Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea
Alfred Hönes <ah@TR-Sys.de> Wed, 07 October 2009 12:42 UTC
Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 79DFA3A6A92 for <dnsop@core3.amsl.com>; Wed, 7 Oct 2009 05:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.241
X-Spam-Level: **
X-Spam-Status: No, score=2.241 tagged_above=-999 required=5 tests=[AWL=0.990, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tZfLqNq7DbWM for <dnsop@core3.amsl.com>; Wed, 7 Oct 2009 05:42:34 -0700 (PDT)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id A44193A6A91 for <dnsop@ietf.org>; Wed, 7 Oct 2009 05:42:33 -0700 (PDT)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA190919410; Wed, 7 Oct 2009 14:43:30 +0200
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id OAA08255; Wed, 7 Oct 2009 14:43:29 +0200 (MESZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <200910071243.OAA08255@TR-Sys.de>
To: namedroppers@ops.ietf.org
Date: Wed, 07 Oct 2009 14:43:29 +0200
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 7bit
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 12:42:35 -0000
I already have posted a response to the original analysis by EKR, which has much overlap with the comments sent to this list by Olaf. Please see the original URL for the thread there, including my reasoning about operational impact and human factors: http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html [[ Now switching to DNSOP as well. ]] Kind regards, Alfred. -- +------------------------+--------------------------------------------+ | TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | | Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | | D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | +------------------------+--------------------------------------------+
- Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Id… Alfred Hönes