Re: [dnsext] historal root keys for upgrade path?
Brian Dickson <brian.peter.dickson@gmail.com> Mon, 31 January 2011 19:29 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE7D23A6C68 for <dnsext@core3.amsl.com>; Mon, 31 Jan 2011 11:29:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.236
X-Spam-Level:
X-Spam-Status: No, score=-3.236 tagged_above=-999 required=5 tests=[AWL=0.363, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obt2mZejiN1n for <dnsext@core3.amsl.com>; Mon, 31 Jan 2011 11:29:06 -0800 (PST)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 8632F3A6C6C for <dnsext@ietf.org>; Mon, 31 Jan 2011 11:29:06 -0800 (PST)
Received: by fxm9 with SMTP id 9so6519719fxm.31 for <dnsext@ietf.org>; Mon, 31 Jan 2011 11:32:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=t9pg7Egwe3tDLZU5bVlWKirFckwQ0aKIBMwUXe44oWk=; b=TPsdENiRFEQa+mDVIG7Pot+4i06WNbLoRVPWG9WKGGVHFGEWn7FjYF8FbeEHtdMohG q0LgEPZzYww2PDdAPpBH3QEnJuoxMBFOQYlHJQC9mvd5YyucDrjIz/iH6hUI/ibcLwst /IwzbjvgcUBF+ke0PPKe+JAHG5z6hitvyFhkg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=ZGoDG0KNBK8jyc2bLauAF2N8B7PGw1j7gBlTEEe38jCl/Um3HT7RQ2ujhP9qVzrcuU nZEmiGWs3Pwk1L5S8phlnMNV/ketKh896yd+RQSxJ/1pUyzhUJnDsJGemBLP/vxyFuFl Xuoq+Aa6nZ3lukytnsvGEF5rc3Dysbn7N/KG4=
MIME-Version: 1.0
Received: by 10.223.93.139 with SMTP id v11mr6321031fam.132.1296502340878; Mon, 31 Jan 2011 11:32:20 -0800 (PST)
Received: by 10.223.108.71 with HTTP; Mon, 31 Jan 2011 11:32:20 -0800 (PST)
In-Reply-To: <AANLkTiksER2SYPLiwy6uta3UBvbrEj0mDVOJnKSV-fbV@mail.gmail.com>
References: <alpine.LFD.1.10.1101251250040.30991@newtla.xelerance.com> <17A80F45-52CB-43F6-BD4A-3488821F6933@hopcount.ca> <3A1DEE95-8C8E-4C89-97EB-6D8F799ADE25@virtualized.org> <583A62B0-0DBF-469A-AF8A-B81DEDD1E7E2@dotat.at> <86B1D38A-C274-4335-B30E-3C5C0DF05C38@hopcount.ca> <4D45DE93.9090508@vpnc.org> <AANLkTinbjRebooyqWMpZ2oTudruoDSGqgaXXr35WPYVH@mail.gmail.com> <AANLkTikiqe2K4S-dNsyQZ-xp71J4bM11SsahwpxfDKCX@mail.gmail.com> <4C747F08-A9E8-46E6-AE76-0A999A16D276@hopcount.ca> <AANLkTinOtx88vK3mz-w=uw1CnsKwm=c-nTDOsj=5JAPY@mail.gmail.com> <AANLkTiksER2SYPLiwy6uta3UBvbrEj0mDVOJnKSV-fbV@mail.gmail.com>
Date: Mon, 31 Jan 2011 15:32:20 -0400
Message-ID: <AANLkTimPAWFk0zXC+t9Kz3M4TqormJsrHJgcgyC5BHpp@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: dnsext@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [dnsext] historal root keys for upgrade path?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2011 19:29:08 -0000
On Mon, Jan 31, 2011 at 3:23 PM, Phillip Hallam-Baker <hallam@gmail.com> wrote: > > > On Mon, Jan 31, 2011 at 1:22 PM, Brian Dickson > <brian.peter.dickson@gmail.com> wrote: >> The simplest bootstrap method would be to have a series of BSK >> (bootstrap keys), created on a periodic basis (every N years), and >> used as follows: > > If a compromise has occurred then the first thing to ask would be why. > There are only three places where a compromise can logically occur - in the > cryptographic algorithm, in the cryptographic hardware manufacturer or in > ICANN, No, there is a fourth place: brute force attack on the key/signature, to find the key. The brute force success on one key, compromises that key only, plus any data signed by it or derived therefrom. If another key of the same algorithm, held in the same hardware and operated by the same party exists, but is not dependent upon the first key, it remains secure. Brian
- [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Stephan Lagerholm
- Re: [dnsext] historal root keys for upgrade path? Andrew Sullivan
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Paul Hoffman
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Paul Hoffman
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Edward Lewis
- Re: [dnsext] historal root keys for upgrade path? Thierry Moreau
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Edward Lewis
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Alex Nicoll
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Stephan Lagerholm
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Florian Weimer
- Re: [dnsext] historal root keys for upgrade path? Jakob Schlyter
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Nicholas Weaver
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Matthew Dempsky
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Florian Weimer
- Re: [dnsext] historal root keys for upgrade path? Florian Weimer
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Paul Vixie
- Re: [dnsext] historal root keys for upgrade path? Paul Vixie
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Andrew Sullivan
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? David Conrad
- Re: [dnsext] historal root keys for upgrade path? Florian Weimer
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Thierry Moreau
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Paul Hoffman
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? W.C.A. Wijngaards
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Nicholas Weaver
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Nicholas Weaver
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Joe Abley
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Brian Dickson
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Jakob Schlyter
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Jakob Schlyter
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Tony Finch
- Re: [dnsext] historal root keys for upgrade path? Phillip Hallam-Baker
- Re: [dnsext] historal root keys for upgrade path? Ted Lemon
- Re: [dnsext] historal root keys for upgrade path? Paul Wouters
- Re: [dnsext] historal root keys for upgrade path? Florian Weimer