��Fftp://ftp.rfc-editor.org/in-notes/rfc4107.txt

2006/01/09 0.1.0 ��

Network Working Group
Request for Comments: 4107
BCP: 107
Category: Best Current Practice

S. Bellovin
Columbia University
R. Housley
Vigil Security
June 2005

Guidelines for Cryptographic Key Management
�Í��Ǘ��̃K�C�h��C��

��̕��̈ʒu�t��

��̕��̓C��^�[�l�b�g�R�~��j�e�B�ɂƂ��Č��_�ōœK�ƍl��銵��ɂ��ċL�q��Ă��A��ǂɌ��Ă̋c�_�ƒ�Ă��߂Ă��B��̕��̔z�z�͖��ł��B

��쌠�ʒm

�T�v

��̃Z�L��e�B�V�X�e��炩�̌`�̎��Ǘ��K�v�Ƃ��邩�ǂ��A��邢�͎蓮�Ǘ��ŏ\��ǂ��A��̋^��͂��΂��Δ��B��̕��͂��̔��f�̂��߂̃K�C�h��C��񋟂��B��v��g�R��ɂ��đΏ̈Í��J�j�Y��g�p��ꍇ�A��ʓI�ɂ͎��Ǘ��K�v�Ƃ��邪�A��ɕK�v�Ƃ��킯�ł͂Ȃ��ƍl��B�蓮�Ǘ��Ă��ꍇ�A��̒�Ď҂͎��Ǘ��K�{�ł͂Ȃ��Ƃ𗧏؂��ӔC�𕉂��B

1. ��

��̃Z�L��e�B�V�X�e��炩�̌`�̎��Ǘ��K�v�Ƃ��邩�ǂ��A��邢�͎蓮�Ǘ��ŏ\��ǂ��A��̋^��͂��΂��Δ��B

��̋^��ւ̓��͏󋵂ɂ��ĈقȂ�A�P�ł͂Ȃ��B��ʓI�ɂ͎��Ǘ��𗘗p��ׂ�(SHOULD)��A��ɂ͎蓮��Ǘ��Ó��ȏꍇ��B��͂��̔��f��s��߂̃K�C�h��C��񋟂��B

�Ƃ͌��蓮��Ǘ��Ɉˑ��邱�Ƃ͑傫�ȕs��v��炷��߁A��͎��Ǘ��D�悷�邱�Ƃ𐳓��Z�L��e�B��O��ɂ��Ă��B��Ȃ��蓮��Ǘ��󂯓��󋵂��肤��B

1.1. �p��

��̃L�[��[�h MUST�AMUST NOT�AREQUIRED�ASHALL�ASHALL NOT�ASHOULD�ASHOUL NOT�ARECOMMENDED�AMAY�AOPTIONAL �͂��ꂼ��ARFC 2119 [B] �Ő��Ă��ʂ�ɉ��߂��B

2. �K�C�h��C��

��Ǘ��ׂ��ǂ��A��Ď蓮��Ǘ��󂯓��\��ǂ��A��̂悤�Ȕ��f��s�� IETF ��[�L��O�O��[�v�ƃv��g�R��̍�҂Ƃɂ��Ďg�p��邽�߂ɂ��̃K�C�h��C��͍쐬��ꂽ�B��Ɋ�Â��f��K�v�Ƃ��B

�p�� "��Ǘ�(key management)" �Ƃ́A�v��g�R��Z�L��e�B�T�[�r�X(��Ɋ��S��E�F�؁E�M��)��񋟂��邽�߂ɈÍ��A��S��Y��ƂƂ��Ɏg�p��Í��@�\�̍\�z�̂��Ƃ��w��B��Ǘ��͂P�ȏ�̒Z��ԃZ�b�V��𐶐��B��̎菇�ɔF�؋@�\��g�ݓ��ړI�ŁA��̌��o�̋@�\�ɒ��ԃZ�b�V��g�p��Ă��悢�B��̒��ԗp�̌��𑊎葤�s�A�ɔz�z��@�ƁA�g�p��錮�̎��(��O��L��ERSA ��J��EDSA ��J��Ȃ�)�Ƃɂ��ẮA��̕��͈̔͊O�ł��B��Ȃ��炻��Ǘ��\��[�V��̈ꕔ�ł��B��̂悤�Ȓl�̔z�z�ɂ͎蓮��Ǘ��g�p��B�܂��ԃZ�b�V��z�z��ꍇ�ɂ��蓮��Ǘ��𗘗p��邱�Ƃ��o��B

