Re: [DNSOP] Specification of DNSKEY "Private-key-format"
Evan Hunt <each@isc.org> Fri, 30 August 2019 05:19 UTC
Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A539F1200FA for <dnsop@ietfa.amsl.com>; Thu, 29 Aug 2019 22:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fJ_L2wmLOsGP for <dnsop@ietfa.amsl.com>; Thu, 29 Aug 2019 22:19:51 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D180B1200E3 for <dnsop@ietf.org>; Thu, 29 Aug 2019 22:19:51 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.1.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 5772B3AB000; Fri, 30 Aug 2019 05:19:51 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id C35A64C93D; Fri, 30 Aug 2019 05:19:50 +0000 (UTC)
Date: Fri, 30 Aug 2019 05:19:50 +0000
From: Evan Hunt <each@isc.org>
To: Mukund Sivaraman <muks@mukund.org>
Cc: dnsop@ietf.org
Message-ID: <20190830051950.GA58682@isc.org>
References: <20190829125502.GA2048@jurassic.lan.banu.com> <20190829134831.GC90696@straasha.imrryr.org> <20190829135554.GA3616@jurassic.lan.banu.com> <20190829161123.GA52870@isc.org> <20190830042621.GA21281@jurassic.lan.banu.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190830042621.GA21281@jurassic.lan.banu.com>
User-Agent: Mutt/1.11.4 (2019-03-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z4T0QkghuCEU4vZDq6TVQ_ZUmsc>
Subject: Re: [DNSOP] Specification of DNSKEY "Private-key-format"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2019 05:19:55 -0000
On Fri, Aug 30, 2019 at 09:56:21AM +0530, Mukund Sivaraman wrote: > For interoperability, there are other BIND-specific formats to consider > too such as the journal file format, the control channel protocol, > etc. Those seem like separate conversations to me, but I'm happy to have them. I should clarify, while interoperability between Loop's and BIND's private key files may well be useful, IMHO the main concern would be to prevent accidents. If Loop uses what appear to be BIND-style K*.private files, but you bump the format to 1.4, and BIND does the same with incompatible set of changes, then BIND key files could break Loop, or vice versa. So either we should ensure that two sets of changes are compatible with each other (for example, each could recognize-but-ignore any new metadata fields that are introduced by the other), or, failing that, we should ensure that the two formats are *so* incompatible that nobody can cross the streams by mistake. You could change the K in the filename to some other letter, for instance, and then BIND couldn't possibly try to load Loop's keys. But I'd be happy to discuss your proposed changes in hopes of maintaining interoperability. We should probably take it off the list, however; I don't think implementation details on this level are probably of much interest to dnsop. > * As you know, historically the BIND tree on unix relied on /dev/urandom > and /dev/random (or some custom device) as sources of random > numbers. FYI, no longer the case as of 9.14. > There is a ticket to implement the features of what dnssec-keymgr > provides within named itself for ease of use of key maintenance This is on our road map as well. AFAIK it doesn't require changes to private keys, though. > The key material and schedule metadata should be separated into > different files. Yep, that's a design decision I regret. And not just for the reason you mention, but also because there was no good reason for the metadata to be secret, and keeping it in a file that isn't publicly readable causes a lot of inconvenience. I wish I'd added a third file instead, such as K*.meta, instead of extending K*.private. However, IMHO, redesigning it now would inconvenience people rather more than putting up with it does, so for the time being I don't expect it to change. -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
- [DNSOP] Specification of DNSKEY "Private-key-form… Mukund Sivaraman
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Viktor Dukhovni
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Mukund Sivaraman
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Evan Hunt
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Mukund Sivaraman
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Evan Hunt
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Mukund Sivaraman
- Re: [DNSOP] Specification of DNSKEY "Private-key-… Viktor Dukhovni