|
Carl, One of the questions I would like to see asked
is whether there is a requirement for symmetric key trust anchors. Although
the draft problem statement says “A trust anchor represents an
authoritative entity via a public key and associated data”, there is no
reason that an authoritative entity could not be represented by a symmetric key
and associated data. The purpose of the public key TA is to authenticate
messages from the authoritative entity, and a symmetric TA with MAC could be
used for the same purpose. Many devices today are provisioned with symmetric authority
keys (admin passwords, community strings, smart card manufacturer keys, etc),
and it may (or may not – that’s the purpose of discussion)
facilitate transition to standardize a mechanism to permit devices provisioned
with only a symmetric key to authenticate TAM message content. Even if there is consensus not to consider
symmetric TAs, it would be more accurate to say “A trust anchor
represents an authoritative entity via a cryptographic key and associated data.
This document discusses only public keys as trust anchors; symmetric key trust
anchors are not considered.” Dave From:
owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx] On Behalf Of Carl Wallace This
draft is mostly the same as the -02 draft that had been submitted for the TAM
BOF. A revised draft will be submitted next month to address comments
collected from the various TAM straw poll threads over the past few weeks or
any comments relative to this draft between now and then. Carl
>
-----Original Message----- |