Re: [HOKEY] consensus call: key delivery security protocol
Yoshihiro Ohba <yohba@tari.toshiba.com> Tue, 07 August 2007 15:18 UTC
Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIQoz-0007G3-IS; Tue, 07 Aug 2007 11:18:09 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIQoy-0007Eh-RB for hokey@ietf.org; Tue, 07 Aug 2007 11:18:08 -0400
Received: from mgw.toshibaamericaresearch.com ([165.254.55.12] helo=toshi17.tari.toshiba.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IIQoy-0003jT-6V for hokey@ietf.org; Tue, 07 Aug 2007 11:18:08 -0400
Received: from steelhead.localdomain (toshi17.tari.toshiba.com [172.30.24.10]) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id l77FHlO5078465; Tue, 7 Aug 2007 11:17:47 -0400 (EDT) (envelope-from yohba@tari.toshiba.com)
Received: from ohba by steelhead.localdomain with local (Exim 4.67) (envelope-from <yohba@tari.toshiba.com>) id 1IIQoV-0004Yd-3u; Tue, 07 Aug 2007 11:17:39 -0400
Date: Tue, 07 Aug 2007 11:17:37 -0400
To: Charles Clancy <clancy@cs.umd.edu>
Subject: Re: [HOKEY] consensus call: key delivery security protocol
Message-ID: <20070807151737.GG16703@steelhead.localdomain>
References: <46A4E634.8060708@cs.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Disposition: inline
In-Reply-To: <46A4E634.8060708@cs.umd.edu>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org
I was taking vacation and sorry for delayed response. How does option #1 with hop-by-hop security satisfy draft-housley-aaa-key-mgmt-09.txt, especially "Authenticate all parties" and "Keying material confidentiality and integrity" requirements? Regards, Yoshihiro Ohba On Mon, Jul 23, 2007 at 01:32:36PM -0400, Charles Clancy wrote: > Related issue: #28 > > The current key distribution document describes protocols that require a > shared key between the server and third party. According to RFC 4107, > we are required to specify how those keys are provisioned. The result > was 3 options: > > #1: convert the current protocol into one that uses hop-by-hop security > with channel bindings based on AAA > > #2: define a protocol to provision keys, as necessary, between AAA > servers and any remote AAA client that needs a pairwise key for > end-to-end security > > #3: use something like cross-realm Kerberos to provide the necessary > cryptographics to improve upon hop-by-hop security > > An initial hum eliminated option #2. A vote for options #1 and #3 > yielded 23 in favor of #1 and 11 in favor of #3. This email is to > confirm the consensus in the room during the meeting. > > Please comment by August 2. > > -- > t. charles clancy, ph.d. <> tcc@umd.edu <> eng.umd.edu/~tcc > adjunct professor, electrical engineering, university of maryland > > _______________________________________________ > HOKEY mailing list > HOKEY@ietf.org > https://www1.ietf.org/mailman/listinfo/hokey > _______________________________________________ HOKEY mailing list HOKEY@ietf.org https://www1.ietf.org/mailman/listinfo/hokey
- [HOKEY] consensus call: key delivery security pro… Charles Clancy
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- Re: [HOKEY] consensus call: key delivery security… T. Charles Clancy
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn (gwz)
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Alper Yegin
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Madjid Nakhjiri
- Re: [HOKEY] consensus call: key delivery security… Sam Hartman
- RE: [HOKEY] consensus call: key delivery security… Madjid Nakhjiri
- Re: [HOKEY] consensus call: key delivery security… Dan Harkins
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn
- Re: [HOKEY] consensus call: key delivery security… Sam Hartman
- Re: [HOKEY] consensus call: key delivery security… Yoshihiro Ohba
- RE: [HOKEY] consensus call: key delivery security… Dan Harkins
- RE: [HOKEY] consensus call: key delivery security… Glen Zorn
- RE: [HOKEY] consensus call: key delivery security… Dan Harkins