[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reminder: automated key management is often required for new protocols
- To: Alan DeKok <firstname.lastname@example.org>, "David B. Nelson" <email@example.com>
- Subject: Re: Reminder: automated key management is often required for new protocols
- From: Glen Zorn <firstname.lastname@example.org>
- Date: Wed, 22 Aug 2007 08:55:32 -0700 (PDT)
- Cc: email@example.com
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=wXw/mYQ8inIqw1xG7KPSDnx6g8AzMEnhsExZwO/DRCDklSANn1NCb8dxm9EuRCNdIuMa/4C8uKXSgcRNN0JMraSa9blsAWPbAq0hb8ijGd+9qxr3/52Bs2JNI9+cRmHltFVHN86MVPWjhWQ91YwWKFjRzyZfspwLgTl2Efy5mq4=;
- In-reply-to: <46CBC82B.firstname.lastname@example.org>
Alan DeKok <email@example.com> wrote:
Section 2.2: The manual key management for long-term session keys
meets the last criteria in this section:
The scale of each deployment is very limited.
Ideally, each long-term key in DTLS is shared only between one server
and one client. Each client-server pair shares a unique key, and those
keys are (ideally) not re-used across multiple client-server pairs.
There aren't many deployments that are smaller scale than two parties.
gwz> I don't think that by "deployment" they mean how many parties share a key
gwz> ;-); more like how many NASs to a server (which can be in the thousands).
Building a website is a piece of cake.
Yahoo! Small Business gives you all the tools to get online.