Re: [Mipshop] AW: [Mobopts] Presentation slides for "CXTP using GIST"

From: James Kempf <Kempf(at)docomolabs-usa.com>
Date: Wed Nov 23 2005 - 11:06:30 EST

Section 4:

      Prevent the Domino effect

         Compromise of a single peer MUST NOT compromise keying material
         held by any other peer within the system, including session
         keys and long-term keys.  Likewise, compromise of a single
         authenticator MUST NOT compromise keying material held by any
         other authenticator within the system.  In the context of a key
         hierarchy, this means that the compromise of one node in the
         key hierarchy must not disclose the information necessary to
         compromise other branches in the key hierarchy.  There are many
         implications of this requirement; however, two implications
         deserve highlighting.  First, the scope of the keying material
         must be defined and understood by all parties that communicate
         with a party that holds that keying material.  Second, a party
         that holds keying material in a key hierarchy must not share
         that keying material with parties that are associated with
         other branches in the key hierarchy.

If keys are propagagted by context transfer, compromise of one router/AP causes compromise of all.

            jak

• Original Message ----- From: "COMBES Jean-Michel RD-MAPS-ISS" <jeanmichel.combes@francetelecom.com> To: "James Kempf" <Kempf@docomolabs-usa.com>; "Tschofenig, Hannes" <hannes.tschofenig@siemens.com>; "DENG, HUI -HCHBJ" <hdeng@hitachi.cn>; "Xiaoming Fu" <fu@cs.uni-goettingen.de>; <mobopts@irtf.org>; <mipshop@ietf.org> Cc: "Xiaoming Fu" <fu@cs.uni-goettingen.de> Sent: Wednesday, November 23, 2005 4:04 AM Subject: RE: [Mipshop] AW: [Mobopts] Presentation slides for "CXTP using GIST"

> Hi,
>
>> -----Original Message-----

---

Mobopts mailing list
Mobopts@irtf.org
https://www1.ietf.org/mailman/listinfo/mobopts Received on Wed Nov 23 11:14:14 2005