��Ǘ��Ǝ蓮��Ǘ��Ƃ͔��ɈقȂ��B��̓I�ɂ́A��Ǘ��Z�p�Ɋ֘A��v��g�R��͑��葤�s�A�̐��m�F��A��v��C�U��h��A�Z��ԃZ�b�V��̑��M��F�؂��A�Z��ԃZ�b�V��ƃv��g�R��ԏ��Ƃ��֘A�t��A�N�x�̍��Z��ԃZ�b�V��邱�Ƃ��m��ɂ��肷�邾�낤�B��Ɏ��Ǘ��v��g�R��́A�Í��A��S��Y��郁�J�j�Y��܂ނ��Ƃő��݉^�p��コ��邱�Ƃ��ł��B��̗L�p�ȋ@�\�̎��͎蓮��Ǘ��ł͕s�\�A�܂��͋ɂ߂ĔώG�Ȃ��̂ƂȂ�B

�ꕔ�̑Ώ̈Í��A��S��Y��ł́A��͓��̌��̎g�p�ߑ��Ȃ��΂Ȃ�Ȃ��B��E�܂Ŏg��؂肵��ɂȂ��Ƃ��̎�̃A��S��Y��̎��́A��̌��E�ɒB��O�Ɍ��u��Ĉ��S�ȒʐM��ێ��邽�߂Ɏ��Ǘ��g�p��邱�Ƃ��ł��B

��Ǘ��̗�ɂ� IPsec IKE �� Kerberos ��܂܂��BS/MIME �� TLS ��Ǘ��܂�ł��B

��Ǘ��̎d�g�݂͑f�l��݌v��ׂ��̂ł͂Ȃ��B��[�L��O�O��[�v��ł��݌v��邱�Ƃ́A�قڊԈႢ�Ȃ��s�K�؂ł��B��̓I�Ɏ��߂ɁA�ŏ��̃I�[�v��Ȍ��Ǘ��v��g�R��[NS]�� 1978 �N�Ɍ��J��ꂽ�B1981�N�Ɍ��ׂƏC��łƂ��J��[DS]�A��̏C��ł� 1994 �N�ɔj��ꂽ[AN]�B1995�N�A1981/1994 �̖��ł͉e��̂Ȃ��ŃI��W�i�� 1978 �N�łɐV��ׂ��B��Ă݂�΂��̌��ׂ͑S�Ď��Ȃ��̂��A��ȑO�ɂ͒N��Ȃ��B�I��W�i��̃v��g�R��(�ؖ��̗p��邽�߂Ɍ�ɕύX��ꂽ��A�ؖ��͂��̓��܂��Ă��Ă��Ȃ��)�ɂ͂R�̎w�E��Ȃ��Ƃɒ��ڂ��Ăق��B

��Ǘ��\�t�g�E�F�A�͏�ɑ�K�͂Ȃ��̂Ƃ��킯�ł͂Ȃ��BIKEv1 [HC] �ł��̃I�u�W�F�N�g�R�[�h�� 200 �L��o�C�g��Ŏ��\��ATLS [DA] �ł͂��̔��ł��ށB�� TLS �̌��ς��ɂ͂��̑��̋@�\��܂܂�Ă��邱�Ƃɒ��ӂ��Ăق��B

�Z�b�V��̓y�C��[�h��ی삷�邽�߂Ɏg�p��B��Ō��y�C��[�h�̓��e�́A�Ώ̈Í��K�p��郌�C��ɂ��ĈقȂ�B

��ʓI�ɁA�Z�b�V��̍쐬�ɂ͎��Ǘ��g�p��ׂ��ł��(SHOULD)�B�蓮��Ǘ��𗘗p��ẴZ�L��e�B�l�@�Z�N�V��ɂ́A�\��Ȑ��R��K�v�Ƃ��B

