Re: One Interaction KEY exchange
ted@tednet.nl (Ted Lindgreen) Tue, 10 April 2001 13:59 UTC
Received: from nic.cafax.se ([192.71.228.17]) by ietf.org (8.9.1a/8.9.1a) with SMTP id JAA15476 for <dnsop-archive@odin.ietf.org>; Tue, 10 Apr 2001 09:59:41 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by nic.cafax.se (8.12.0.Beta7/8.12.0.Beta5) id f3ADbgXo012013 for dnsop-outgoing; Tue, 10 Apr 2001 15:37:42 +0200 (MEST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [213.53.69.1]) by nic.cafax.se (8.12.0.Beta7/8.12.0.Beta5) with ESMTP id f3ADbgLt012008 for <dnsop@cafax.se>; Tue, 10 Apr 2001 15:37:42 +0200 (MEST)
Received: (from ted@localhost) by open.nlnetlabs.nl (8.11.2/8.11.1) id f3ADbfN11068; Tue, 10 Apr 2001 15:37:41 +0200 (CEST) (envelope-from ted)
Message-Id: <200104101337.f3ADbfN11068@open.nlnetlabs.nl>
From: ted@tednet.nl
Date: Tue, 10 Apr 2001 15:37:41 +0200
In-Reply-To: "Olaf Kolkman's message as of Apr 6, 15:07"
Reply-To: Ted.Lindgreen@tednet.nl
X-Organization: TedNet BV
X-Address: Omval 56, 1096HV Amsterdam, The Netherlands
X-Phone: +31 20 6631060 Fax: +31 20 4684462
X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98)
To: Olaf Kolkman <olaf@ripe.net>, dnsop@cafax.se
Subject: Re: One Interaction KEY exchange
Cc: miekg@nlnetlabs.nl, ted@nlnetlabs.nl
Sender: owner-dnsop@cafax.se
Precedence: bulk
[Quoting Olaf Kolkman, on Apr 6, 15:07, in "One Interaction KEY ..."] > > Ref: draft-ietf-dnsop-parent-sig-00.txt <Single parental action key-rollover scheme> Let me first say, that I like this idea a lot: it further reduces the amount of action that a TLD needs to do for key-rollovers of its children. Next, I'd like to refrase the basic difference to make sure I understand it (please jump on it, if this is wrong): - instead of having a double key in the zone key RRset during the transition, there is a double set of SIG RRs at the child. Let's see how this affects the various parties: 1. The parent (say, a TLD): Instead of two (identical) key-RRset update actions, only one is needed. This is an advantage. 2. The child: Instead of key-addition+double-key+key-removal, the child goes through key-change+double-sigs+sigs-removel. Not much of a change of work. 3. The resolver: As, from security needs, the resolver must already know whether to expect SIG-RRs before entering a child's zone, it is probably no extra work to know which SIGs to expect if it finds multiple SIGs. So, not much of a change of work here as well. So, it looks like an advantage only. One thing, however, bothers me a little bit: - at all times, and thus also during the transition, in the scheme used in draft-ietf-dnsop-parent-sig-00.txt the "real" or "valid" or "validated" zone-KEY-RR is present in both the parent and the child zone. However, the RRsets may differ during the transition. - in the proposed scheme, the childs zone does not hold the "real" zone KEY RR during the transition, it holds the upcoming, thus no (yet) valid one instead. But, I must admit, that in both cases there is an anomaly.... Perhaps we need to rethink, why the zone-KEY-RR (and RRset) was at all present in the childs zonefile, if we already have decided that the parents zonefile is (more) authorative for it: the only reason was to facilitate easy KEY-update by the parent: - child updates zone-KEY-RRset, signs with old-KEY, signals parent - parent gets RRset, checks against KEY it holds and updates. This scheme is used in both draft-ietf-dnsop-parent-sig-00.txt and Olaf's proposal. What now comes to mind is, that if we take Olaf's proposal a little bit further, we could get rid of the anomaly as well: - Why not remove the zone-KEY-RRset from the childs zone file alltogether. If we already accept that the parent is (more) authorative, and the set may be wrong at the child, this looks quite natural to me. - The only thing that must change is how the parent gets a new zone-KEY at key-rollover time. This means that the "trigger" that was proposed earlier, now changes into a "new-KEY-message". Security considerations: The main thing is, that the parent never ever signs the wrong zone-KEY. Two possibilities: 1. The old zone-KEY is still OK. The child could send an e-mail form, or fill out a web-form, or send a FAX or whatever, to trigger the parent and handover a new KEY at the same time. Of course, anyone can do that, but only the holder of the private part of the old-KEY could sign such a request with the old-KEY. So, if the parent just requires this, it is simple and sufficient. 2. The old zone-KEY is not OK anymore. Now we have a problem, but we have this problem in all cases. Regards, -- Ted.
- One Interaction KEY exchange Olaf Kolkman
- Re: One Interaction KEY exchange Ted Lindgreen