Possibly questionable security decisions in DNS root management

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Wed Oct 14 19:33:35 EDT 2009 

On Wed, Oct 14, 2009 at 07:22:27PM -0400, Perry E. Metzger wrote:
> 
> bmanning at vacation.karoshi.com writes:
> > On Wed, Oct 14, 2009 at 06:24:06PM -0400, Perry E. Metzger wrote:
> >> Ekr has a very good blog posting on what seems like a bad security
> >> decision being made by Verisign on management of the DNS root key.
> >>
> >> http://www.educatedguesswork.org/2009/10/on_the_security_of_zsk_rollove.html
> >>
> >> In summary, a decision is being made to use a "short lived" 1024 bit key
> >> for the signature because longer keys would result in excessively large
> >> DNS packets. However, such short keys are very likely crackable in short
> >> periods of time if the stakes are high enough -- and few keys in
> >> existence are this valuable.
> >
> > 	however - the VSGN proposal meets current NIST guidelines.
> 
> That doesn't say anything about how good an idea it is, any more than an
> architect can make a building remain standing in an earthquake by
> invoking the construction code.
> 
> We are the sort of people who write these sorts of guidelines, and if
> they're flawed, we can't use them as a justification for designs.
> 
> (Well, a bureaucrat certainly can use such documents as a form of CYA,
> but we're discussing technology here, not means of evading blame.)
> 
> The fact is, the DNS root key is one of the few instances where it is
> actually worth someone's time to crack a key because it provides
> enormous opportunities for mischief, especially if people start trusting
> it more because it is authenticated. Unlike your https session to view
> your calendar or the password for your home router, the secret involved
> here are worth an insane amount of money.


	er... there is the root key and there is the ROOT KEY.
	the zsk only has a 90 day validity period.  ... meets the
	"spec" and -ought- to be good enough.   that said, it is
	currently a -proposal- and if credible arguments can be made
	to modify the proposal, I'm persuaded that VSGN will do so.



> Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list