Re: Recall: Key rollover Work.
Andrew Sullivan <andrew@ca.afilias.info> Fri, 30 June 2006 19:45 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FwOvZ-0007Uo-4Z for dnsext-archive@lists.ietf.org; Fri, 30 Jun 2006 15:45:21 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FwOvY-00023R-Kb for dnsext-archive@lists.ietf.org; Fri, 30 Jun 2006 15:45:21 -0400
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1FwOs6-000OFy-AT for namedroppers-data@psg.com; Fri, 30 Jun 2006 19:41:46 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO,INFO_TLD autolearn=no version=3.1.1
Received: from [207.219.45.62] (helo=mail.libertyrms.com) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from <andrew@ca.afilias.info>) id 1FwOs5-000OFj-9v for namedroppers@ops.ietf.org; Fri, 30 Jun 2006 19:41:45 +0000
Received: from [10.1.3.236] (helo=roaming6.int.libertyrms.com) by mail.libertyrms.com with esmtp (Exim 4.22) id 1FwOs4-0007pS-TY for namedroppers@ops.ietf.org; Fri, 30 Jun 2006 15:41:44 -0400
Received: by roaming6.int.libertyrms.com (Postfix, from userid 1019) id E55B01C37FF; Fri, 30 Jun 2006 15:41:16 -0400 (EDT)
Date: Fri, 30 Jun 2006 15:41:16 -0400
From: Andrew Sullivan <andrew@ca.afilias.info>
To: namedroppers@ops.ietf.org
Subject: Re: Recall: Key rollover Work.
Message-ID: <20060630194116.GG595@afilias.info>
Reply-To: Andrew Sullivan <andrew@ca.afilias.info>
References: <6.2.5.6.2.20060612102822.03b52c00@ogud.com> <7.0.1.0.2.20060612174002.03d76008@nominum.com> <2805B0B0-CFA9-49E7-8ABD-4279673564D8@NLnetLabs.nl> <6.2.5.6.2.20060626105457.050ea9a8@nic.mx> <1C71D26A-A127-42B8-948B-F2808A3AC947@NLnetLabs.nl> <44A1DB2D.3050704@algroup.co.uk> <3827.1151471569@sa.vix.com> <60E47F1C-F4B1-4DC2-B947-97262B39C746@NLnetLabs.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <60E47F1C-F4B1-4DC2-B947-97262B39C746@NLnetLabs.nl>
User-Agent: Mutt/1.5.11
X-SA-Exim-Mail-From: andrew@ca.afilias.info
X-SA-Exim-Scanned: No; SAEximRunCond expanded to false
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.5 (/)
X-Scan-Signature: 93e7fb8fef2e780414389440f367c879
On Wed, Jun 28, 2006 at 07:44:18AM +0200, Olaf M. Kolkman wrote: > I would really appreciate if the working group did the work on > technical review. Colleagues, In response to the request above, I either reviewed or started to review four documents, in order to compare them to draft-ietf-dnsext-rollover-requirements-02.txt, and determine which (if any) meet the requirements set out in that document (I call it "the requirements" below). The documents in question are these: draft-ietf-dnsext-trustupdate-threshold-01.txt draft-ietf-dnsext-trustupdate-timers-02.txt draft-laurie-dnssec-key-distribution-02.txt draft-moreau-dnsext-takrem-dns-02.txt I did not review draft-weiler-dnssec-dlv-01.txt yet, because I did not initially think that it was a candidate to satisfy the requirements. I'm happy to do so, however (is that wanted?). I thought to send these comments now anyway, in the (perhaps misguided) hope that they'll be helpful to others in the context of the discussion. I quickly concluded that draft-moreau-dnsext-takrem-dns-02.txt could not meet requirement 5.2, because it is published with a "no derivative works" rider, and because there are restrictions on the type of license under which software based on it could be released. I therefore did not read the document, and cannot comment on its quality. (I did read the table of contents, and the document looks like it would be interesting to read.) I read draft-laurie-dnssec-key-distribution-02.txt. I think it is a good draft, and that it is an excellent idea for how to handle the problem of which keys may be trusted when getting SEPs set up. It does not, however, appear to be a general solution for trust anchor management: it seems to violate requirements 5.3 and 5.11. Unlike another reviewer, I do not think there are scaling problems with it. I believe it provides a useful mechanism for getting DNSSEC "off the ground" in the absence of the signing of the root, so I think it should be pursued, but not as a solution to the problems laid out in the requirements. Of the remaining two drafts (to which I'll refer as -threshold and -timers), I believe either one has the potential to meet the requirements. In my opinion, there are some advantages to each. If I have to pick just one, I slightly prefer -threshold, just because no bit assignment is required and because its approach to the problem feels natural to me. But I don't put any great stock in that preference: I could support either of these