2.1. ��Ǘ�

�ȉ��̏��̉��ꂩ�ɓ��Ă͂܂�ꍇ�A��Ǘ��g�p��Ȃ��΂Ȃ�Ȃ�(MUST)�F

�Q��҂� n^2 �̐ÓI��Ǘ��Ȃ��΂Ȃ炸�An ��傫��Ȃ�\��ꍇ�B
��炩�̃X�g��[��Í�(�Ⴆ�� RC4 [TK]�EAES-CTR [NIST]�EAES-CCM [WHF]�Ȃ�)��g�p��ꍇ�B
��x�N�^�[(IV:initialization vector)��ė��p��\��ꍇ�A��ɈÖٓI IV �̏ꍇ�B��܂��͋[��ɂ�閾��I�� IV �́A��̗��̍Č��\��Ȃ��ɂ͂Ȃ�Ȃ��Ƃɒ��ӂ��Ăق��B
�Z��Ԃɑ�ʂ̃f�[�^��Í��Ȃ��΂Ȃ�Ȃ��\��ꍇ�B��͒Z��ԃZ�b�V��̕p�ɂȍX�V�𔭐��B
�R�҈ȏ�̎Q��҂ɂ��Ē��ԃZ�b�V��g�p��ꍇ�B�K�R�I�Ƀ}��`�L��X�g�͗�O�ƂȂ邪�A��łȂ��Ȃ��ꍇ�̂��߂Ƀ}��`�L��X�g�̌��Ǘ��W��쐬��悤�Ƃ��Ă��B��ԃZ�b�V��L��邱�Ƃ͈�ʓI�ɐ��Ȃ��ׂ��ł��B
�^�p��ɂ��l��(�܂��͑��u)�̉�]��ꍇ�B��͒Z��ԃZ�b�V��̕p�ɂȍX�V�𔭐��B

2.2. �蓮��Ǘ�

�ȉ��̉��ꂩ�̂悤�ȏ󋵂ł͎蓮��Ǘ��Ó��ł��F

��Ɍ��ꂽ�ʐM�ш悵��Ȃ��A�܂��͉��ʐM��(round-trip times)��ɑ��̏ꍇ�B��J��V�X�e��͒��b�Z�[�W�Ƒ��̌v�Z�Ƃ�K�v�Ƃ��X��B�Ⴆ�� Kerberos �̂悤�ȑΏ̌��̑I��́A��΂��ΐ��̉��ʐM�ƁA��O�҂Ƃ̉�b�Ƃ�K�v�Ƃ��B
�ی삳��Ă��̉��l��Ⴂ�ꍇ�B
��ԃZ�b�V��̐��ԑS�̂ɂ킽��g��t�B�b�N�̑��ʂ��ɏ��Ȃ��ꍇ�B
�W�J�̋K�͂��Ɍ��Ă��ꍇ�B

��̏ꍇ�A��̍��ڂ̔��f�͉��^�I�ȖڂŌ��ׂ��ł��邱�Ƃɒ��ӂ��Ăق��B�蓮��Ǘ��K�؂ł��邱�Ƃ𗧏؂��̂͒�Ď҂̐ӔC��A��͋ɂ߂ăn�[�h��B

�蓮��Ǘ��̗p��V�X�e��́A��ύX��i��K�v�Ƃ��B�ʐM��̖��邽�߂ɁA�ǂ̌��g�p��Ȃ̂��炩�̎�i��Ȃ��΂Ȃ�Ȃ�(MUST)�B�݌v�́A�M�p�ł��Ȃ��Ȃ��Â��V��ɒu��邽�߂̑Ó��ȃ��J�j�Y��񎦂��ׂ��ł��(SHOULD)�B��炪��悭�B��΁A�ǉ�(add-on)�̌��Ǘ��@�Ƃ��Ă��̃��J�j�Y��g�p��邱�Ƃ��ł��B

�F�؂Ɋ֗^��Q��҂̖��m��@��Ă��邱�Ƃ́A��Ǘ��鐳��ȗ��R�ɂ͂Ȃ�Ȃ��B�ނ��낻�̖��m��̌��@�́A��̊�b��Ȃ��Ă��Z�L��e�B��f��Ɋ֘A��Əd��Ȗ��Î��Ă��\��B

2.3 ��T�C�Y�Ɨ��l

�Ώ̌��̌��Ɏg�p��J��̂��߂̈Í��T�C�Y�Ɋւ��w�j�� BCP 86 [OH] �Ɏ��Ă��B

�蓮��Ǘ��g�p��ꍇ�A��ԋ��L��閧�̒l�͏��Ȃ��Ƃ� 128 �r�b�g�ł��ׂ��ł��(SHOULD)�B

��l�̐��Ɋւ��w�j�� BCP 106 [ESC] �Ɏ��Ă��B

�蓮��Ǘ��g�p��ꍇ�A��ԋ��L��閧�͗\��s�\�� "��ׂ�(random)" �l�łȂ��΂Ȃ炸(MUST)�A�U��҂��T��Ԃ̔��𒲂ׂ��ƂŒl��m��̊��Ғl�� 50% �ȏ�ɂȂ�Ȃ��Ƃ��m��ɂ��Ȃ��΂Ȃ�Ȃ��B

