On Thu, 27 Mar 2014, Nicholas Weaver wrote:
1 month validity.
I said "don't give me that key roll crap" for a reason.
A bad reason.
For an attacker, the root ZSK is not 1 month validity, since an attacker who's
in a position to take advantage of such a ZSK compromise is going to be faking
all of DNS for the target, and can therefore just as easily also fake NTP,
ensuring that the attacker's key is still valid for most victims.
Than you have lost forever because we have used a 1024 key in the past.
You can always NTP attack them to today's 1024 key, and no increase in
key size in the future will help you.
So you'd need to update the resolvers to either ignore <2048b root ZSKs or add
in clock-ratchets, where the resolver never allows the clock to roll back more
than a certain extent, or deploy a crypto-interactive NTP, etc....
If you can ignore old root keys, than you have already defeated your NTP
attack, in which case your "key roll crap" arguments falls as well.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
