Since no one seemed to mention them, check out Photuris and SKIP. Both are key management proposals for IPsec. Adam Matt Smith wrote: | | | Has anyone heard of an algorithm for managing keys automatically in a | distributed system? | | For instance, if some low level security were to be implemented in a | a networking stack where authentication was to be implemented, you would want | to have each node have it's own signature so that signature checking can | take place when one node connects to another node. The trick is then | getting every node's keys distributed to every other node. | | Here are some ideas that I had, but neither is very desireable: | | - Manual distribution. User configures every node's key into every node. | Configuration becomes a major hassle and mistakes are a pain to debug. | An advantagous side effect is the user can configure which machines can | talk to which machines if they're feeling particularly facist. | | - At connection time, each node determines whether or not it has the other | node's key. If not, a symmetric key is generated via DH and public keys | are exchanged. The problem comes in if someone is spoofing the machine | to begin with. Then you'll have the wrong public key. Chicken, egg. | Egg, chicken. | | - Having a certifying node which every other node has the public key to and | who has everyone else's public key. Requests are made of this server. | The trick is making this server secure and forcing the user to devote | resources to this endeavour. | | Thoughts? | | -- | Matt Smith - msmith@unislc.slc.unisys.com | "Nothing travels faster than light, with the possible exception of bad news, | which follows its own rules." - Douglas Adams, "Mostly Harmless" | Disclaimer: I came up with these ideas, so they're MINE! | -- "It is seldom that liberty of any kind is lost all at once." -Hume