[ksk-change] Keeping two KSK keys long term
Paul Hoffman
paul.hoffman at vpnc.org
Wed Oct 1 22:09:27 UTC 2014
On Oct 1, 2014, at 2:15 PM, Jakob Schlyter <jakob at kirei.se> wrote:
> On 1 okt 2014, at 23:00, Michael StJohns <msj at nthpermutation.com> wrote:
>
>> Having two keys - in the trust anchor set - should be the minimum steady state. It means that you can compromise one of them and still recover without needing to do a full trust reboot.
>
> That only makes sense if you maintain and protect the keys separately, something that comes with a considerable cost. We did considering this when the current Root DNSSEC was engineered, and IIRC the cost/benefit analysis did not justify such a scheme.
With all due respect, I'd like to see those numbers. The cost is approximately "have an extra HSM stored somewhere where the other HSMs are not". I'm not sure how expensive that can be relative to "fly a bunch of folks around twice a year for the ceremonies", much less relative to "if we needed it, we could show people we had planned for it".
--Paul Hoffman
More information about the ksk-rollover
mailing list