[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Reconciling link authentication and key rotation
On Sun, Mar 02, 2003 at 07:04:58AM -0500, George Danezis wrote:
> > So when two nodes create a forward secure link with each other, they
> > each provide a certificate, including the transport key, signed by their
> > signature key? Is there a standard procedure for providing a new transport
> > key that's just as authentic (signed) as the old one?
>
> This is how we have implemented it here in Cambridge. We should clarify in
> the spec that the signature is the one of the long term signature key.
Great.
...Is there a standard procedure for providing a new transport key that's
just as authentic (signed) as the old one? Can you just send the new
one inside the authenticated stream, and switch, and you're all set?
--Roger