Application-Specific Key Management Guidance, Part 3 of the Recommendation for Key Management is intended primarily to help system administrators and system installers adequately secure applications based on product availability and organizational needs and to support organizational decisions about future procurements. This document also provides information for end users regarding application options left under their control in normal use of the application. Recommendations are given for a select set of applications, namely:
Section 2 – Public Key Infrastructures (PKI)
Section 3 – Internet Protocol Security (IPsec)
Section 4 – Transport Layer Security (TLS)
Section 5 – Secure/Multipurpose Internet Mail Extensions (S/MIME)
Section 6 – Kerberos
Section 7 – Over-the-Air Rekeying of Digital Radios (OTAR)
Section 8 – Domain Name System Security Extensions (DNSSEC)
Section 9 – Encrypted File Systems (EFS)
Section 10 – Secure Shell (SSH)
The following is provided for each topic:
• A brief description of the system under discussion that is intended to provide context for the security guidance,
• Recommended algorithm suites and key sizes and associated security and compliance issues,
• Recommendations concerning the use of the mechanism in its current form for the protection of Federal Government information,
• Security considerations that may affect the security effectiveness of key management processes,
• General recommendations for purchase decision makers, system installers, system administrators and end users.
Following Section 10 are five appendices with a glossary, an explanation of acronyms, basic information for novice and end users on obtaining and using keys, references for documents cited herein, and changes incorporated into this revision.
This document does not reflect a comprehensive view of current products and technical specifications. Future versions of this document will include updates to the topics covered, and may include additional subjects as new techniques are widely implemented.
