1 / 12

Key Management Guidelines

Key Management Guidelines. Selected Infrastructures Tim Polk, NIST. Status. This section is currently empty. Classes of Infrastructures. Three identified so far Public Key Infrastructure Kerberos DNSSec Others?. Scope. Key management requirements for Infrastructure components

adonai
Download Presentation

Key Management Guidelines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Management Guidelines Selected Infrastructures Tim Polk, NIST

  2. Status • This section is currently empty

  3. Classes of Infrastructures • Three identified so far • Public Key Infrastructure • Kerberos • DNSSec • Others?

  4. Scope • Key management requirements for • Infrastructure components • Infrastructure “relying parties” • Should be an infrastructure-specific interpretation of the guidelines in section 5

  5. Example: PKI • Infrastructure components • CA • RA • Repository • Status Servers • Infrastructure users • Certificate subject • Relying Party

  6. Classes of keys Handled by RA/CA • 3 Classes by “owners” • CIMS personnel keys • Component keys • Certificate subject private keys

  7. Classes of keys Handled by RA/CA, Cont’d • 7 classes of keys by utility • Certificate and Status Signing Keys • Integrity or Approval Authentication Keys • General Authentication Keys • Long Term Private Key Protection Keys • Long Term Confidentiality Keys • Short Term Private Key Protection Keys • Short Term Confidentiality Keys

  8. Repositories • Trusted repositories? • Access Control?

  9. Certificate Subjects/Relying Parties • Their own public and private keys • Trusted public keys • Untrusted public keys for other certificate subjects • May handle authorization codes, other infrastructure-supplied key materials

  10. Goal • Establish key management requirements for all the different types of keys • Selecting algorithms and key lengths • Key protection requirements • Generation, storage, import/export (e.g., POP) • Cryptoperiods and CRLs

  11. Sources • Source for infrastructure: CIMC • Source for user components: ?

  12. Completion • Repeat this process for each infrastructure

More Related