Key Management System
Overview
Overview
The switches covered in this guide provide support for advanced routing
capabilities. Security turns out to be extremely important as complex net-
works and the internet grow and become a part of our daily life and business.
This fact forces protocol developers to improve security mechanisms
employed by their protocols, which in turn becomes an extra burden for
system administrators who have to set up and maintain them. One possible
solution to the problem is to centralize the mechanisms used to configure and
maintain security information for all routing protocols. The Key Management
System (KMS) can carry this burden.
KMS is designed to configure and maintain key chains. A key chain is a set of
keys with a timing mechanism for activating and deactivating individual keys.
KMS provides specific instances of routing protocols with one or more Send
or Accept keys that must be active at the time of a request. A protocol instance
is usually an interface on which the protocol is running.
Feature Default Menu CLI Web
Generating a Key Chain n/a n/a page 13-3 n/a
Generating a Time-Independent key n/a n/a page 13-4 n/a
Generating a Time-Dependent key n/a n/a
page 13-5 n/a
Terminology
■ Key Chain: A key or set of keys assigned for use by KMS-enabled
protocols. A key chain may optionally contain the time to activate and
deactivate a particular key.
■ Time-Independent Key: A key that has no activate or deactivate
time associated with it. This type of key does not expire, which
eliminates the need for a key chain.
■ Time-Dependent key: a key that has an activate and deactivate time
associated with the Accept and Send processes. Time-Dependent
keys expire, which means a key chain is needed to keep the assigned
protocols supplied with keys.
■ Key Management System (KMS) Enabled Protocol: A protocol
that uses KMS to store authentication key information.
13-2
To Next Page
Loading...
Need help?
General