drafts. Both of the drafts appear more or less to meet all the requirements. In what follows, I discuss ways in which I think one or the other is slightly weaker in meeting the requirements as they are written. In the case of requirements I don't mention at all, both drafts meet the requirement equally and adequately in my opinion. The first caveat is that there is an IPR claim against both of drafts. The registered claim appears to meet requirement 5.2; but it is not plain to me, since I was unable to find actual terms of use. My view is that -timers is slightly less scalable (requirement 5.1) than is -threshold, because of the way -timers queries, but I think the additional load is almost certainly too little to be worthy of consideration. I have a tiny worry about manual operation (5.6) and -timers. It appears to me that the wrong kind of manual operation will result in the Missing state. I think this could be addressed in the draft, however. I think that all-key compromise could be slightly worse for -threshold than it is for -timers, in that under a total key compromise, -threshold devolves to STALE, whereas I've managed to convince myself that the same case in -timers just puts the zone back into an unsecured state (I may yet un-convince myself of that. Clue sticks are welcome). This is somewhat related to Thierry Moreau's comment in <http://ops.ietf.org/lists/namedroppers/namedroppers.2006/msg00870.html>; but my view is ultimately that no protocol is going to save operators from key mismanagement. I think both drafts work well in the presence of good key management regimes. I do have a worry about -timers in the case of single key compromise, in that the hold-down period is at minimum 30 days. One advantage I see for -threshold in this case is that the rollover acceptance policy is determined by the client. So each of these meets the "unplanned" requirement of section 5.7 (they both handle planned rolls just fine, as near as I can tell), but with different potential issues. A similar set of considerations apply to requirement 5.8. (I'm particularly concerned about timeliness in the context of unplanned events, so that's how I read 5.8.) I think that -threshold might fail requirement 5.9 in the event of multiple key compromise or expiry. This may be a matter of correct maintenance, though. While neither document requires a new RR type (5.10), -timers does need a bit assignment. Requirements 5.11 itself is slightly confusing to me, because I don't think there's really any such thing as "replac[ing] an existing Trust Anchor with another." It's more exactly a matter of adding one, and removing another. Assuming that's what the requirement authors mean (and I believe it is), I think both drafts meet this. Because -threshold relies on multiple keys to make up the threshold, it is entirely possible that in normal operation it would violate requirement 5.12 (specifically, the "at least one" formulation therein). This is true by design, and I think that -threshold's approach is in keeping with the sentiment behind 5.12 (recovery should be possible in case of some compromises, but maybe not total compromise); but -threshold nevertheless cannot meet this requirement as written. I believe it is possible to get either -timers or -threshold to violate requirement 5.13, if you change enough keys fast enough, but I suspect that would be true of any implementable specification. Any comments I have on the documents themselves I'll send under separate heading. Best regards, A -- Andrew Sullivan 204-4141 Yonge Street Afilias Canada Toronto, Ontario Canada <andrew@ca.afilias.info> M2P 2A8 jabber: ajsaf@jabber.org +1 416 646 3304 x4110 -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- RFC2672bis DNAME update document Ólafur Guðmundsson /DNSEXT co-chair
- Re: Recall: Key rollover Work. Wouter Wijngaards
- Re: Recall: Key rollover Work. Paul Vixie
- Re: Recall: Key rollover Work. Andrew Sullivan
- Re: Recall: Key rollover Work. Thierry Moreau
- Re: Recall: Key rollover Work. bmanning
- Re: Recall: Key rollover Work. Ben Laurie
- Re: RFC2672bis DNAME update document David Blacka
- Re: Recall: Key rollover Work. Olaf M. Kolkman
- Recall: Key rollover Work. Olaf M. Kolkman
- Re: Recall: Key rollover Work. Edward Lewis
- Re: Recall: Key rollover Work. Suresh Krishnaswamy
- Re: Recall: Key rollover Work. Olaf M. Kolkman
- Re: Recall: Key rollover Work. Ben Laurie
- Re: Is keyrollover neccesary? (was Key rollover W… Paul Vixie
- Re: Is keyrollover neccesary? (was Key rollover W… Paul Vixie