expiration, generation, management of pre-shared keys

[Eric Vyncke]

James,

Most of your questions relate to your security policy, so, I'm not the best
person to answer.

Generating the new keys based on the old ones does not provide you with
perfect forward secrecy: if someone cracked or get a copy of the old key,
it can easily derive the new ones.

The last point about when to use certificates instead of pre-shared keys is
more generic and here is my point of view. It is not based on the number of
sites but rather whether you have a star topology or a fully meshed
topology. With the later topology adding or replacing a pre-shared key will
quickly be a real burden (as you need to update all other devices). It is
thus not really related to the number of nodes but rather on the rate of
changes (add, delete or modify) and on the topology.

Regards

-eric

At 16:02 29/04/2001 -0400, Slaby, James wrote:
>I'm considering using pre-shared keys (instead of digital certificates) to
>authenticate remote site gateways in my site-to-site Internet VPN. Is there
>a best practice for how often such pre-shared keys should be expired?
>
>Assuming I have distributed my original pre-shared keys securely (e.g., on
>CD-ROM via bonded courier), can I generate new keys from expired ones? What
>methods are commonly used to do so?
>
>At what number of remote sites does the management of pre-shared keys become
>such a burden that digital certificates become preferable?
>
>Thanks,
>Jim Slaby
>Senior Industry Analyst
>Giga Information Group
>+1 617 577 4767
>jslaby at gigaweb.com
>
>VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM