[ksk-rollover] thoughts to the list as requested
jabley at hopcount.ca
Tue Apr 2 15:19:56 UTC 2019
On 2 Apr 2019, at 10:59, Michael Richardson <mcr+ietf at sandelman.ca> wrote:
> I think that some have asked why we are rolling at all, in order to more
> precisely understand what threats we are mitigating.
It is possible that in the future it will be necessary to deal with a key compromise. (Broken chain of custody, cryptographic attack, non-availability of key materials due to disaster or hardware failure, etc.) It is prudent to plan for that eventuality. Rolling the key without being practiced at doing so is difficult (data point exists).
> I think that may be situations which pre-publication of standby keys might not
> mitigate. I think that we won't be sure until we write down the reasons for
> an emergency key-roll. As a small detail; who would make that call, and how
> much time would they have to make the decision?
I suspect this is not the right list to conduct a design exercise.
The question of who gets to declare a compromise, how they would decide to do so and how much time they would have to make the decision are (I think) IANA, unknown and unknown. This is a good example of interesting work that is much easier to contemplate once the KSK is rolling regularly and unremarkably.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 236 bytes
Desc: Message signed with OpenPGP
More information about the ksk-rollover