Re: [dnsext] Historical root keys: The Large Router Vendor Speaks
Thierry Moreau <thierry.moreau@connotech.com> Sat, 29 January 2011 02:54 UTC
Return-Path: <thierry.moreau@connotech.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AD65C3A6A91 for <dnsext@core3.amsl.com>; Fri, 28 Jan 2011 18:54:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.366
X-Spam-Level:
X-Spam-Status: No, score=0.366 tagged_above=-999 required=5 tests=[AWL=0.803, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eMDoGPHuMr+h for <dnsext@core3.amsl.com>; Fri, 28 Jan 2011 18:54:01 -0800 (PST)
Received: from bretelle.intaglionic.org (unknown [76.10.176.241]) by core3.amsl.com (Postfix) with ESMTP id 76A653A6A83 for <dnsext@ietf.org>; Fri, 28 Jan 2011 18:54:01 -0800 (PST)
Received: from [192.168.1.200] (unknown [192.168.1.200]) by bretelle.intaglionic.org (Postfix) with ESMTPA id 361993077D; Sat, 29 Jan 2011 03:08:13 -0500 (EST)
Message-ID: <4D4381BB.9070407@connotech.com>
Date: Fri, 28 Jan 2011 21:55:55 -0500
From: Thierry Moreau <thierry.moreau@connotech.com>
User-Agent: Thunderbird 2.0.0.17 (X11/20090608)
MIME-Version: 1.0
To: John Bashinski <jbash@cisco.com>
References: <4D41D3E2.6060107@cisco.com> <3125F45F-7594-498F-AFA3-D2D738A228F5@hopcount.ca> <4D42F597.8090006@vpnc.org> <4D42FCB6.70005@cisco.com> <4D43072D.6090503@vpnc.org> <4D431F94.4020701@cisco.com> <4D433B9D.7030209@connotech.com> <4D433FEF.9060406@cisco.com>
In-Reply-To: <4D433FEF.9060406@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] Historical root keys: The Large Router Vendor Speaks
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Jan 2011 02:54:03 -0000
Dear John, Some definitions and background about trust and "liability" in the context of root public keys (DNSSEC root KSK, open PKI root CA -- in the original model --, and to a lesser extent a private CA like Cisco's for software revisions). An organization stands behind a root public key because it controls the private key counterpart. The organization announces for which purposes the key pair is issued, along with some cryptoperiod expectation. Relying parties depend on the organization internal controls of the private key. Some factors make the organization's responsibilities more demanding: the value of surreptitious access to the private key, the expected computing power increase in the hands of "the enemy," the wear and tear of continuous internal controls, and, indirectly, the size of the relying party population. The cryptoperiod announcement says: after such a date, don't expect our internal controls to be at par with the cumulative risk exposure. It also says "a digital signature verification is meaningless after the end of the cryptperiod." More precisely, it says "don't blame us if a bogus digital signature floats around after the end of the cryptoperiod, we would have told you that the key was expired." What you are asking for is a long cryptoperiod, either because the history record relied upon in 2035 uses a KSK expired in 2021, or because a special-purpose signature key relied upon in 2035 has entered IANA internal controls before 2014, the manufacturing date for Cisco boxes. I am sure IANA does not wish to let "the world" to so rely on a long expired KSK without having been served this little warning "no good after KSK rollover which we will announce in advance." I write this from discussions surrounding the KSK internal controls, a time during which I was advocating a longer term commitment (with slightly different procedures) from IANA. IANA did an excellent job at this project for which there was no precedent, at least with an equivalent level of transparency. Their stubbornness (?) in making this little warning is an indication that their KSK operations are trustworthy *before* rollover. For the long-term commitment from IANA for (the internal controls required for) a special purpose signature key, I am less certain. But if they do make this commitment, then WOW! "The world" would have what you are looking for. Bootstrap from this super-WOW signature key whenever you feel you need more confidence in your DNS resolution. - You say *only*if* the current local KSK configuration is outdated. I would say it's up to any gear vendor, any security officer, or any sys admin, in any circumstances. - You say it's no better than the KSK, while in fact it is: it works across KSK rollovers. Suppose your unit goes back on-line in 2035 and sees the same KSK as was current in 2014, because a bogus root is being operated by a hacker in the network nearby. The super-WOW signature verification will prevent the bogus root attack. It's about the IANA embarrassment if something goes wrong. Semantically it does not turn into "liability" but that is just because secure electronic payments are not directly secured by DNSSEC validated RRsets near the top of the DNS