[145597] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold scheme?
daemon@ATHENA.MIT.EDU (Jakob Schlyter)
Tue Aug 3 11:36:58 2010
From: Jakob Schlyter <jakob@kirei.se>
In-Reply-To: <E1OfoXK-0003tO-0x@wintermute02.cs.auckland.ac.nz>
Date: Tue, 3 Aug 2010 00:27:21 +0200
Cc: leichter@lrw.com,
cryptography@metzdowd.com
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
On 2 aug 2010, at 08.30, Peter Gutmann wrote:
> For the case of DNSSEC, what would happen if the key was lost? =
There'd be a=20
> bit of turmoil as a new key appeared and maybe some egg-on-face at =
ICANN, but=20
> it's not like commercial PKI with certs with 40-year lifetimes =
hardcoded into=20
> every browser on the planet is it? Presumably there's some mechanism =
for=20
> getting the root (pubic) key distributed to existing implementations, =
could=20
> this be used to roll over the root or is it still a manual config =
process for=20
> each server/resolver? How *is* the bootstrap actually done, =
presumably you=20
> need to go from "no certs in resolvers" to "certs in resolvers" =
through some=20
> mechanism.
Initial bootstrap is done by
- distribution of the key by ICANN (via =
http://data.iana.org/root-anchors/)
- distribution of the key by the vendors themselves
Authentication of the root key can be achieved as part of the the =
distribution mechanisms above, or by transitive trust through people who =
attended the key generation ceremony. We've already seen public =
attestations from participants (e.g., [1], [2] and [3]).
Key rollovers are performed as specified in RFC 5011, i.e. a new key is =
authenticated by the current key. This does of course not work when the =
existing private key material is inaccessible (on form of "lost"). It =
could work if the key is "lost" by compromise, but one has to take into =
consideration how the key was compromised in such cases (key misuse, =
crypto analysis, etc).
For the generic end user, I would expect vendors to ship the root key as =
part of their software and keep the key up to date using their normal =
software update scheme.
jakob
[1] http://www.kirei.se/en/2010/06/20/root-ksk/
[2] http://www.trend-watcher.org/archives/dnssec-root-key-declaration/
[3] http://www.ask-mrdns.com/2010/07/root-dnssec-key-attestation/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
