[144511] in North American Network Operators' Group
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
daemon@ATHENA.MIT.EDU (fredrik danerklint)
Mon Sep 12 18:05:34 2011
From: fredrik danerklint <fredan-nanog@fredan.se>
To: nanog@nanog.org
Date: Tue, 13 Sep 2011 00:04:39 +0200
In-Reply-To: <alpine.LSU.2.00.1109122241480.24644@hermes-2.csi.cam.ac.uk>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Tony,
Thanks for this explanation!
I think this is what I've been looking for regarding securing DNSSEC.
> > and how about a end user, who doesn't understand a computer at all, to
> > be able verify the signatures, correctly?
>
> The current trust model for DNSSEC relies on the vendor of the validator
> to bootstrap trust in the root key. This is partly a matter of pragmatism
> since the validator is a black-box agent acting on the user's behalf, like
> any other software.
>
> It is also required by the root key management policies, since a root key
> rollover takes a small number of weeks, much shorter than the
> not-in-service shelf life of validating software and hardware. This means
> that a validator cannot simply use the root key as a trust anchor and
> expect to work: it needs some extra infrastructure supported by the vendor
> to authenticate the root key if there happens to have been a rollover
> between finalizing the software and deploying it.
>
> Tony.
--
//fredan
