Re: Standardization and renewability
Hagai Bar-El wrote: [...] Up till now I could come up with three approaches to solve this problem: 1. Limit renewability to keying. Then you should study "A Note About Trust Anchor Key Distribution", see http://www.connotech.com/takrem.pdf. It allows to distribute public keys to be used, if need be, at a later time in a different context. 2. Generalize the scheme (like the SPDC concept, or MPEG IPMP), more or less by making the standard part general, with non-standard "profiles". 3. Standardize sets of key management methods at once, so to have spares for immediate switching. [...] -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Standardization and renewability
> 2. Generalize the scheme (like the SPDC concept, or MPEG IPMP), more > or less by making the standard part general, with non-standard "profiles". This is kind of the ISO approach. For example, you standardize some cryptographic protocol but give several choices of the protocol that acheive the same goal. If you make use of a cryptographic primitive in the protocol (such as hash function, or symmetric algorithm, or public key algorithm, etc.) you simply refer to another standard that defines several choices. So, for example, if MD5 breaks, you only need to modify the hash algorithm standard to take it out, and in the mean time everybody can swith to another hash algorithm already defined in the hash standard. Suggesting key rotation is also useful, but often hard to implement in practice. You also want to allow for various key sizes, and various security parameter size in general (nonce, IV, MAC size, etc.). Suggesting a minimum that is considered secure today. Ex. use of 1024 bit RSA keys, up to 4096 bits, something like that. --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Standardization and renewability
Dear Colleagues, I am currently in the process of writing a short position paper about standardization of broadcast renewability schemes. Along with the usual challenges that need to be addressed when defining renewability methods (methods that allow a system to survive successful attacks, basically by changing itself throughout its lifecycle), I am trying to tackle what I consider to be the biggest problem of standardizing a renewability scheme, which is that evolving a standard is too slow and cumbersome of a process to be incorporated into another process that is all about prompt response. Simply put, if a broadcast mechanism is broken there is no time for the standardization committee to re-define it - too much content will be lost by the time the job is done. Up till now I could come up with three approaches to solve this problem: 1. Limit renewability to keying. 2. Generalize the scheme (like the SPDC concept, or MPEG IPMP), more or less by making the standard part general, with non-standard "profiles". 3. Standardize sets of key management methods at once, so to have spares for immediate switching. If any one of you has any other approach towards solving this issue I will be glad if he posts it on the list. Also, if any one of you would like to get a copy of this paper when it's done, please let me know by e-mailing me directly. Regards, Hagai. --- Hagai Bar-El - Information Security Analyst T/F: 972-8-9354152 Web: www.hbarel.com - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
