Re: [dnsop] Comments on draft-ietf-dnsop-key-rollover-requirements
Gilles Guette <gguette@irisa.fr> Wed, 08 September 2004 13:43 UTC
Received: from darkwing.uoregon.edu (root@darkwing.uoregon.edu [128.223.142.13]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA11558 for <dnsop-archive@lists.ietf.org>; Wed, 8 Sep 2004 09:43:10 -0400 (EDT)
Received: from darkwing.uoregon.edu (majordom@localhost [127.0.0.1]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i88CX7Vu029594; Wed, 8 Sep 2004 05:33:07 -0700 (PDT)
Received: (from majordom@localhost) by darkwing.uoregon.edu (8.12.11/8.12.11/Submit) id i88CX74O029591; Wed, 8 Sep 2004 05:33:07 -0700 (PDT)
Received: from smtp.irisa.fr (smtp.irisa.fr [131.254.254.26]) by darkwing.uoregon.edu (8.12.11/8.12.11) with ESMTP id i88CX53S029558 for <dnsop@lists.uoregon.edu>; Wed, 8 Sep 2004 05:33:05 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by localhost.irisa.fr (Postfix) with ESMTP id 5C91AFAD9; Wed, 8 Sep 2004 14:33:04 +0200 (CEST)
Received: from smtp.irisa.fr ([131.254.254.26]) by localhost (meli.irisa.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16511-03; Wed, 8 Sep 2004 14:33:03 +0200 (CEST)
Received: from irisa.fr (medoc.irisa.fr [131.254.70.2]) by smtp.irisa.fr (Postfix) with ESMTP id C9469FAB5; Wed, 8 Sep 2004 14:33:03 +0200 (CEST)
Message-ID: <413EFBFF.20408@irisa.fr>
Date: Wed, 08 Sep 2004 14:33:03 +0200
From: Gilles Guette <gguette@irisa.fr>
Organization: Irisa/Inria - Rennes
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1
X-Accept-Language: fr, en
MIME-Version: 1.0
To: olaf@ripe.net
Cc: dnsop <dnsop@lists.uoregon.edu>
Subject: Re: [dnsop] Comments on draft-ietf-dnsop-key-rollover-requirements
References: <DA5CB450F843D611823E0002A5D4DB3C020F4414@renexch1.rennes.thmulti.com>
In-Reply-To: <DA5CB450F843D611823E0002A5D4DB3C020F4414@renexch1.rennes.thmulti.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new at irisa.fr
Sender: owner-dnsop@lists.uoregon.edu
Precedence: bulk
Reply-To: Gilles Guette <gguette@irisa.fr>
Content-Transfer-Encoding: 7bit
Olaf M. Kolkman wrote:
>
>
>Hello Gilles,
>
>I have a number of questions and remarks that I have made in-line
>below. The overall feeling I have when reading this draft is that it is
>a little to restrictive. The draft would be improved if you replace
>the "MUST" language (which is not RFC2119 language as far as I can
>tell) with language that motivates why certain requirements are
>important. An informational document that documents the pitfalls is
>more useful than a document that ordains behavior.
You're right, the "MUST" language will be corrected in the
next version
>1. Introduction
>
> (ZSKs) and Key Signing Keys (KSKs) [1][2]. Automation of key
> rollover process is necessary for large zones because
> there are too many changes to handle a manual administration.
>
>I think that last sentence should read:
>
> Automation of key exchanges between parents and childs is necessary
> for large parent zones because there are too many changes
> to handle manual administration.
>
>This is because the rollover is a local process while the
>key-exchange involves two parties.
>
> Automated rollover is optional and resulting from an agreement
> between the administrator of the parent zone and the administrator of
> the child zone. Of course, key rollover can also be
> done manually by administrators.
>
>Again this is not so much about key rollover as well as key exchange.
Maybe the terms has to be defined more precisly:
key rollover: local process to change key material in a zone file
key exchange: transmission of the key material between parent
and child zone
And we need a term for the entire process keyrollover + key
exchange (+ DS creation)
Any precision or suggestion ?
>2. The Key Rollover Process
>
> Manual key rollover exists and works [3]. The key rollover is built
>
> from two parts of different nature:
> o An algorithm that generates new keys and signs the zone file. It
> could be local to the zone
> o The interaction between parent and child zones
>
> One example of manual key rollover is:
>
> o The child zone creates a new KSK
> o The child zone waits for the creation of the DS RR in its parent
> zone
> o The child zone deletes the old key.
>
> In manual rollover, communications are managed by the zone
> administrators and the security of these communications is out of
> scope of DNSSEC.
>
> Automated key rollover should use a secure communication between
> parent and child zones. This document concentrates on defining
> interactions between entities present in key rollover process.
>
>You just argued that manual rollover is out of scope of DNSSEC,
Oops, I made a mistake, the right sentence is:
... and the security of communications during a manual rollover is out
of scope of this
document.
>A rephrase to express that the chain of trust must be preserver
>globally, so to speak:
>
>The main constraint to respect during a keyrollover is that the chain
>of trust must be preserved to every validating DNS client no matter if
>this client retrieves some of the RRs from a recursive caching
>nameserver or from the authoritative servers for the zones
>involved in the rollover. Every RR MUST be verifiable at any time, every RRs
>exchanged during the rollover should be authenticated and their
>integrity should be guaranteed.
>
>(I am not sure if "the main constraint to respect" is proper English.)
It is an open question :)
>4. Messages authentication and information exchanged
>
> Every exchanged message MUST be authenticated and the authentication
> tool MUST be a DNSSEC tool such as TSIG [6], SIG(0) [5] or DNSSEC
> request with verifiable SIG records.
>
>Why? Even if the exchange takes place outside of the DNS
>like over EPP?
>
This part was an open question of the first version of the draft.
Do we need other mechanisms than DNSSEC one's to provide security?
A mechanism is needed to provide this security and there is two
solutions, either this mechanism is DNSSEC or not. We think that
securing the exchanged messages with DNSSEC is the more
appropriate and allow to be independant from other protocol.
> Once the changes related to a KSK are made in a child zone, this zone
> MUST notify its parent zone in order to create the new DS RR and
> store this DS RR in parent zone file.
>
>This is an example of the use of "MUST" I was referring to
>above. Why "MUST" here. When a child chooses not to notify the parent zone if a
>change has made in the KSK set nothing breaks as long as the KSK that
>the DS points to is not being removed.
Ok, I change that.
>5. Emergency Rollover
>
> A key of a zone might be compromised and this key MUST be changed as
> soon as possible.
>
>Why? I think we all agree this is needed but if you say "MUST" I think
>you should motivated.
>>Maybe expand the reasoning a bit, include some timing issues.
I will add something describing consequences of a compromised key in
DNSSEC and explaining the motivation of the key change as
soon as possible.
--
\|||/
(@ @)
---ooo0-(_)-0ooo---
--Gilles--
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
- [dnsop] Comments on draft-ietf-dnsop-key-rollover… Olaf M. Kolkman
- Re: [dnsop] Comments on draft-ietf-dnsop-key-roll… Francis Dupont
- Re: [dnsop] Comments on draft-ietf-dnsop-key-roll… Gilles Guette
- Re: [dnsop] Comments on draft-ietf-dnsop-key-roll… Ben Laurie