[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: distributed keys



At  8:47 AM 5/15/96 -0600, Matt Smith wrote:
>Has anyone heard of an algorithm for managing keys automatically in a 
>distributed system?  
>
>For instance, if some low level security were to be implemented in a
>a networking stack where authentication was to be implemented, you would want
>to have each node have it's own signature so that signature checking can 
>take place when one node connects to another node.  The trick is then 
>getting every node's keys distributed to every other node.
>
>...
>
(4) Have a machine responsible for generating the public-private keys for
each node.  It has its own public-private key pair.  It uses it's private
key to sign each node's public key.  Every node gets three keys: it's
public and private keys, and the public key generating machine.

When nodes make contact they exchange signed public keys and verify the
signature of their partner's key with the public key of the generating
machine.

This is a simple certificate hierarchy scheme as seen in SET, the US Post
Office CA system, and VeriSign.  Note that the generating machine does not
need to be on any network.  In fact, it could spend most of its time locked
up in a safe since it is only needed when generating new keys.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
[email protected] | dead teenagers | Los Gatos, CA 95032, USA