Trust anchor rollover review
"dr. W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Wed, 28 June 2006 13:54 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FvaUf-0001Sf-3T for dnsext-archive@lists.ietf.org; Wed, 28 Jun 2006 09:54:13 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FvaUe-0001pa-GE for dnsext-archive@lists.ietf.org; Wed, 28 Jun 2006 09:54:13 -0400
Received: from majordom by psg.com with local (Exim 4.60 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1FvaQM-000KHU-NL for namedroppers-data@psg.com; Wed, 28 Jun 2006 13:49:46 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.1
Received: from [62.221.254.24] (helo=pluto.isd-holland.nl) by psg.com with esmtp (Exim 4.60 (FreeBSD)) (envelope-from <wouter@nlnetlabs.nl>) id 1FvaQJ-000KH7-Ln for namedroppers@ops.ietf.org; Wed, 28 Jun 2006 13:49:44 +0000
Received: from [192.168.2.100] (62-221-195-234.dsl.uwadslprovider.nl [62.221.195.234]) by pluto.isd-holland.nl (Postfix) with ESMTP id B75652FC4DC for <namedroppers@ops.ietf.org>; Wed, 28 Jun 2006 15:49:34 +0200 (CEST)
Message-ID: <44A288E8.9060605@nlnetlabs.nl>
Date: Wed, 28 Jun 2006 15:49:28 +0200
From: "dr. W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
User-Agent: Thunderbird 1.5.0.4 (X11/20060614)
MIME-Version: 1.0
To: Namedroppers <namedroppers@ops.ietf.org>
Subject: Trust anchor rollover review
X-Enigmail-Version: 0.94.0.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enigC96F7FBA88D70A60777D54C3"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7da5a831c477fb6ef97f379a05fb683c
Hi, A couple of reviews of the trust rollover drafts I could find. Based on the summaries and comments below my support is to the draft-threshold (I value the query volume highly). The draft-timers comes second (negative is the query volume, key priming could be added separately just like the -threshold draft). These two drafts both satisfy the requirements. The technology for key rollover I like the most is the threshold and timer solutions. Threshold has (slightly, 2x) lower communication costs. More work should be done on message size (should keys be in their own domain names to keep 'em small), and on priming key technology (history playback mechanism to 'roll-forwards' the priming key or something). Rated to requirements in draft-ietf-dnsext-rollover-requirements-02: 5.1. Scalable. -timers yes, -threshold yes. -laurie less so. - DLV solution does not scale. 5.2. IPR (from ietf IPR pages). -takrem has IPR claims, statement about licensing has '.. economic value of the technology appears to lie with the trust anchor issuer role. ..'. License for GPLv2 but no other OSS lisences. -timers and -threshold, IPR claims that have a free use grant. -laurie has no IPR issues at all. 5.3. General Applicability. All do. 5.4. Support Private networks. All do. 5.5. Detection of stale trust anchors. -laurie does not. 5.6. Manual operations permitted. All do 5.7. Planned and unplanned rollovers. All do (research for key in -laurie). 5.8. Timeliness. -laurie does not include a timed refresh operation. 5.9. High Availability. All do. 5.10. new RR types. Revocation bit in DNSKEY flags for -timers. 5.11. Support maintenance by adding new anchors. All do. 5.12. Recovery from compromise. -laurie does not. - DLV cannot recover from a compromised dlv key. 5.13. Non-degrading trust. All can, -laurie has an issue with low trust links. draft-laurie-dnssec-key-distribution-02.txt ------------------------------------------- Summary: Using certificates. Everyone signs their keys using certificates. Cross-signing of others' keys. HTTP URLs (stored in cert) have collections of keys, signed by certificates. Hightrust and Lowtrust certificates. Resolver starts with trusted certs. Follows web of trust of cross signing, collect all certificates, extract all trusted keys. Comments: - 'in band mechanism' can be used to keep anchors up to date. Refers to key-rollover within a zone? - centers on trust web. Have to recurse all the trust web to find keys. - PRO: decentralised. - CON: scaling issues, with spidering the trust web. draft-ietf-dnsext-trustupdate-timers-02.txt ------------------------------------------- Summary: Keys sign keys for verification at zone apex of trust point. Timer to wait before add-key, or remove-key. Key compromise can be detected during the wait time. Resolver must detect if key stays in dnskey rrset for the entire duration of the wait time. Resolvers ask for dnskeys at trust points every so often to refresh keys. 'Revoke' bit in dnskey rrtype, sign it by that key and key is revoked. Comments: - KeyRem event, could that be due to truncation of a dns reply? If so, it should not have such harsh consequences. - very pretty revocation idea, where you need key private data to revoke. - CON queries for trust keys to refresh them, even if trust point is not in active use. - PRO key compromise handled carefully. draft-ietf-dnsext-trustupdate-threshold-01.txt ---------------------------------------------- Summary: Trustanchor keys have 'SEP' flag set. Want to avoid bogus data because keys are old, called stale keys. Keep a set of dnskeys and rrsigs by all keys at zone apex. At least M trust anchors must verify a new set of keys. The threshold from the title is M-N(number of keys). Keys are flagged as SEP, KSK, ZSK or Priming, no further state for keys. Nit: 3.4, paragraph starts with "If if". Comments: - PRO Handles key compromise - PRO Provides method to escape a stale-keys state to no-keys. - CON regular probes for new keys, less frequent than -timers, once per month. Need to give zone operator influence on this value. - PRO Discusses initial key priming. To bootstrap security. - CON priming keys idea is nice, but really moves all of the issues to the longer lived key. The technology for trust, revocation, parameters of that priming key is listed as external to the proposal. draft-moreau-dnsext-takrem-dns-02.txt ------------------------------------- Not reviewed. IPR claims on namedroppers. 'no derivative works' clause.
- Trust anchor rollover review dr. W.C.A. Wijngaards
- Re: Trust anchor rollover review bmanning