Re: [dnsext] Historical root keys: The Large Router Vendor Speaks

[Brian Dickson <brian.peter.dickson@gmail.com>]

Thanks for the update, John.

Clarification and open question follows:

On Thu, Jan 27, 2011 at 4:21 PM, John Bashinski <jbash@cisco.com> wrote:
>
> Approaches
> ==========
>
> At the moment, the following are under consideration:
>
>  I. Get IANA and the root zone to provide some kind of service for
>     getting up to date starting from old trust roots.

What if, rather than starting from "old trust roots", it was starting
from "privately-signed trust anchors"?

I.e. have IANA have private keys which are used ONLY for this service.
The vendors would include the public keys as trust anchors for
boot-strapping purposes. The key transfer might happen offline, or at
least out-of-band.

The same data could be signed with multiple such unpublished keys, as
needed (e.g. one per vendor, per year, use a new key every year, but
keep signing with all keys) and/or funded. Vendors might agree to pool
resources/keys, or not.

In the event of a key compromise of one of these keys, the presumed
impact would be finite, small, localized (to a vendor-pool + year
tuple), and decreasing over time (if a given public key is used only
for one-time bootstrap purposes).

And, most importantly, it would be off-axis from the root-key
chaining. The rolling of root keys (for whatever reason, especially
for compromise) would be orthogonal to this mechanism.


And now, consider the possibility when the public keys are never
actually published in this or any other zone....
The "public key" would be the trust anchor, used to validate the RRSIG directly.

Open question:
Does not publishing the key make it harder to compromise the key?

(Of course, the key needs to be distributed in the software and/or
configuration files, so it's just "less well known", I suppose...)

Brian