Is this the first ever practically-deployed use of a threshold scheme?
Jakob Schlyter
jakob at kirei.se
Mon Aug 2 18:27:21 EDT 2010
On 2 aug 2010, at 08.30, Peter Gutmann wrote:
> For the case of DNSSEC, what would happen if the key was lost? There'd be a
> bit of turmoil as a new key appeared and maybe some egg-on-face at ICANN, but
> it's not like commercial PKI with certs with 40-year lifetimes hardcoded into
> every browser on the planet is it? Presumably there's some mechanism for
> getting the root (pubic) key distributed to existing implementations, could
> this be used to roll over the root or is it still a manual config process for
> each server/resolver? How *is* the bootstrap actually done, presumably you
> need to go from "no certs in resolvers" to "certs in resolvers" through some
> mechanism.
Initial bootstrap is done by
- distribution of the key by ICANN (via http://data.iana.org/root-anchors/)
- distribution of the key by the vendors themselves
Authentication of the root key can be achieved as part of the the distribution mechanisms above, or by transitive trust through people who attended the key generation ceremony. We've already seen public attestations from participants (e.g., [1], [2] and [3]).
Key rollovers are performed as specified in RFC 5011, i.e. a new key is authenticated by the current key. This does of course not work when the existing private key material is inaccessible (on form of "lost"). It could work if the key is "lost" by compromise, but one has to take into consideration how the key was compromised in such cases (key misuse, crypto analysis, etc).
For the generic end user, I would expect vendors to ship the root key as part of their software and keep the key up to date using their normal software update scheme.
jakob
[1] http://www.kirei.se/en/2010/06/20/root-ksk/
[2] http://www.trend-watcher.org/archives/dnssec-root-key-declaration/
[3] http://www.ask-mrdns.com/2010/07/root-dnssec-key-attestation/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list