[openssl-users] RFC5077 KWK
Henderson, Karl
KHenderson at verisign.com
Thu Apr 5 18:02:17 UTC 2018
Is it possible to use 5077 with a key wrapping key in a Needham-Schroeder scenario:
* A is a Key Server
* C is say a web server
* A has a relationship with C and hence A has key KEYac
* B wants to talk to C but doesn’t have a relationship with C
* B has a relationship with A
* B asks A for a key it can use with C
* A generates a KEYbc and wraps it with KEYac giving us KEYbcac with key_name KEYac
Is it possible to construct a 5077 style ticket with KEYbcac that can be transparently unwrapped by C so that B can speak with C using KEYbc? By transparently, I mean without modification to the server C.
Thanks,
Karl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180405/539044c0/attachment-0001.html>
More information about the openssl-users
mailing list