On Sep 29, 2008, at 7:46 AM, [EMAIL PROTECTED] wrote:
any KSK can be used as a TA. there is no way to know -
unambigiously -
that any given KSK is not being used as a TA in some validator.
however, your assertion that at KSK should -never- be rolled unless
compromise is known or strongly suspected is -BAD- from an operational
and liklely from a trust perspective.
your selection of 12-13 months and 25 years are suspect. Can you
provide
the underlaying bias for these tiemframes?
That is actually the NIST recommendations in SP 800-57 part 1 Public
keys used for authentication should have a use lifetime of 1-2 years,
but can be kept around a little longer to validate pre-existing
signatures after that period.
Scott
--bill
On Sun, Sep 28, 2008 at 09:14:34PM -0700, Paul Hoffman wrote:
In the last paragraph of 3.1.1, remove the last sentence ("Although,
given a long enough key..."). Replace it with the following
paragraphs:
There are two schools of thought on rolling a KSK that is not a
trust anchor:
- It should be done regularly (possibly every few months) so that
a key rollover remains an operational routine.
- It should only be done when it is known or strongly suspected
that the key has been compromised in order to reduce the
stability issues on systems where the rollover does not happen
cleanly.
There is no widespread agreement on which of these two schools of
thought is better for different deployments of DNSSEC. There is a
stability cost every time a non-anchor KSK is rolled over, but it
is possibly low if the communication between the child and the
parent is good. On the other hand, the only completely effective
way to tell if the communication is good is to test it
periodically. Thus, rolling a KSK with a parent is only done for
two reasons: to test and verify the rolling system to prepare for
an emergency, and in the case of an actual emergency.
Because of the difficulty of getting all users of a trust anchor to
replace an old trust anchor with a new one, a KSK that is a trust
anchor should never be rolled unless it is known or strongly
suspected that the key has been compromised.
Remove the first paragraph of 3.3; it is now covered in 3.1.1 (and it
was wrong about the cryptography).
Change the second paragraph of 3.3 to:
From a purely operational perspective, a reasonable key effectivity
period for KSKs that have a parent zone is 13 months, with the
intent to replace them after 12 months. An intended key
effectivity period of a month is reasonable for Zone Signing Keys.
This annual rollover gives operational practice to rollovers.
Ignoring the operational perspective, a reasonable effectivity
period for KSKs that have a parent zone is 25 years or longer.
That is, if one does not plan to test the rollover procedure, the
key should be effective essentially forever, and then only rolled
over in case of emergency.
In the first paragraph of 4.2, replace the first two sentences with:
Regardless of whether a zone uses periodic key rollovers in order
to practice for emergencies, or only rolls over keys in an
emergency, key rollovers are a fact of life when using DNSSEC.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
===================================
Scott Rose
NIST
[EMAIL PROTECTED]
ph: +1 301-975-8439
http://www-x.antd.nist.gov/dnssec
http://www.dnsops.gov/
===================================
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
