Key Management in a Non-trusted Distributed Environment

Despite the fact that the World Wide Web is an untrusted environment, increasing use is being made of this network (the Internet) in electronic commerce applications. To prevent attacks a strong security architecture is required. A fundamental part of such an architecture is a method for key management. This paper discusses the various components of cryptographic key management especially in relation to the World Wide Web environment. Issues and problems with key generation, key distribution and key storage are raised. An overview is presented of key management systems in several security architectures including SSL, Kerberos and Sesame