<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: Root Zone KSK Rollover
- To: comments-root-zone-consultation-08mar13@xxxxxxxxx
- Subject: Re: Root Zone KSK Rollover
- From: Florian Weimer <fw@xxxxxxxxxxxxx>
- Date: Fri, 12 Apr 2013 23:29:49 +0200
Short summary: Please don't.
Several vendors have baked the current key into shipping products.
It's not always entirely clear how they will react to the completed
rollover. Even if further testing reveals issues in time, before
DNSSEC deploymments are impacted, software updates will be required,
which are always costly for the parties involved (including the end
user who has to install them). Rollover-related failures will
definitely not help to increase DNSSEC adoption in the resolver
population.
According to the published literature known to me, there is no
inherent cryptographic requirement for a rollover, except for the 60
year requirement due to the 32 bit time offset in DNSSEC, which is
still far in the future.
I don't think there is any operational value in a vanity key rollover,
either. If there is ever an involuntary key rollover, chances are
that it will be due to one of the following issues:
* advances in cryptanalysis
* key compromise
* loss of key
In none of these cases, cryptographic chaining from the previous KSK
to the new one (à la RFC 5011) appears sensible (or even possible).
But this is not a scenario the proposed vanity rollover would test
because it would involve cryptographic chaining.
Similar infrastructure, like the browser PKI, continues to use
long-term keys, without apparent ill effects. (The browser PKI has
the problem that the old keys carry naming information which is
nowadays incorrect and totally pointless operationally, but this does
not apply to DNSSEC because the names attached to infrastructure key
material are operationally meaningful, so they cannot become outdated
by design.)
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|