[ksk-rollover] followup of DNSSEC Workshop at ICANN64
Michael Richardson
mcr+ietf at sandelman.ca
Sun Mar 17 20:24:50 UTC 2019
Dave Lawrence <tale at dd.org> wrote:
> Michael Richardson writes:
>> It seems that these issues exist if there are *any* keys generated
>> before use, independantly of the number of keys.
> Yes, exactly, which makes me scratch my head every time someone
> proposes a list of pre-generated keys as the solution to this
> problem.
Interesting that we agree on a core assumption and then come to opposite
conclusions :-)
> It seems to me that what such a list gets you is lead time on cracking
> future keys, or more things that end up useless in the event some
> aspect of the whole process is found to have been faulty. This in
> exchange for the busywork of changing the current key more frequently
> without adding any real additional security in the process.
I could live with a KSK being in use for a long period of time.
But, I don't buy the lead time argument.
If any of the N keys are vulnerable to brute force attack in the planned use
of period, then all the keys are vulnerable to an adversary with 1/N more
resources. Do you agree with this?
Brute force is not the only attack: there are possible "Mission
Impossible"-like exfiltration attacks against the HSM(s). Do these attacks
depend upon how many keys there are? I don't think so.
--
Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190317/78c12103/signature.asc>
More information about the ksk-rollover
mailing list