[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC-PIB as mechanism for key distribution

To: ipsec-policy@xxxxxxxx
Subject: IPSEC-PIB as mechanism for key distribution
From: "Félix J.García Clemente" <fgarcia@xxxxxxxxx>
Date: Thu, 15 Apr 2004 19:14:45 +0200
List-archive: <http://www.vpnc.org/ipsec-policy/mail-archive/>
List-id: <ipsec-policy.vpnc.org>
List-unsubscribe: <mailto:ipsec-policy-request@vpnc.org?body=unsubscribe>
Sender: owner-ipsec-policy@xxxxxxxxxxxxx

Hello all,
IPSEC-PIB has several attributes to specify keys. The attribute
ipSecXXTransformIntegrityKey specifies the integrity key to be used and
the attribute ipSecEspTransformCipherKey specifies the cipher key to be
used. And the attribute ipSecIkeAssociationPresharedKey contains the
pre-shared key.
It means that IPSEC-PIB is used to distribute keys, doesn't it?.

I have noted that the keys don't have a specific class where can be
defined (for example ipSecSharedSecret) and then they must be specified
in other classes and it is not possible to reference them.
Even the keys are transported by PIB in plaintext. Maybe an attribute
similar to 'Algorithm' of the class CIM_SharedSecret may be useful to
protect the keys.
Maybe it can be interesting in a future draft. What do you think?

Regards,
Félix

Prev by Date: SSL VPN Conference
Next by Date: RE: IPSEC-PIB as mechanism for key distribution
Previous by thread: SSL VPN Conference
Next by thread: RE: IPSEC-PIB as mechanism for key distribution
Index(es):
- Date
- Thread