Perry E. Metzger wrote:
The root zone has been signed, and the root zone trust anchor has
been published.
That's a great achievement for the parties involved. It is also a
significant step towards more trustworthy DNS data.
I have been following this with attention from the perspective of
"system-wide master key", i.e. a slightly different perspective than
"trust anchor". The trust anchor may indeed be trusted by anyone. The
"system-wide master key" is intended to be trustworthy to some "broadest
extent" according to some (tacit) assessment.
Three outstanding issues on my plate:
A social engineering incident?
With what was called DURZ (Deliberately Unvalidatable Root Zone), you,
security experts, has been trained to accept signature validation
failures as false alarms by experts from reputable institutions. I spare
you the details, since DURZ is now over (it may have spread to TLD
managers though), but the formal protocol specification allows a
compliant validator implementation to declare a signature failure with
the DURZ as it was deployed. No specific rationale was given to me for
the non-use of unknown/proprietary/foreign signature algorithm code(s)
as a better interim deployment strategy.
Auditing details are not yet public.
I am wondering specifically about the protections of the private key
material between the first "key ceremony" and the second one. I didn't
investigate these details since ICANN was in charge and promised full
transparency. Moreover, my critiques were kind of counterproductive in
face of the seemingly overwhelming confidence in advice from the
Verisign experts. In the worse scenario, we would already have a KSK
signature key on which a "suspected breach" qualification would be attached.
Is there an emergency KSK rollover strategy?
Again, I spare you the details, but the way the RFC5011 is implemented,
there is no automated KSK rollover strategy (this would require a larger
set of keys at the root because a standby KSK would be needed).
Nothing above threatens the relevance, effectiveness, and benefits of
the current deployment, unless you have a rationale risk analysis that
convinces you that "national security" grade key management is a
necessity. My DNSSEC root signature key risk analysis does not conclude
that "national security" grade key management is needed for the official
DNS root zone.
But lessons may be learned with the perspective of a rigorous security
analysis (if we had to do some system-wide key deployment with impacts
similar to the global DNS integrity ...). The DNSSEC protocol definition
and root deployment project has many facets in which it was venturing
into virgin ground (e.g. the claimed transparency for the KSK management
procedures by ICANN).
Nobody ever done such a thing before, even less so in a production
system with global impacts, so I give them a provisional A grade (not an
A+) until the full auditing details are provided. But that's only me!
Regards,
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
