Re: [DNSOP] Emergency KSK Rollover for locally secure zones.

Aanchal Malhotra <aanchal4@bu.edu> Thu, 03 August 2017 21:07 UTC

Return-Path: <aanchal4@bu.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE299129AEB for <dnsop@ietfa.amsl.com>; Thu, 3 Aug 2017 14:07:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HbVl-1dJXpY9 for <dnsop@ietfa.amsl.com>; Thu, 3 Aug 2017 14:07:43 -0700 (PDT)
Received: from relay74.bu.edu (relay74.bu.edu [128.197.228.174]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1775012940A for <dnsop@ietf.org>; Thu, 3 Aug 2017 14:07:42 -0700 (PDT)
X-Envelope-From: aanchal4@bu.edu
Received: from mail-oi0-f71.google.com (mail-oi0-f71.google.com [209.85.218.71]) by relay74.bu.edu (8.14.3/8.14.3) with ESMTP id v73L68Jm019703 for <dnsop@ietf.org>; Thu, 3 Aug 2017 17:06:08 -0400
Received: by mail-oi0-f71.google.com with SMTP id b184so1815903oih.9 for <dnsop@ietf.org>; Thu, 03 Aug 2017 14:06:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MVggKEWAXI6VSHo5YcMt5gZWoRPxhsaIAu1DzuBkyTQ=; b=q+QpArRWlHoRpn6G9joVtPfAXNojyS40m+Snt8iovaulQUBZITWqYJYCOvLK6OJQFc sArN9Eno9GTjGzpxJhJ/BcX66k5tlfVF76Pzbzokxn9VHDLmZhD4WY285dPh4zcOVL8V m4uTlUwsax66MZP8PC6uv/nre/3CXougAn1wHQxXAPzNjd75xiVv1QmaoJ46qtm5lrvr SeGobbSyFc60yGfi8pRoLNQslwEyBD90mPrko9rnU+XC1ptZ9+KALH0aeNE2GAcVz3p1 uvf4AzvCGTBWjPL2UqNfNoicmhxYUh+JbDNQDdrs+FHPVOqL8l/KONJIkxIfAUbE+ELV vovA==
X-Gm-Message-State: AHYfb5gsYMEizJewWKXXcvlE0TEW+adtz7S4GvdBe2vwJnd+sWfPiaEM p182UGOK3XR8Yd6fULRSVLY2s2EgAUiXzA1+BnjbXA3+110+a3hnjiDjZM9aKim8UwUpsV69MNX pkYuSH3b4yKWKfw==
X-Received: by 10.202.83.6 with SMTP id h6mr146299oib.138.1501794367634; Thu, 03 Aug 2017 14:06:07 -0700 (PDT)
X-Received: by 10.202.83.6 with SMTP id h6mr146284oib.138.1501794367297; Thu, 03 Aug 2017 14:06:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.121.75 with HTTP; Thu, 3 Aug 2017 14:05:46 -0700 (PDT)
In-Reply-To: <70641a7b-8fe1-265a-5eb0-6e484ff7c735@nthpermutation.com>
References: <CAMbs7ks-ZZ-tFpnNkgNx779ct0ns24d+pzKbzQhKuAxVnMUwrA@mail.gmail.com> <EE9ABA7D-BDB6-40FE-92B8-BC6335FF1898@nist.gov> <CAMbs7kuUMgXsvhG90zP=b+dL30oG0OQQwpGiBnE+e_FNXMvFgQ@mail.gmail.com> <70641a7b-8fe1-265a-5eb0-6e484ff7c735@nthpermutation.com>
From: Aanchal Malhotra <aanchal4@bu.edu>
Date: Thu, 3 Aug 2017 23:05:46 +0200
Message-ID: <CAMbs7ku=EoSK5AUULqBQ_T_7piBwhC-GVcacBb3-k01j-ZmVVQ@mail.gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Cc: dnsop@ietf.org
Content-Type: multipart/alternative; boundary="001a113d2e08c9f6340555dfbf9d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Iwun6dLzue5qKur15Vw8YTAIgZg>
Subject: Re: [DNSOP] Emergency KSK Rollover for locally secure zones.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 21:07:45 -0000

Hi Mike,

On Thu, Aug 3, 2017 at 10:47 PM, Michael StJohns <msj@nthpermutation.com>
wrote:

> On 8/3/2017 3:01 PM, Aanchal Malhotra wrote:
>
> A DNSKEY RRset with pre-published KSK is signed by the old (now
> compromised) KSK. When the resolver uses RFC 5011 for the trust anchor
> update, the attacker can inject a new KSK (signed by the compromised KSK).
> Which KSK is now the new T*rust Anchor  *for the resolver?
>
> The resolver trust point trust anchor set contains both the old and
> pre-published stand-by key.   When the old KSK is compromised, you set the
> revoke bit on the old KSK, and sign the DNSKEY RRSet with both the revoked
> KSK and the standby KSK.   The stand by key does not trace its trust
> through the old key except during the process of being added.   The attempt
> to inject the new KSK is foiled by revoking the old KSK and publishing the
> revocation before the hold-down time expires for the resolver(s).
>

I understand and agree to what you say. And even RFC 5011 explicitly states
that this approach works only if there is a backup/standby/pre-published
(whatever name we like) and the assumption that both active and stand-by
keys are not compromised at the same time. The point is again, as Warren
mentioned, that one needs two trust anchors in this case. And the issues
ensue.... Also, I am not sure if there is any implementations that are
actually doing standby-keys (not that I am aware of).

What I am trying to say is that we do not have a solution to this problem
without a back-up key set?

>
> At some point - ideally quickly after the old KSK revocation - you publish
> a new standby KSK long enough to inject it as a new trust anchor.
>
> Mike
>
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>