Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea (tm)
Thierry Moreau <thierry.moreau@connotech.com> Wed, 07 October 2009 14:11 UTC
Return-Path: <thierry.moreau@connotech.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C22D3A698E for <dnsop@core3.amsl.com>; Wed, 7 Oct 2009 07:11:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.226
X-Spam-Level:
X-Spam-Status: No, score=-2.226 tagged_above=-999 required=5 tests=[AWL=0.373, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXYWpbol9VyT for <dnsop@core3.amsl.com>; Wed, 7 Oct 2009 07:10:59 -0700 (PDT)
Received: from smtp105.rog.mail.re2.yahoo.com (smtp105.rog.mail.re2.yahoo.com [206.190.36.83]) by core3.amsl.com (Postfix) with SMTP id E946A3A6874 for <dnsop@ietf.org>; Wed, 7 Oct 2009 07:10:58 -0700 (PDT)
Received: (qmail 99518 invoked from network); 7 Oct 2009 14:12:36 -0000
Received: from unknown (HELO ?192.168.1.239?) (thierry.moreau@209.148.165.15 with plain) by smtp105.rog.mail.re2.yahoo.com with SMTP; 7 Oct 2009 14:12:36 -0000
X-YMail-OSG: QEXtBDMVM1mcL7OHDTYxjmLXc3wW6mvDrY2.tQJCLCHeeQZsMKkYreW9wtM.DPZMHA--
X-Yahoo-Newman-Property: ymail-3
Message-ID: <4ACCA262.5080404@connotech.com>
Date: Wed, 07 Oct 2009 10:14:58 -0400
From: Thierry Moreau <thierry.moreau@connotech.com>
User-Agent: Thunderbird 2.0.0.17 (X11/20090608)
MIME-Version: 1.0
To: Joe Abley <jabley@hopcount.ca>
References: <1C586E51-D77C-406C-9B89-47276A9B41B2@ICSI.Berkeley.EDU> <p06240812c6f160ac1fb2@10.20.30.158> <d3aa5d00910061408y191bf863p48a6ec703553b67e@mail.gmail.com> <FB20C78E-3A72-409C-8406-2B8A00923783@NLnetLabs.nl> <712BBDEE-25FF-4E2E-A9E5-49E49162D41D@hopcount.ca>
In-Reply-To: <712BBDEE-25FF-4E2E-A9E5-49E49162D41D@hopcount.ca>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Eric Rescorla <ekr@rtfm.com>, Nicholas Weaver <nweaver@icsi.berkeley.edu>, dnsop WG <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea (tm)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 14:11:00 -0000
Joe Abley wrote: > [from a namedroppers thread, re-pointed as per Olaf's suggestion below] > > On 2009-10-07, at 09:23, Olaf Kolkman wrote: > >> On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote: >> >>> I don't have a general position on ZSKs--perhaps it's a good idea for >>> some other reason--but I don't >>> think that rolling the keys over at high rates provides any >>> significant security benefit, no matter >>> where in the hierarchy you're doing it. >> >> Really this is an DNSOP issues, more specifically an issue for >> RFC4641bis. >> >> [I've added dnsop, please remove namedroppers when replying to this >> note] >> >> RFC4641 argues for frequent ZSK rollovers, the argument therein is >> based on operational arguments that are (implicitly) based on operator >> acces to private keys and/or the timeline in which changes in which >> the (zone) operator may need to be replaced. > > I skimmed through 4641 to try and refresh my memory, but couldn't find > the discussion on ZSK rollover frequency. No doubt this is my deficiency. > > From my perspective the operational argument is that procedures which > are rarely exercised may not be exercised well when they are needed (a > backup that is not regularly tested cannot really be relied upon; a > protect path that is never used might not work when it is needed, etc). > > Frequent key rollover has the operational benefit of when you need to > do an emergency roll you know the procedures work. > > From this perspective we might roll a ZSK more frequently than a KSK > because the ZSK needs to be stored on-line to facilitate re-signing > when the zone changes. With the KSK we have the option of keeping it > off-line, and arguably the risk of compromise is consequently lower. > Regular testing of the machinery is still important, however. > > I am no crypto expert, but ekr's concern over the cryptographic > benefits of frequent key roll seemed entirely reasonable. > > I think the operational benefit is real, however. > The EKR's concern and the operational benefits are compatible. I.e. roll the ZSK per operational requirements, and use a ZSK key size adequate for longer-term resistance to brute force cryptanalysis. Regards, - Thierry Moreau > > Joe > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Olaf Kolkman
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Olaf Kolkman
- Re: [DNSOP] Why ZSK rollover is a Bad Idea (tm) Chris Thompson
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Joe Abley
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Thierry Moreau
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Roy Arends
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Joe Abley
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Paul Hoffman
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Eric Rescorla
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Joe Abley
- Re: [DNSOP] Why ZSK rollover is a Bad Idea (tm) Doug Barton
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Olaf Kolkman
- Re: [DNSOP] Why ZSK rollover is a Bad Idea (tm) Todd Glassey