At 4:14 PM -0500 1/21/10, Edward Lewis wrote: >At 12:54 -0800 1/21/10, Paul Hoffman wrote: > >>...as long as there is no cost to rolling regularly. But there are many: > >I'm finding this discussion enlightening and interesting. > >If the logic is that the only need to roll is event-based (detecting a >violation) because there is risk of a roll going badly - then there's a reason >to regularly "drill" when there's no threat to make sure you minimize the >chance of a screw-up during a real emergency. > >How ironic. ;)
Yep. It is also ironic (and iconic) that the DNSSEC community is just now discovering the operational tradeoffs that the security industry has known for well over a decade. >What scares me (too) is Andrew's observation that you might fail to detect a >bad key because of the size of a zone and potentially a targeted attack on >just one or two domains. What he is saying is the same thing that Eric and I said: you *have* to factor in the value to the attacker of using the compromised key versus the risk that being caught using it will force him to have to re-do all his work. >Perhaps monthly rolls aren't needed for crypto-sake, but the more apparent >this is the more apparent we need regular rolls for operations-sake. Why do you equate "regular" with "monthly"? And why do they have to be "regular"? A perfectly valid operational goal would be "whenever there is enough new staff who should see how we do a roll, plus once and a while during a period where, if we botch it, there is the least amount of damage and the best opportunity to fix it". For VeriSign, that might translate to "monthly", but for ImportantCompany.com, it might translate to "once a year or so". >A bad roll will be detected and fixed faster than a secretly broken key and an >isolated target. Sure, but "time" is the wrong unit of measure: "cost" is. The reputation cost for a botched roll could be much, much higher than a small number of believed answers to an "isolated target". At 1:26 PM -0800 1/21/10, Eric Rescorla wrote: >Presumably there are all sorts of other credentials that control access to the >ZSK (e.g., administrator SSH private keys, root passwords, etc.) Do you also >propose to roll all of these every month? If not, why not? Bingo. --Paul Hoffman, Director --VPN Consortium _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
