next up previous
Next: Mechanized Belief Logics Up: Background Previous: Basic IP Security Headers

Managing Security Associations and Secret Keys

No one method of managing security associations and secret keys has been universally accepted but several ideas are important. A detailed discussion of Internet Security Association and Key Management Protocols, ISAKMP, can be found in [8]. In the simplest case, security association information and secret keys can be transfered in a secure manner to all parties statically. The harder case is the dynamic exchange of this information. ISAKMP assumes that entities that are negotiating a security association exchange digitally signed messages. Ideally, ISAKMP exists in an environment where there is an infrastructure available, such as one with certificates, that supports dynamically verifiable digital signatures. Digital signatures are sufficient to allow an authenticated exchange of messages for setting up an initial security association and the dynamic establishment of secret keys. The negotiated algorithms and keys are then used to encrypt/decrypt and authenticate a series of messages that set up a second security association that will be used for the subsequent set of datagrams. For example, algorithms and keys for use with the AH and ESP headers can be negotiated.