Guidelines for Cryptographic Key Management
RFC 4107
| Document | Type |
RFC - Best Current Practice
(June 2005; No errata)
Also known as BCP 107
Was draft-bellovin-mandate-keymgmt (individual in sec area)
|
|
|---|---|---|---|
| Authors | Steven Bellovin , Russ Housley | ||
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4107 (Best Current Practice) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Sam Hartman | ||
| Send notices to | smb@cs.columbia.edu | ||
Network Working Group S. Bellovin
Request for Comments: 4107 Columbia University
BCP: 107 R. Housley
Category: Best Current Practice Vigil Security
June 2005
Guidelines for Cryptographic Key Management
Status of This Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
The question often arises of whether a given security system requires
some form of automated key management, or whether manual keying is
sufficient. This memo provides guidelines for making such decisions.
When symmetric cryptographic mechanisms are used in a protocol, the
presumption is that automated key management is generally but not
always needed. If manual keying is proposed, the burden of proving
that automated key management is not required falls to the proposer.
1. Introduction
The question often arises of whether or not a given security system
requires some form of automated key management, or whether manual
keying is sufficient.
There is not one answer to that question; circumstances differ. In
general, automated key management SHOULD be used. Occasionally,
relying on manual key management is reasonable; we propose some
guidelines for making that judgment.
On the other hand, relying on manual key management has significant
disadvantages, and we outline the security concerns that justify the
preference for automated key management. However, there are
situations in which manual key management is acceptable.
Bellovin & Housley Best Current Practice [Page 1]
RFC 4107 Guidelines for Cryptographic Key Management June 2005
1.1. Terminology
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in RFC 2119 [B].
2. Guidelines
These guidelines are for use by IETF working groups and protocol
authors who are determining whether to mandate automated key
management and whether manual key management is acceptable. Informed
judgment is needed.
The term "key management" refers to the establishment of
cryptographic keying material for use with a cryptographic algorithm
to provide protocol security services, especially integrity,
authentication, and confidentiality. Automated key management
derives one or more short-term session keys. The key derivation
function may make use of long-term keys to incorporate authentication
into the process. The manner in which this long-term key is
distributed to the peers and the type of key used (pre-shared
symmetric secret value, RSA public key, DSA public key, and others)
is beyond the scope of this document. However, it is part of the
overall key management solution. Manual key management is used to
distribute such values. Manual key management can also be used to
distribute long-term session keys.
Automated key management and manual key management provide very
different features. In particular, the protocol associated with an
automated key management technique will confirm the liveness of the
peer, protect against replay, authenticate the source of the short-
term session key, associate protocol state information with the
short-term session key, and ensure that a fresh short-term session
key is generated. Further, an automated key management protocol can
improve interoperability by including negotiation mechanisms for
cryptographic algorithms. These valuable features are impossible or
extremely cumbersome to accomplish with manual key management.
For some symmetric cryptographic algorithms, implementations must
prevent overuse of a given key. An implementation of such algorithms
can make use of automated key management when the usage limits are
nearly exhausted, in order to establish replacement keys before the
limits are reached, thereby maintaining secure communications.
Examples of automated key management systems include IPsec IKE and
Kerberos. S/MIME and TLS also include automated key management
functions.
Bellovin & Housley Best Current Practice [Page 2]
RFC 4107 Guidelines for Cryptographic Key Management June 2005
Key management schemes should not be designed by amateurs; it is
almost certainly inappropriate for working groups to design their
own. To put it in concrete terms, the very first key management
protocol in the open literature was published in 1978 [NS]. A flaw
Show full document text