[ksk-rollover] Suggested update to the key ceremonies.
Michael StJohns
msj at nthpermutation.com
Wed Feb 21 03:38:21 UTC 2018
On 2/14/2018 3:40 PM, Warren Kumari wrote:
> Apologies if this isn't the right place to propose this - the
> ksk-ceremony list didn't feel right...
>
> I think that it would be a useful addition to the script to ensure
> that, when a new KSK is generated, it does not have the same Key ID as
> any previous KSKs. It is *does* have the same Key ID, it should be
> discarded and a new one generated.
>
> Rational: If we end up with multiple keys with the same Key ID it
> becomes very tricky to run things like RFC8145, KSK Sentinel, etc.
> Also, when doing troubleshooting / diagnostics, the key ID is an easy
> thing to use to differentiate keys.
>
> This has long been source of low level concern for me, and I've been
> assured that if there were collisions during the ceremony, the right
> thing would likely happen -- but I think that this is worth explicitly
> noting what happens.
>
> I *did* look at the scripts, and didn't see a note on this; 'pologies
> if it is already covered and I missed it.
>
> W
Sorry - coming in late here. AFAICT (absent some change buried in
something after RFC4034) the key tag is supposed to be calculated from
the RR RDATA (appendix B of 4034) and is all of 16 bits long. You may
have an issue if you have two live keys with the same key tag - but the
client code is supposed to do something smart (and 64k is not a big
space to prevent collisions).
You may also have an issue if an old revoked key and new live key have
the same key tag (where when they were both live they didn't have the
same key tag) - e.g. turning on the revoked bit in the flags field
changes the key tag (called out specifically in 5011).
Interestingly, you have a different issue (and much more likely issue) -
where a KSK Key tag collides with one of the ZSK keys key tag - the more
of these you generate, the more probable it becomes (birthday problem).
In any event, the code has to deal with key tag collisions and do the
right thing. Appendix B says so.
So if you're really going down this path, you've probably got a lot more
work than just checking against older KSKs.
Later, Mike
More information about the ksk-rollover
mailing list