IETF Logo Mail Archive

Re: [HOKEY] consensus call: key delivery security protocol

Yoshihiro Ohba <yohba@tari.toshiba.com> Tue, 07 August 2007 15:18 UTC

Return-path: <hokey-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIQoz-0007G3-IS; Tue, 07 Aug 2007 11:18:09 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IIQoy-0007Eh-RB for hokey@ietf.org; Tue, 07 Aug 2007 11:18:08 -0400
Received: from mgw.toshibaamericaresearch.com ([165.254.55.12] helo=toshi17.tari.toshiba.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IIQoy-0003jT-6V for hokey@ietf.org; Tue, 07 Aug 2007 11:18:08 -0400
Received: from steelhead.localdomain (toshi17.tari.toshiba.com [172.30.24.10]) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id l77FHlO5078465; Tue, 7 Aug 2007 11:17:47 -0400 (EDT) (envelope-from yohba@tari.toshiba.com)
Received: from ohba by steelhead.localdomain with local (Exim 4.67) (envelope-from <yohba@tari.toshiba.com>) id 1IIQoV-0004Yd-3u; Tue, 07 Aug 2007 11:17:39 -0400
Date: Tue, 07 Aug 2007 11:17:37 -0400
To: Charles Clancy <clancy@cs.umd.edu>
Subject: Re: [HOKEY] consensus call: key delivery security protocol
Message-ID: <20070807151737.GG16703@steelhead.localdomain>
References: <46A4E634.8060708@cs.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Disposition: inline
In-Reply-To: <46A4E634.8060708@cs.umd.edu>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: hokey@ietf.org
X-BeenThere: hokey@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: HOKEY WG Mailing List <hokey.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hokey>
List-Post: <mailto:hokey@ietf.org>
List-Help: <mailto:hokey-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hokey>, <mailto:hokey-request@ietf.org?subject=subscribe>
Errors-To: hokey-bounces@ietf.org

I was taking vacation and sorry for delayed response.

How does option #1 with hop-by-hop security satisfy
draft-housley-aaa-key-mgmt-09.txt, especially "Authenticate all
parties" and "Keying material confidentiality and integrity"
requirements?

Regards,
Yoshihiro Ohba



On Mon, Jul 23, 2007 at 01:32:36PM -0400, Charles Clancy wrote:
> Related issue: #28
> 
> The current key distribution document describes protocols that require a 
> shared key between the server and third party.  According to RFC 4107, 
> we are required to specify how those keys are provisioned.  The result 
> was 3 options:
> 
> #1: convert the current protocol into one that uses hop-by-hop security 
> with channel bindings based on AAA
> 
> #2: define a protocol to provision keys, as necessary, between AAA 
> servers and any remote AAA client that needs a pairwise key for 
> end-to-end security
> 
> #3: use something like cross-realm Kerberos to provide the necessary 
> cryptographics to improve upon hop-by-hop security
> 
> An initial hum eliminated option #2.  A vote for options #1 and #3 
> yielded 23 in favor of #1 and 11 in favor of #3.  This email is to 
> confirm the consensus in the room during the meeting.
> 
> Please comment by August 2.
> 
> -- 
> t. charles clancy, ph.d.  <>  tcc@umd.edu  <>  eng.umd.edu/~tcc
> adjunct professor, electrical engineering, university of maryland
> 
> _______________________________________________
> HOKEY mailing list
> HOKEY@ietf.org
> https://www1.ietf.org/mailman/listinfo/hokey
> 

_______________________________________________
HOKEY mailing list
HOKEY@ietf.org
https://www1.ietf.org/mailman/listinfo/hokey

v2.23.0 | Report a Bug | By Email