[ksk-rollover] Future rollover planning opportunities

Paul Wouters paul at nohats.ca
Wed Feb 20 19:09:48 UTC 2019

On Wed, 20 Feb 2019, Russ Housley wrote:

> I think that there is very little incremental cost to including a multitude
> of keys in a software release.  i.e. rather than 1 or 3 for the next 3-4
> years,  I'd like to around a dozen.  With a variety of algorithms, keysizes,
> and with the private keys escrowed in a variety of ways.

That makes monitoring and transparency recoding of private key usage
much harder.  It also raises the possibly abuse of any DNSSEC key to the
weakest key escrow method, and will surely raise lots of red flags with
people who already don't trust this system.

One of our arguments now is that if Verisign or ICANN abuses its key
holding power, they will go down (commercially or non-commercially) and
so they have a strong incentive not to blindly accept NSLs. When we have
multiple escrow parties, its easy to sacrifice one. So this is
detrimental to the security of the system as a whole.

> I'd like for this to include a hash-based signature system, but I'm not sure
> we have the standards specifications for this nailed down sufficiently.

Please experiment locally, not globally. Kthanks :)


More information about the ksk-rollover mailing list