Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use automated key rotation due to AES-CCM/BCP107 #8

Closed
mcr opened this issue Sep 29, 2020 · 5 comments
Closed

use automated key rotation due to AES-CCM/BCP107 #8

mcr opened this issue Sep 29, 2020 · 5 comments

Comments

@mcr
Copy link
Collaborator

mcr commented Sep 29, 2020

doc> provides the above uniqueness guarantee. Additionally, since it can
doc> be difficult to use AES-CCM securely when using statically configured
doc> keys, implementations should use automated key management [RFC4107].

This is BCP 107, so I think we could use stronger language than "should
use". Also we should cite it as the BCP.

[[TODO]]
@cabo
Copy link
Member

cabo commented Sep 29, 2020

I don't get it. This is about using AES-CCM between a client and itself?
There needs to be some key rollover (limits in the amount of encrypted bits per key), and some entropy in the keys, but no "key management". Where did the RFC 4107 reference come in?

@cabo
Copy link
Member

cabo commented Sep 29, 2020

The git history was nuked in March, but the I-D history shows it came in in -03.

@cabo
Copy link
Member

cabo commented Sep 29, 2020

@thomas-fossati -- do you remember what you had in mind here?

Archived-At: https://mailarchive.ietf.org/arch/msg/core/tVZJ7iCUTtn1sSLeFcicagCB4eg

@ektrah
Copy link
Contributor

ektrah commented Sep 29, 2020
edited

https://github.com/ektrah/I-D/commit/791b83807aeee2b5af8fb6de8b4f5f8da3ac6425

(The draft is older than the https://github.com/core-wg/stateless repository.)

@thomas-fossati
Copy link

@thomas-fossati -- do you remember what you had in mind here?

Archived-At: https://mailarchive.ietf.org/arch/msg/core/tVZJ7iCUTtn1sSLeFcicagCB4eg

This should say "automated key rotation" rather than "automated key management". Sorry for the confusion!

@mcr mcr changed the title use automated key management due to AES-CCM/BCP107 use automated key rotation due to AES-CCM/BCP107 Sep 30, 2020
mcr added a commit that referenced this issue Sep 30, 2020
@mcr
clarify why encryption key management is important, and that this is …
c66c0fd 
…entirely a local consideration, close #8
@mcr mcr closed this as completed in eca1020 Nov 2, 2020
mcr added a commit that referenced this issue Nov 2, 2020
@mcr
Merge pull request #11 from core-wg/fix-automated-key-management
531474e 
Fix automated key management (close #8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cabo @mcr @ektrah @thomas-fossati