-----Original Message-----
From: Russ Housley [mailto:housley(_at_)vigilsec(_dot_)com]
Sent: Wednesday, November 15, 2006 3:13 PM
To: Joseph Salowey (jsalowey); Bernard Aboba; ietf(_at_)ietf(_dot_)org
Subject: RE: Last Call: 'Guidance for AAA Key management' to
BCP (draft-housley-aaa-key-mgmt)
Joe:
5. Unique Key Names
This section states "the key name MUST NOT be based on the keying
material itself." 802.11i uses this technique; are there
vulnerabilities associated with this?
Does this proposed text resolve your concern?
AAA key management proposals require a robust key naming
scheme, particularly where key caching is supported. The key
name provides a way to refer to a key in a protocol so that
it is clear to all parties which key is being referenced.
Objects that cannot be named cannot be managed. All keys
MUST be uniquely named, and the key name MUST NOT directly or
indirectly disclose the keying material. If the key name is
not based on the keying material, then one can be sure that
it cannot be used to assist in a search for the key value.
[Joe] Looks good.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf