[ksk-change] Helping the panel name the reasons for the KSK rollover

Warren Kumari warren at kumari.net
Mon Feb 23 21:02:18 UTC 2015

On Mon, Feb 23, 2015 at 10:14 AM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
> When considering how and when to rollover the root KSK, the community also have to consider why. In the past, many different reasons were given by various community members, and other community members have stated disagreements with some or all of those reasons. Thus, in order to make the how and when decision clearer to the community, the new KSK rollover panel needs to make explicit the reasoning for a particular rollover design.
> The following are the most common reasons that have been given for why to roll over the root KSK. They are given using mildly positive language, and no counter-arguments are given. Each has a short-hand title to help facilitate the panel's thinking. If there are other reasons that someone in the community feels strongly about, it should be brought up so that the panel can consider it as well.
> --Paul Hoffman
> DPS statement -- Section 6.5 of the DPS for the root zone says that the KSK will be rolled over after five years of operation, and that time has already passed.
> Cryptographic aging -- The longer a public key is known to an attacker, the longer the attacker has to determine the private key.
> HSM aging -- The hardware signing modules (HSMs) used for the root key have a guaranteed life of five years, and that time has already passed.
> Operational practice for ICANN -- It is good to test the steps of a key rollover so that the holders of the key have practice; this helps prevent mistakes during future rollovers.
> Operational practice for operators -- It is good to test the steps of a getting new KSKs so that the users of the key have practice; this helps prevent mistakes during future KSK retrievals.
> Change to ECDSA/P256 -- The ECDSA/P256 signing algorithm is both stronger than RSA/2048 and had better operational properties, and changing the KSK to use this will cause wider adoption throughout the DNSSEC community.

I'm not quite sure how to word this reason without is sounding overly
broad, but "loss of faith" is the closest I can come up with -
basically, for some reason (it doesn't really matter if it is a good
one or not, rather it matters what people *believe*) the general
public / users of DNSSEC lose faith in the security of KSK.

An example scenario goes something like:
ICANN fires Rick Lamb because he spills coffee on the CEO's tie. For
obvious reasons this makes Rick *mad* and, on the way out the door he
posts on a bunch of mailing lists and blogs "I know the private part
of the KSK. It ends in 0x8675309." Various large news organizations
pick up the story and it takes on a life of it's own. Numerous people
spend weeks explaining that:
A: Rick didn't know the number <insert complex bits about HSMs and
recording of key ceremonies>
B: There is no way to prove that, but, seriously...
C: That's Jenny's number <points to
https://www.youtube.com/watch?v=6WTdTwcmxyo >

Of course, bringing technical arguments to a good conspiracy theory
rant is like bringing a banana to a gunfight
(https://www.youtube.com/watch?v=piWCBOsJr-w). Every time someone now
mentions DNSSEC some nutter claims that this whole thing is broken
because Rick knows the secret key and probably sold it to the mafia
for cocaine and biscuits.

At some point, if we want people to continue using DNSSEC we have to
restore faith in the system by generating a new key (this time, in an
even more public manner).


> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the ksk-rollover mailing list