hierarchy. I exposed the suggested course of action for Cisco in the first e-mail to you (it was off-list). It is a simple selection from what you already identified as operationally acceptable options. I hope it clarifies the link between long term public key crypto material and "trust" as the term applies to your problem statement (which I find very good). Hope it helps (I wish to abstain from further contributions to the IETF list on this issue). Regards, -- - Thierry Moreau John Bashinski wrote: > On 2011-01-28 16:56, Thierry Moreau wrote: > >> But once IANA (or whichever organization makes it "public") commits to >> "it" on a long term it becomes by definition more trustworthy than the >> root KSK. > > How does that work? All validations are funneled through through the > root KSK. Furthermore, once you're bootstrapped, all your trust anchor > updates come as RFC 5011 signed by the root KSK. So there's no way to > have anything more trusted than the root KSK. This is in the technical > sense of "trusted", which is more or less equivalent to "able to spoil > your day". > > The originally proposed form of "it" was for "it" to *be* the root > KSK. You'd start with a root KSK, and if that KSK were still in use, > you'd be done. If not, you'd get "it" in the form of a history of root > KSK rollovers, run through the chain, and thereafter anchor yourself at > the current root KSK. > > I still prefer that approach, but other people seem to prefer > alternatives. Not even those the alternatives create anything that I can > see as "more trusted" than the root. "Equally trusted" at most. > >> Then suddenly the trust foundation shifts from the root KSK >> to "it" and soon it becomes best practice to use it as the normal way >> to bootstrap DNSSEC resolution. > > Well, it certainly wouldn't be the only available way, but, yes, it > probably would be the most common way. > > What do you believe should be the "normal way"? > >> Ah ah! Now "it" becomes the (default) new trust foundation. I knew it >> would come sooner than later. > > In order to enable DNSSEC by default, it MUST be possible to bootstrap > it without human intervention, using only the information available to > you when you first get turned on. That's what "default" means. > > The current default is not to use DNSSEC at all. A tiny minority > enables DNSSEC. That tiny minority would still be able to do whatever > it wanted to set up trust anchors... including what it's doing today. > > So what's the alternative? > > -- jbash >
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- [dnsext] Historical root keys: The Large Router V… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Joe Abley
- Re: [dnsext] Historical root keys: The Large Rout… David Conrad
- Re: [dnsext] Historical root keys: The Large Rout… Brian Dickson
- Re: [dnsext] Historical root keys: The Large Rout… Jakob Schlyter
- Re: [dnsext] Historical root keys: The Large Rout… Florian Weimer
- Re: [dnsext] Historical root keys: The Large Rout… George Barwood
- Re: [dnsext] Historical root keys: The Large Rout… Alex Bligh
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Andrew Sullivan
- Re: [dnsext] Historical root keys: The Large Rout… Joe Abley
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Paul Hoffman
- Re: [dnsext] Historical root keys: The Large Rout… Nicholas Weaver
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Ted Lemon
- Re: [dnsext] Historical root keys: The Large Rout… Alex Bligh
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- [dnsext] A question about the need for "historica… Edward Lewis
- Re: [dnsext] Historical root keys: The Large Rout… Paul Hoffman
- Re: [dnsext] Historical root keys: The Large Rout… Ted Lemon
- Re: [dnsext] A question about the need for "histo… John Bashinski
- Re: [dnsext] A question about the need for "histo… Ted Lemon
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] A question about the need for "histo… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Ted Lemon
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Thierry Moreau
- Re: [dnsext] Historical root keys: The Large Rout… John Bashinski
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- Re: [dnsext] Historical root keys: The Large Rout… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Thierry Moreau
- Re: [dnsext] Historical root keys: The Large Rout… Paul Wouters
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- Re: [dnsext] Historical root keys: The Large Rout… Tony Finch
- Re: [dnsext] Historical root keys: The Large Rout… Chris Thompson
- Re: [dnsext] Historical root keys: The Large Rout… George Barwood
- Re: [dnsext] Historical root keys: The Large Rout… Tony Finch
- Re: [dnsext] Historical root keys: The Large Rout… Phillip Hallam-Baker
- Re: [dnsext] Historical root keys: The Large Rout… Olafur Gudmundsson