Guidelines for Cryptographic Key Management

Bellovin, Steven Michael; Housley, Russell

The question often arises of whether a given security system requires some form of automated key management, or whether manual keying is sufficient. This memo provides guidelines for making such decisions. When symmetric cryptographic mechanisms are used in a protocol, the presumption is that automated key management is generally but not always needed. If manual keying is proposed, the burden of proving that automated key management is not required falls to the proposer.



More About This Work

Academic Units
Computer Science
IETF Trust
RFC, 4107
Published Here
June 30, 2010