status: No, score=-99.844 tagged_above=-999 required=5 tests=[AWL=-0.007, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_21=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nS4CSlK0M8Cz; Mon, 17 Mar 2008 18:58:45 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 432E73A6A5A; Mon, 17 Mar 2008 18:58:45 -0700 (PDT)
X-Original-To: hokey@core3.amsl.com
Delivered-To: hokey@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CCDD13A688A for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 18:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k1glYWcG5qSx for <hokey@core3.amsl.com>; Mon, 17 Mar 2008 18:58:42 -0700 (PDT)
Received: from szxga03-in.huawei.com (unknown [61.144.161.55]) by core3.amsl.com (Postfix) with ESMTP id 064FB3A67C0 for <hokey@ietf.org>; Mon, 17 Mar 2008 18:58:42 -0700 (PDT)
Received: from huawei.com (szxga03-in [172.24.2.9]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JXW00IK9LDMIV@szxga03-in.huawei.com> for hokey@ietf.org; Tue, 18 Mar 2008 09:56:10 +0800 (CST)
Received: from huawei.com ([172.24.1.18]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JXW00HRZLDK96@szxga03-in.huawei.com> for hokey@ietf.org; Tue, 18 Mar 2008 09:56:10 +0800 (CST)
Received: from l50323 ([10.164.9.74]) by szxml03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0JXW00APXLDKQO@szxml03-in.huawei.com> for hokey@ietf.org; Tue, 18 Mar 2008 09:56:08 +0800 (CST)
Date: Tue, 18 Mar 2008 09:56:07 +0800
From: li.chunqiang@huawei.com
To: Yoshihiro Ohba <yohba@tari.toshiba.com>, Charles Clancy <clancy@cs.umd.edu>
Message-id: <002401c8889b$3bac11a0$4a09a40a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-Priority: 3
X-MSMail-priority: Normal
References: <47DF06C9.1010601@cs.umd.edu> <20080318011610.GD29388@steelhead.localdomain>
Cc: hokey@ietf.org
Subject: Re: [HOKEY] Key Management Issues
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: hokey-bounces@ietf.org
Errors-To: hokey-bounces@ietf.org
Subject: Re: [HOKEY] Key Management Issues > Since "ERX fraud issue" raised by Bernard still remains unresolved (at > least I am not convinced at all), I have a reservation on removing > KDE1 and KDE4 from KDE exchange. KDE1 and KDE4 provide peer consent > for DSRK key distribution, which addresses ERX fraud issue. > > Yoshihiro Ohba Yes, and it is not compliant with the requirements in RFC4962 if removing the KDE1 and KDE4. > > On Mon, Mar 17, 2008 at 08:03:21PM -0400, Charles Clancy wrote: >> All, >> >> During IETF 71, there was relatively strong room consensus for the >> following changes to the key management document: >> >> - Remove ALL encryption from existing key-mgm document; elimination >> of KDE0, KDE1, and KDE 4 >> - Lay out security requirements for hop-by-hop security, apply to >> all transports >> - Define RADIUS attribute for key request and transport to meet >> HOKEY needs >> >> First, for anyone who did not register an opinion during the meeting, >> here's your chance. >> >> Secondly, we need to figure out how to evolve the document to meet these >> requirements. I suggest the authors of draft-ietf-hokey-key-mgm-03 and >> draft-gaonkar-radext-erp-attrs-03 work together to merge their two >> documents, and create draft-ietf-hokey-key-mgm-04. Parts of >> draft-gaonkar-radext-erp-attrs-03 that are specific to ERX should remain >> in place (i.e. text updating RFC 3579) for a v04 of that document. >> >> I've created the following issues to track these changes: >> >> KM: AAA security >> http://www.ltsnet.net:8080/hokey/issue40 >> >> KM: AAA transport >> http://www.ltsnet.net:8080/hokey/issue41 >> >> KM: transport security requirements >> http://www.ltsnet.net:8080/hokey/issue42 >> >> -- >> t. charles clancy, ph.d. eng.umd.edu/~tcc >> electrical & computer engineering, university of maryland >> _______________________________________________ >> HOKEY mailing list >> HOKEY@ietf.org >> https://www.ietf.org/mailman/listinfo/hokey >> > _______________________________________________ > HOKEY mailing list > HOKEY@ietf.org > https://www.ietf.org/mailman/listinfo/hokey _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www.ietf.org/mailman/listinfo/hokey
- [HOKEY] Key Management Issues Charles Clancy
- Re: [HOKEY] Key Management Issues Yoshihiro Ohba
- Re: [HOKEY] Key Management Issues li.chunqiang