To:
keydist@cafax.se
Cc:
lewis@tislabs.com
From:
Edward Lewis <lewis@tislabs.com>
Date:
Thu, 27 Dec 2001 14:28:58 -0500
Delivery-Date:
Thu Dec 27 20:29:02 2001
Sender:
owner-keydist@cafax.se
Subject:
What are we trying to do?
What is the goal of this effort? My opinion is that we are trying to provide a common means for applications to distribute public keys amongst elements scattered across the (inter)network. I think applications like SSH, IPSEC, and a few others have some shared needs. Other applications, like email, have different needs. (One observation is that the first set do not need to archive keys, the latter does. Another is that the first set could rekey on a connection or session basis, the latter doesn't rekey for a particular message.) I would have guessed that NTP would use keys much the same way as SSH and IPSEC, but NTP uses certificates instead. As far as other applications, I'd have to shrug my shoulders at this point. (In other words, I know I don't know much.) The target service I see is key distribution, perhaps a touch of key management, but far short of key generation, agreement, escrow, revokation, etc. PKI's have a whole lot of service requirements which I believe is beyond our scope, further I think the requirements on PKIs are already understood to some point of maturity and are addressed by the candidates mentioned in another mail (PKIX, SPKI, PGP). As we come to discover the common set of services needed, we will need to study the applications for their use of keys and trust models. During these studies, I see us trying to codify unwritten rules (if not already written). I don't see us trying to modify or strengthen the security of applications - as an explicit goal. I think it is important to hear opinions on "what are we trying to provide?" If we don't discuss this first, we won't know when we are done. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NAI Labs Phone: +1 443-259-2352 Email: lewis@tislabs.com Opinions expressed are property of my evil twin, not my employer.