Guidelines for Cryptographic Key Management
RFC 4107

 
Document Type RFC - Best Current Practice (June 2005; No errata)
Also known as BCP 107
Was draft-bellovin-mandate-keymgmt (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4107 (Best Current Practice)
Telechat date
Responsible AD Sam Hartman
Send notices to housley@vigilsec.com, smb@cs.columbia.edu
Network Working Group                                        S. Bellovin
Request for Comments: 4107                           Columbia University
BCP: 107                                                      R. Housley
Category: Best Current Practice                           Vigil Security
                                                               June 2005

              Guidelines for Cryptographic Key Management

Status of This Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   The question often arises of whether a given security system requires
   some form of automated key management, or whether manual keying is
   sufficient.  This memo provides guidelines for making such decisions.
   When symmetric cryptographic mechanisms are used in a protocol, the
   presumption is that automated key management is generally but not
   always needed.  If manual keying is proposed, the burden of proving
   that automated key management is not required falls to the proposer.

1.  Introduction

   The question often arises of whether or not a given security system
   requires some form of automated key management, or whether manual
   keying is sufficient.

   There is not one answer to that question; circumstances differ.  In
   general, automated key management SHOULD be used.  Occasionally,
   relying on manual key management is reasonable; we propose some
   guidelines for making that judgment.

   On the other hand, relying on manual key management has significant
   disadvantages, and we outline the security concerns that justify the
   preference for automated key management.  However, there are
   situations in which manual key management is acceptable.

Bellovin & Housley       Best Current Practice                  [Page 1]
RFC 4107      Guidelines for Cryptographic Key Management      June 2005

1.1.  Terminology

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in RFC 2119 [B].

2.  Guidelines

   These guidelines are for use by IETF working groups and protocol
   authors who are determining whether to mandate automated key
   management and whether manual key management is acceptable.  Informed
   judgment is needed.

   The term "key management" refers to the establishment of
   cryptographic keying material for use with a cryptographic algorithm
   to provide protocol security services, especially integrity,
   authentication, and confidentiality.  Automated key management
   derives one or more short-term session keys.  The key derivation
   function may make use of long-term keys to incorporate authentication
   into the process.  The manner in which this long-term key is
   distributed to the peers and the type of key used (pre-shared
   symmetric secret value, RSA public key, DSA public key, and others)
   is beyond the scope of this document.  However, it is part of the
   overall key management solution.  Manual key management is used to
   distribute such values.  Manual key management can also be used to
   distribute long-term session keys.

   Automated key management and manual key management provide very
   different features.  In particular, the protocol associated with an
   automated key management technique will confirm the liveness of the
   peer, protect against replay, authenticate the source of the short-
   term session key, associate protocol state information with the
   short-term session key, and ensure that a fresh short-term session
   key is generated.  Further, an automated key management protocol can
   improve interoperability by including negotiation mechanisms for
   cryptographic algorithms.  These valuable features are impossible or
   extremely cumbersome to accomplish with manual key management.

   For some symmetric cryptographic algorithms, implementations must
   prevent overuse of a given key.  An implementation of such algorithms
   can make use of automated key management when the usage limits are
   nearly exhausted, in order to establish replacement keys before the
   limits are reached, thereby maintaining secure communications.

   Examples of automated key management systems include IPsec IKE and
   Kerberos.  S/MIME and TLS also include automated key management
   functions.

Bellovin & Housley       Best Current Practice                  [Page 2]
RFC 4107      Guidelines for Cryptographic Key Management      June 2005
Show full document text