IETF Logo Mail Archive

Re: [dnsext] historal root keys for upgrade path?

Phillip Hallam-Baker <hallam@gmail.com> Tue, 01 February 2011 20:14 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B9783A6C81 for <dnsext@core3.amsl.com>; Tue, 1 Feb 2011 12:14:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.627
X-Spam-Level:
X-Spam-Status: No, score=-3.627 tagged_above=-999 required=5 tests=[AWL=-0.029, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09hEVFG6J0km for <dnsext@core3.amsl.com>; Tue, 1 Feb 2011 12:14:50 -0800 (PST)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id D4BFA3A6C7C for <dnsext@ietf.org>; Tue, 1 Feb 2011 12:14:49 -0800 (PST)
Received: by gwb20 with SMTP id 20so3066348gwb.31 for <dnsext@ietf.org>; Tue, 01 Feb 2011 12:18:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=BzhbmKgdKXqgT6gsZm3qZZzhMtEmZNhWmwDyIysxObI=; b=IB+CsBQCuOiMij7yWzoW64Gw6vpUlDIM+OgdnI+tIZik2yGiTag3BpdxbkH8LjkRzV 0aMnfVVmbtyrEaTbhppHVbA1ueHNhgt5yQTj6FTb7+6JmegYWMIWd8h1y2gCZwxNHPVE +lx0m85DmK1Wb85MxL60eqLz6HF0vBPzGnDz8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=JgIlbf8p2L2aYWr32Ohx7/J3l3U+Xi7vuXBJwjA8nBjk6OeJVzln+XgeCeYBFFY1Ei drjvBYUaFbQAP2hWG/OGvOKUKZYwd/4SYpRm+N+5xx0EIrKb41BvCmSUmDJ3nkV6Wr1/ fo1w77T9/x2oLJHTzcvlBK2sRvNyFuD4X4jys=
MIME-Version: 1.0
Received: by 10.100.48.3 with SMTP id v3mr5293606anv.154.1296591486558; Tue, 01 Feb 2011 12:18:06 -0800 (PST)
Received: by 10.100.109.16 with HTTP; Tue, 1 Feb 2011 12:18:06 -0800 (PST)
In-Reply-To: <alpine.LSU.2.00.1102011911100.5244@hermes-1.csi.cam.ac.uk>
References: <alpine.LFD.1.10.1101251250040.30991@newtla.xelerance.com> <17A80F45-52CB-43F6-BD4A-3488821F6933@hopcount.ca> <3A1DEE95-8C8E-4C89-97EB-6D8F799ADE25@virtualized.org> <583A62B0-0DBF-469A-AF8A-B81DEDD1E7E2@dotat.at> <86B1D38A-C274-4335-B30E-3C5C0DF05C38@hopcount.ca> <4D45DE93.9090508@vpnc.org> <AANLkTinbjRebooyqWMpZ2oTudruoDSGqgaXXr35WPYVH@mail.gmail.com> <AANLkTikiqe2K4S-dNsyQZ-xp71J4bM11SsahwpxfDKCX@mail.gmail.com> <4C747F08-A9E8-46E6-AE76-0A999A16D276@hopcount.ca> <AANLkTinOtx88vK3mz-w=uw1CnsKwm=c-nTDOsj=5JAPY@mail.gmail.com> <B4F822D3-F4D6-4657-B299-075B89B5CC86@hopcount.ca> <AANLkTi=BtqV3XF-yXhDBNd7hPCbJCWKuS-WsO=_nf6g3@mail.gmail.com> <alpine.LSU.2.00.1102011911100.5244@hermes-1.csi.cam.ac.uk>
Date: Tue, 01 Feb 2011 15:18:06 -0500
Message-ID: <AANLkTinrdsXRFoD1vb1sLshHHc+f2DhufkbKuyez9SwA@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Tony Finch <dot@dotat.at>
Content-Type: multipart/alternative; boundary="0016e645b8c4f9a217049b3e3a81"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] historal root keys for upgrade path?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2011 20:14:51 -0000

On Tue, Feb 1, 2011 at 2:14 PM, Tony Finch <dot@dotat.at> wrote:

> On Mon, 31 Jan 2011, Phillip Hallam-Baker wrote:
> >
> > ICANN can eliminate the problem of rollovers for scheduled rolls by
> > announcing that it will never roll the key except in an emergency.
>
> The problem with that idea is that (per Cisco's plan) if every
> Internet-connected device is a validator, an emergency will break the
> entire Internet. You *have* to plan for root key rollovers to be normal
> events that can be handled without fuss.


If you want to plan effectively for an emergency you have to do much more
than just roll the key.

The design of commercial PKI roots has been predicated on the need to make
them tamper-evident and not to eliminate the possibility  of a compromise.

If we ever did have to do an emergency roll we would probably need to change
the whole signing scheme as well. We would at a minimum need to go for a
stronger key but we might well have to go to a different algorithm.




> > We faced this problem in the PKI world and found that 20 year roots were
> a
> > better solution.
>
> But in the PKI world you have many trust anchors which can come and go as
> time passes without breaking the whole system.


Actually the number of roots is much smaller than people imagine. In the
case of Windows the ultimate root that matters is held by Microsoft and
always has been. That is the root used to sign the CTL that authorizes the
roots.

I believe that new CTL keys are introduced from time to time. But a given
root is good for the support lifetime of the product in question and in
practice has been maintained beyond that point.

And as certain people keep pointing out, as currently configured, each root
provides a fresh opportunity to compromise the system. That is the issue CAA
is designed to address.


-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email