----- Original Message ----- From: "Joe Abley" <[email protected]> To: "George Barwood" <[email protected]> Cc: "Peter Koch" <[email protected]>; "IETF DNSOP WG" <[email protected]> Sent: Monday, April 18, 2011 9:26 PM Subject: Re: [DNSOP] WGLC <draft-ietf-dnsop-rfc4641bis-06.txt> [2011-05-17]
> I don't think it's unreasonable for these facts, as an inject to an > appropriate threat analysis, to result in a > recommendation to operate with a ZSK/KSK split -- such an arrangement > facilitates different levels of protection > for each key commensurate with the ease with which it might be rolled and the > frequency with which it is required to > be used. > I'm not saying it's the only way to go, but I think recommending against the > practice makes little sense. The arguments for operating with a split still seem very weak to me. The only strong argument seems to be that if there are high costs for rolling the KSK, the risk of those costs being incurred can be reduced by having stronger KSK protection. However rolling the KSK should be easy, since it is good security practice to change secret keys regularly. An additional point : if a split is used, by publishing a DS record for the ZSK, the performance benefits of the single key scheme can be obtained ( the DNSKEY RRset can be fully validated without doing an expensive and slow public key operation ). If the DS record is not for the current ZSK, it will still work, but slower ( the DNSKEY signature will need to be checked ). Fully automatic updates of the parent DS RRset would make this technique more practical. George _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
