plutoplus policy pki 2000

Download
Share  Add to  Flag Embed
Uploaded from authorPOINT
Views:
 
Category: Education
     
 
License:   All Rights Reserved

Presentation Description

No description available.

Comments

Presentation Transcript

PlutoPlus:Policy and PKI Plans for FY00: 

PlutoPlus: Policy and PKI Plans for FY00 Sheila Frankel Systems and Network Security Group Computer Security Division NIST sheila.frankel@nist.gov

PlutoPlus ‘99: 

PlutoPlus ‘99 Peer authentication : pre-shared secret keys Policy: Same policy for all peers Initiator proposes single policy Responder must accept proposed policy

Y2K PlutoPlus: 

Y2K PlutoPlus Peer authentication : choice of pre-shared secret keys, digital signature, or public key encryption Policy: Flexible policy database Different policies for different peers Initiator proposes multiple policies Responder selects most preferable policy

What Constitutes Policy? : 

What Constitutes Policy? Encryption algorithm: DES, 3DES, Blowfish, IDEA, RC5 Encryption Key Length Authentication algorithm: HMAC-MD5, HMAC-SHA1 Diffie-Hellman group: prime with 96, 128, or 192 bytes Encapsulation mode: tunnel or transport

Policy Database Elements (cont’d) : 

Policy Database Elements (cont’d) Peer authentication: pre-shared secret key, digital signature, public key encryption Negotiated Security Association’s Lifetime: seconds and/or kilobytes protected Perfect Forward Secrecy for negotiated keys

Why PKI Interaction?: 

Why PKI Interaction? Peer authentication with pre-shared keys: pre-shared secret key used to prove identity limited scalability opportunistic encryption impossible Peer authentication with PKI digital signature or public key used to prove identity scalable opportunistic encryption possible