3. �Z�L��e�B�l�@

��̕��̓��[�L��O�O��[�v�ƃv��g�R��݌v�҂ƌ��̎w�j��񋟂��Ă��B��Ǘ��̗p��ƃC��^�[�l�b�g�̃Z�L��e�B�͌��シ��B

��Ǘ��܂܂��Ƃ��Ƃ́A�蓮��Ǘ��p�̃C��^�[�t�F�C�X��֎~��Ƃ��Ƃ��Ӗ��킯�ł͂Ȃ��B��ۂ̂Ƃ��蓮��Ǘ��̓f�o�b�O�̎菕��Ƃ��Ĕ��ɖ��ɗ��B��̂��ߎ��́A��Ƃ��v��g�R��ŋK�肳��Ă��Ȃ��Ă��A�f�o�b�O�̂��߂Ɏ蓮��Ǘ��̃C��^�[�t�F�C�X��񋟂��ׂ��ł��B

4. �Q�l��

��̃Z�N�V��͈��p��ƎQ�l��Ƃ��܂�ł��B

4.1. ��p��

[B] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[ESC] Eastlake, D., 3rd, Schiller, J., and S. Crocker, "Randomness Requirements for Security", BCP 106, RFC 4086, June 2005.

[OH] Orman, H. and P. Hoffman, "Determining Strengths For Public Keys Used For Exchanging Symmetric Keys", BCP 86, RFC 3766, April 2004

4.2. �Q�l��

[AN] M. Abadi and R. Needham, "Prudent Engineering Practice for Cryptographic Protocols", Proc. IEEE Computer Society Symposium on Research in Security and Privacy, May 1994.

[DA] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999.

[DS] D. Denning and G. Sacco. "Timestamps in key distributed protocols", Communication of the ACM, 24(8):533--535, 1981.

[HC] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.

[L] G. Lowe. "An attack on the Needham-Schroeder public key authentication protocol", Information Processing Letters, 56(3):131--136, November 1995.

[NIST] National Institute of Standards and Technology. "Recommendation for Block Cipher Modes of Operation -- Methods and Techniques," NIST Special Publication SP 800-38A, December 2001.

[NS] R. Needham and M. Schroeder. "Using encryption for authentication in large networks of computers", Communications of the ACM, 21(12), December 1978.

[TK] Thayer, R. and K. Kaukonen. "A Stream Cipher Encryption Algorithm", Work in Progress.

[WHF] Whiting, D., Housley, R., and N. Ferguson , "Counter with CBC-MAC (CCM)", RFC 3610, September 2003.

��҂̃A�h��X

Steven M. Bellovin
Department of Computer Science
Columbia University
1214 Amsterdam Avenue, M.C. 0401
New York, NY 10027-7003

Phone: +1 212-939-7149
EMail: [email protected]

Russell Housley
Vigil Security, LLC
918 Spring Knoll Drive
Herndon, VA 20170

Phone: +1 703-435-1775
EMail: [email protected]

Full Copyright Statement(��S�Ȓ��쌠��)

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property(�m�I��L��)

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- [email protected].

�ӎ�

RFC �ҏW�҂̓��ւ̎��o�́A�� Internet Society �ɂ��Ē񋟂��Ă��B

�g�b�v�y�[�W - �|��h�L��g - RFC 4107

Guidelines for Cryptographic Key Management �Í����Ǘ��̃K�C�h���C��

���̕����̈ʒu�t��

���쌠�ʒm

�T�v

1. ����

1.1. �p��

2. �K�C�h���C��

2.1. �������Ǘ�

2.2. �蓮���Ǘ�

2.3 ���T�C�Y�Ɨ����l

3. �Z�L�����e�B�l�@

4. �Q�l����

4.1. ���p����

4.2. �Q�l����

���҂̃A�h���X

Full Copyright Statement(���S�Ȓ��쌠����)

Intellectual Property(�m�I���L��)

�ӎ