[dns-operations] .fr has 5 DNSKEYs
George Barwood
george.barwood at blueyonder.co.uk
Wed Jun 1 21:11:40 UTC 2011
----- Original Message -----
From: "Edward Lewis" <Ed.Lewis at neustar.biz>
To: "George Barwood" <george.barwood at blueyonder.co.uk>
Cc: "Stephane Bortzmeyer" <bortzmeyer at nic.fr>; "Paul Wouters" <paul at xelerance.com>; <dns-operations at mail.dns-oarc.net>
Sent: Wednesday, June 01, 2011 5:59 PM
Subject: Re: [dns-operations] .fr has 5 DNSKEYs
> At 17:18 +0100 6/1/11, George Barwood wrote:
>
>>The other point : is it true that after the detected compomise of a key,
>>having a rescue key allows security to be restored faster.
>
> Faster...than not having a rescue key? Yes.
>
>>You can start signing with rescue key, but the attacker can still
>>forge responses until the old DNSKEY RRsets have expired. So that's
>>not clear.
>
> The goal is to 1) cause no more harm and 2) remove the old key's
> effectiveness as quickly as possible. By not having a rescue key you
> have the choice to shock the system (violate #1) or introduce the new
> key gracefully (lengthen the time to achieve #2).
What I'm suggesting is that doing the job gracefully
(1) Doesn't lengthen the time to achieve security,
(2) Isn't any quicker if you have a rescue key.
To make things concrete, suppose every record has a TTL of 1 day,
and every signature has an expiry of 1 week from time of signing.
Suppose we have detected that a ZSK has been compromised.
A powerful attacker ( say one that has been installed into a router,
so can forge packets at will ) can feed the old DNSKEY RRset,
and forged signed zone data to a victim client, and the client will continue
to accept it as valid until the signature on the DNSKEY RRset
expires ( 1 week ).
But rolling the ZSK in this situation only takes about 2 days or so
( introduce new ZSK, wait 1 day for DNSKEY to propagate, start
signing with new ZSK, wait 1 day for old RRSIGs to expire, remove old ZSK ).
The extra 1 day saved is lost, because we are in any case insecure for 1 week.
Only if the signature expiry time is less than 2 x TTL is there any saving,
and I don't think this is typical ( I expect this analysis isn't exactly right,
I'm just trying to give a rough outline ).
George
More information about the dns-operations
mailing list