Re: [DNSOP] Emergency KSK Rollover for locally secure zones.

Michael StJohns <msj@nthpermutation.com> Thu, 03 August 2017 20:47 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94057131CCC for <dnsop@ietfa.amsl.com>; Thu, 3 Aug 2017 13:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CW9--3u8QTaL for <dnsop@ietfa.amsl.com>; Thu, 3 Aug 2017 13:47:45 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2045A131CC2 for <dnsop@ietf.org>; Thu, 3 Aug 2017 13:47:45 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id x191so14540897qka.5 for <dnsop@ietf.org>; Thu, 03 Aug 2017 13:47:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=GzzcWfvJkmuaYfeynx2kn5/Ojr4UkA1nqlMO8Bzd5xg=; b=gypDz0I2AeuQBgsbU9oSqQqVY0XXewSKQOPYqjdaCfRePFyrVPNcNbmg7yMylr5F0/ qtdd4JojNVFdYIRHaz3XEyn8ivN+GyXF6XbC48Z6k7RWPJPWIwf/NOzSfOQKarigwFwK D/7W6ko7N1mA7FKs783aJFSsiYBCweuriu6rBZQ9igKmhuwWsjZ67YcYm2dlfKD/oZSo gdlE0wRrsBHym+VIIcwFacNzBZ0vTkX87TgYzUWhVG2VANefqKff6Wpc8BO1+p/sXoho /0DrnJhD+5lf5N3c5M+8oz42EJ/WdgMjjN6K3ewCIWhx4wJi6i8TQn3d5MS/qfEeiBlH 8Fhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=GzzcWfvJkmuaYfeynx2kn5/Ojr4UkA1nqlMO8Bzd5xg=; b=r9GlgTe9TMn80KN/bJSH50Hjk5MKrJcndLSuP8R0Vlp5hTweV0lhK4ji5jf7627nqp KB4bWdu0FFt+866sklL95BJwxSxYArzmNgON+v3SXk68Vi5v71/KKRGO08bNBHQy8kKR qnmo9eUauPyE2dPHCLar1hELZIlnikxKj+PzPgtzi+W8961UKa2K/JURkP8XjfgL9wI+ zq+W/fx2N6GU6XUb5HHjCrSli9MOvfhFnzp+tmGgh0+a7pLwuqNbJkqSbBZbpAnb/oqC Q8nxgtaG1YqmpJgbyDKrsRd9mHYqcS+FucJTrD3BhfTVFJhQ82LgCAO2TQoTj9kLzqMj AfRg==
X-Gm-Message-State: AHYfb5h6TU+jTVR4mfxj/QieGoYQxYSGfhDTCxuNHGh9WLvyWYoJNL/F e4XBT6HAovZpBp2EjYc=
X-Received: by 10.55.7.139 with SMTP id 133mr103974qkh.165.1501793263860; Thu, 03 Aug 2017 13:47:43 -0700 (PDT)
Received: from [192.168.1.117] (c-69-140-114-191.hsd1.md.comcast.net. [69.140.114.191]) by smtp.gmail.com with ESMTPSA id a15sm13320075qte.10.2017.08.03.13.47.42 for <dnsop@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Aug 2017 13:47:42 -0700 (PDT)
To: dnsop@ietf.org
References: <CAMbs7ks-ZZ-tFpnNkgNx779ct0ns24d+pzKbzQhKuAxVnMUwrA@mail.gmail.com> <EE9ABA7D-BDB6-40FE-92B8-BC6335FF1898@nist.gov> <CAMbs7kuUMgXsvhG90zP=b+dL30oG0OQQwpGiBnE+e_FNXMvFgQ@mail.gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <70641a7b-8fe1-265a-5eb0-6e484ff7c735@nthpermutation.com>
Date: Thu, 3 Aug 2017 16:47:40 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAMbs7kuUMgXsvhG90zP=b+dL30oG0OQQwpGiBnE+e_FNXMvFgQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------09686E559DA270C474C7BBAE"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iMVUPYzfW1aaY1mkJV4vDooRY5Q>
Subject: Re: [DNSOP] Emergency KSK Rollover for locally secure zones.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Aug 2017 20:47:47 -0000

On 8/3/2017 3:01 PM, Aanchal Malhotra wrote:
> A DNSKEY RRset with pre-published KSK is signed by the old (now 
> compromised) KSK. When the resolver uses RFC 5011 for the trust anchor 
> update, the attacker can inject a new KSK (signed by the compromised 
> KSK). Which KSK is now the new T/rust Anchor /for the resolver?

The resolver trust point trust anchor set contains both the old and 
pre-published stand-by key.   When the old KSK is compromised, you set 
the revoke bit on the old KSK, and sign the DNSKEY RRSet with both the 
revoked KSK and the standby KSK.   The stand by key does not trace its 
trust through the old key except during the process of being added.   
The attempt to inject the new KSK is foiled by revoking the old KSK and 
publishing the revocation before the hold-down time expires for the 
resolver(s).


At some point - ideally quickly after the old KSK revocation - you 
publish a new standby KSK long enough to inject it as a new trust anchor.

Mike