[ksk-rollover] Retention of the 2010 KSK
gih at apnic.net
Tue Apr 2 22:37:39 UTC 2019
>>> Just confirming my mic comments:
>>> Our current schedule has us remove the 2010 KSK from our HSMs in one of our two key management facilities in May, and from the HSMs in the other key management facility in August. While perhaps not a complete specification, we’d need a strong indicator we need to retain the KSK longer ideally by May, and certainly no later than August, in order to defer the deletion and retain the capability to use it (i.e. to create a signature via a new mechanism that would endorse the subsequent KSK).
>> I am happy to provide my strong indicator to retain the KSK until further notice. We have not given up yet on the dream of dusting off some dormant resolver that has a trusted key state of KSK 2010 and using some signed chain mechanism that would automate the installation of trust in the current key. If the old key is destroyed then the dream gets destroyed too.
> I agree.
> It would be a low-cost exercise to at least retain the backup of KSK-2010 that already exists as key shares on smartcards in both facility and keep them there with the same chain of custody and physical security.
> There is no active plan to use KSK-2010 for anything, and so having it available on an HSM (and having it transferred to future HSMs when they are replaced) seems unnecessary, but the ability to restore it from backup to an HSM for use in the future seems sensible. We are some distance away from KSK rolls being routine; while they continue to be science projects we should keep our options open.
I’m uncomfortable with a “keep it indefinitely” position. I would prefer to see the community reach some rough consensus on a key chain structure of new signing old that would allow a relying party that was configured with trust in some previous kSK to use a to-be-determined chain following tool that would allow it to trust the current KSK, or we conclude that this is a dud concept. At that point we should be destroying revoked KSKs. So perhaps we should give ourselves 24 months to either come up with something or conclude that its just not possible. At that point we can destroy KSK-2010.
More information about the ksk-rollover