Database of Long-Lived Symmetric Cryptographic Keys

The information below is for an old version of the document
Document Type Active Internet-Draft (karp WG)
Last updated 2013-10-21
Replaces draft-housley-saag-crypto-key-table
Stream IETF
Intended RFC status Proposed Standard
Formats pdf htmlized bibtex
Stream WG state Submitted to IESG for Publication
Doc Shepherd Follow-up Underway
Document shepherd Brian Weis
Shepherd write-up Show (last changed 2013-08-06)
IESG IESG state IESG Evaluation::AD Followup
Consensus Boilerplate Yes
Telechat date
Needs a YES. Needs 9 more YES or NO OBJECTION positions to pass.
Responsible AD Stewart Bryant
Send notices to,
IANA IANA review state Version Changed - Review Needed
INTERNET-DRAFT                                               R. Housley
Internet Engineering Task Force (IETF)                   Vigil Security
Intended Status: Standards Track                                T. Polk
                                                             S. Hartman
                                                      Painless Security
                                                               D. Zhang
Expires: 22 April 2014                                22 October 2013

          Database of Long-Lived Symmetric Cryptographic Keys

Status of this Memo

   This Internet-Draft is submitted to IETF in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups. Note that other
   groups may also distribute working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time. It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at

   The list of Internet-Draft Shadow Directories can be accessed at

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Housley, et al                                                  [Page 1]
INTERNET-DRAFT                                          October 21, 2013


   This document specifies the information contained in a conceptual
   database of long-lived cryptographic keys used by many different
   routing  protocols for message security.  The database is designed to
   support both manual and automated key management.  In addition to
   describing the schema for the database, this document describes the
   operations that can be performed on the database as well as the
   requirements for the routing protocols that wish to use the database.
   In many typical scenarios, the protocols do not directly use the
   long-lived key, but rather a key derivation function is used to
   derive a short-lived key from a long-lived key.

1. Introduction

   This document specifies the information that needs to be included in
   a database of long-lived cryptographic keys in order to key the
   authentication of cryptographic authentication for routing protocols.
   This conceptual database is designed to separate protocol-specific
   aspects from both manual and automated key management.  The intent is
   to allow many different implementation approaches to the specified
   cryptographic key database, while simplifying specification and
   heterogeneous deployments.  This conceptual database avoids the need
   to build knowledge of any security protocol into key management
   protocols. It minimizes protocol-specific knowledge in
   operational/management interfaces, but it constrains where that
   knowledge can appear. Textual conventions are provided for the
   representation of keys and other identifiers. These conventions
   should be used when presenting keys and identifiers to
   operational/management interfaces or reading keys/identifiers from
   these interfaces. It is an operational requirement that all
   implementations represent the keys and key identifiers in the same
   way so that cross-vendor configuration instructions can be provided.

   Routing protocols can employ the services of more generic security
   protocols such as TCP-AO [RFC5925].  Implementations of routing
   protocols may need to supply keys to databases specific to these
   security protocols as the associated entries in this document's
   conceptual database are manipulated.

   In many instances, the long-lived keys are not used directly in
   security protocols, but rather a key derivation function is used to
   derive short-lived key from the long-lived keys in the database.  In
   other instances, security protocols will directly use the long-lived
   key from the database.  The database design supports both use cases.
Show full document text