Re: [karp] I-D Action: draft-ietf-karp-crypto-key-table-04.txt
Uma Chunduri <uma.chunduri@ericsson.com> Tue, 23 October 2012 00:46 UTC
Return-Path: <uma.chunduri@ericsson.com>
X-Original-To: karp@ietfa.amsl.com
Delivered-To: karp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DE0301F0429 for <karp@ietfa.amsl.com>; Mon, 22 Oct 2012 17:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.479
X-Spam-Level:
X-Spam-Status: No, score=-6.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oj2xo3sDxqfz for <karp@ietfa.amsl.com>; Mon, 22 Oct 2012 17:46:47 -0700 (PDT)
Received: from imr3.ericy.com (imr3.ericy.com [198.24.6.13]) by ietfa.amsl.com (Postfix) with ESMTP id 6372E21F8906 for <karp@ietf.org>; Mon, 22 Oct 2012 17:46:47 -0700 (PDT)
Received: from eusaamw0712.eamcs.ericsson.se ([147.117.20.181]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id q9N0kk6U029962 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 22 Oct 2012 19:46:46 -0500
Received: from EUSAAHC003.ericsson.se (147.117.188.81) by eusaamw0712.eamcs.ericsson.se (147.117.20.181) with Microsoft SMTP Server (TLS) id 8.3.279.1; Mon, 22 Oct 2012 20:46:45 -0400
Received: from EUSAAMB105.ericsson.se ([147.117.188.122]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.02.0318.001; Mon, 22 Oct 2012 20:46:45 -0400
From: Uma Chunduri <uma.chunduri@ericsson.com>
To: Russ Housley <housley@vigilsec.com>
Thread-Topic: [karp] I-D Action: draft-ietf-karp-crypto-key-table-04.txt
Thread-Index: AQHNsKfEDHS8NN8Q9UOhREQbxLpkv5fF/fmggABKfYD//77RwA==
Date: Tue, 23 Oct 2012 00:46:45 +0000
Message-ID: <1B502206DFA0C544B7A6046915200863011CD1@EUSAAMB105.ericsson.se>
References: <20121022225043.25241.45532.idtracker@ietfa.amsl.com> <1B502206DFA0C544B7A6046915200863011C81@EUSAAMB105.ericsson.se> <4C84D429-416F-4A63-9C83-DA16EF243026@vigilsec.com>
In-Reply-To: <4C84D429-416F-4A63-9C83-DA16EF243026@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.134]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "karp@ietf.org" <karp@ietf.org>
Subject: Re: [karp] I-D Action: draft-ietf-karp-crypto-key-table-04.txt
X-BeenThere: karp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion list for key management for routing and transport protocols <karp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/karp>, <mailto:karp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/karp>
List-Post: <mailto:karp@ietf.org>
List-Help: <mailto:karp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/karp>, <mailto:karp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2012 00:46:48 -0000
Hello Russ,
>>>>> I have worked through the use of pairwise keys (used in just one direction or both directions)
>>>>> as well as multicast keys. The current table supports all of these cases. I do not understand
>>>>> why you want two separate tables. Clearly, you are thinking about this differently than I am.
>>>>> Can you explain how two tables will make implementation easier?
[Uma]: Let's focus on only from the key life time perspective. Some IGPs do require life times in the
specified format to make key transition easier. But, I don't see how to fit these 4 parameters
for pair wise keys. For e.g. for TCP based pair-wise keys, when new master key is negotiated by
KMP, TCP-AO makes coordinated key transition with the peer. Not at all based on the key table
time entries specified. In that sense the entries defined today useful and enable protocols
e.g., group-key RPs, who don't have a defined way of key transition and more over do security
by themselves (make sense there).
Now, I stepped back to think on how to use for pair-wise protocols and not able to connect the
dots here. Do you see these are operator inputs or KMP negotiated and how one would use these entries?
--
Uma C.
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Uma Chunduri
- [karp] I-D Action: draft-ietf-karp-crypto-key-tab… internet-drafts
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Uma Chunduri
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Russ Housley
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Russ Housley
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Brian Weis
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Joel M. Halpern
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Russ Housley
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Brian Weis
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Russ Housley
- Re: [karp] I-D Action: draft-ietf-karp-crypto-key… Joel Halpern Direct