On 20 Apr 2013, at 17:09, Paul Wouters <[email protected]> wrote: > > You have solved the easy human problem. Now do the same for fully > automated computers that are turned on after 10 years.
You can be fairly profligate with witness signatures, since they are not going to be downloaded and checked very often, nor when you need a very quick answer. Witness keys should stay in use indefinitely, until they are broken cryptographically or operationally. They should have a good diversity of algorithms and operational practices so they don't all break at once. Over time new witnesses will be added to support newer algorithms. Weaker witnesses will keep signing, to support old code, though new code might only use newer witnesses. So when a very old validator starts up it should still have a decent chance of being able to get and verify the current trust anchor document. If it turns out that the root KSK uses an unsupported algorithm, the validator does at least know for certain that it has no choice but to go insecure. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
