Skip to Content.
Sympa Menu

shibboleth-dev - Re: Encryption key strategies

Subject: Shibboleth Developers

List archive

Re: Encryption key strategies


Chronological Thread 
  • From: Keith Hazelton <>
  • To:
  • Subject: Re: Encryption key strategies
  • Date: Wed, 21 Jun 2006 23:58:35 -0500

"We can't solve the problems of PKI in this project." Absolutely. So for encryption keys, let's adopt Scott's proposed KeyResolver API using metadata. It makes sense for this community and this problem. Let's cross the "why not do this for signing keys, too?" bridge when we come to it. That topic, when and if it comes up, may energize the proponents of classic PKI to make their case. In the meantime, there's no reason to shy away from this useful and sound solution for encryption keys.

--Keith
____________________

Scott Cantor wrote:

Another topic that's going to need some discussion at some point (I've
brought it up with Chad) is encryption keys. The problem with encryption is
that you need the peer's key.

With signing, you can do fancy things like use metadata to authorize keys by
name and then use path validation, but encryption isn't like that. If we
don't store an actual key or certificate inside the metadata, we have no
mechanism today to obtain the peer's public key to do the encryption with.

If we start storing keys for encryption in the metadata, you quickly have to
ask why anybody would bother not doing that with the signing keys and the
path validation option becomes rather pointless. You lose the benefits of
key roll-over.

If we don't store the keys there, that means building something else. But we
can't solve the problems of PKI in this project, so is it really in scope to
build a key indirection solution for our use of encryption?

I guess I would advocate we build an API for this, presumably just a
KeyResolver API which I already have, but implement it with metadata for the
time being. The problem with that is simply the point I raised above...once
we do that, the path validation stuff quickly becomes stupid to use.

This would be mostly unimportant if encryption wasn't useful, but I think
it's very useful and quite simple to implement in and of itself as it turns
out.

-- Scott



--
________________________________________________________
Keith Hazelton Senior IT Architect, UW-Madison
(608) 262-0771 Division of Info. Technology
(608) 205-2022 (home) 1210 W. Dayton St., rm. 2118A
http://arch.doit.wisc.edu/keith Madison, WI 53706





Archive powered by MHonArc 2.6.16.

Top of Page