Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea (tm)

[Joe Abley <jabley@hopcount.ca>]

On 2009-10-07, at 16:25, Paul Hoffman wrote:

> At 2:22 PM +0100 10/7/09, Joe Abley wrote:
>> From this perspective we might roll a ZSK more frequently than a  
>> KSK because the ZSK needs to be stored on-line to facilitate re- 
>> signing when the zone changes. With the KSK we have the option of  
>> keeping it off-line, and arguably the risk of compromise is  
>> consequently lower. Regular testing of the machinery is still  
>> important, however.
>
> Please define "on-line" and "off-line".

The ZSK is exercised every time the zone changes. For some zones this  
is every few seconds. For the root zone it's twice per day. The  
equipment that performs the signing operation might well need to make  
use of the ZSK in an automated fashion, without human operators being  
present. This scenario is what I meant by "on-line".

The KSK is exercised every time a signature over the apex DNSKEY RRSet  
is required. This might be far more infrequent than the ZSK use  
described above. If so, it might be plausible to store the KSK on a  
device which has no network access and no power, in a secure facility,  
and to make the use of it a manual operation involving procedures,  
auditors, witnesses, etc. This is what I meant by "off-line".

I appreciate that there are other perfectly valid operational  
approaches in which the KSK is also kept on-line.

> In the deployments I have heard of, both types of keys are stored  
> with the same security procedures, but the ZSK might be stored in a  
> physically different location (or not). The operational aspects of  
> using the two keys are nearly identical.


Joe