<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 4/2/2019 1:27 PM, Michael StJohns
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:75ae921a-ba42-8250-f31a-f5e43629dcb8@nthpermutation.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 4/2/2019 12:50 PM, Salz, Rich
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:EFEAF715-AB01-4E82-80A9-412376948CFC@akamai.com">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:436753052;
mso-list-type:hybrid;
mso-list-template-ids:942826596 175256562 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:Calibri;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:447436608;
mso-list-type:hybrid;
mso-list-template-ids:-832516280 1512337066 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:Calibri;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:527596865;
mso-list-template-ids:-433963042;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3
{mso-list-id:1329287647;
mso-list-template-ids:1359492054;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
<div class="WordSection1">
<ul type="disc">
<li style="mso-list:l1 level1 lfo5">The problem with this is
that you need to know *when* N signed N+1, and you can't
believe N about the time.<o:p></o:p></li>
</ul>
<p>Out of band verification. You make sure the chain you have
connects properly up to the current KSK.</p>
</div>
</blockquote>
<p>Then its "Turtles all the way down". <a
class="moz-txt-link-freetext"
href="https://en.wikipedia.org/wiki/Turtles_all_the_way_down"
moz-do-not-send="true">https://en.wikipedia.org/wiki/Turtles_all_the_way_down</a><br>
</p>
<p>At some point you've involved something outside of the DNS and
you need a way to trust them, and a way to supercede the trust
if they're compromised. Or you need a crowd of them. Etc. <br>
</p>
<p>I thought of time stamp services - those might work but have
the same problem of root management for their chain of trust -
e.g. the resolvers need to be able to get the most recent trust
anchors before they can validate the DNS trust anchor set....
What I'm actually thinking about is some form of inserting a
record into the blockchain ledger for one of the
cryptocurrencies as a mechanism for time stamping the state of
the trust anchor set at a given point in time. See references 2
and 3 of <a class="moz-txt-link-freetext"
href="https://en.wikipedia.org/wiki/Trusted_timestamping"
moz-do-not-send="true">https://en.wikipedia.org/wiki/Trusted_timestamping</a></p>
</blockquote>
<p>OK - here's what I came up with:</p>
<p>H[0] = 32'0' (32 bytes of 0).<br>
</p>
<p>Once a (day | week), generate H[N] = HASH(H[N-1] || root DNSKEY
RRSet encoded in canonical order || root RRSIG(DNSKEY) RRSet
encoded in canonical order || date stamp)</p>
<p>Using something like <a class="moz-txt-link-freetext" href="https://originstamp.org/home">https://originstamp.org/home</a>, submit H[N] to
the block chain ledger.</p>
<p>Retain a record of each submission including the origin data,
hash, block chain record, and date stamp of submission.</p>
<p>Recovery is:</p>
<p>1) Get a copy of the list of states (contents of the RRSig and
DNSKEY record sets) between the last time I was live and now.</p>
<p>2) Verify that they are sequenced properly and that the
calculated hashes match up with the contents of the block chain
ledger.</p>
<p>3) Run the records in order through a psuedo-5011 update scheme
(e.g. process the records as if you'd retrieved them at the time
of the ledger submission - basically running your 5011 clocks
driven by the blockchain submission). Verify any signatures and
mark the keys revoked or added as you would as if you'd gotten
them at the time of ledger submission.</p>
<p>4) Fail the process if any verification step fails - fail over to
manual update.<br>
</p>
<p>Notes: <br>
</p>
<p>1) No less often than a week - any longer and its possible you
can have events that happen that are removed from the state before
the ledger entry is made. The actual number should be based on
some fractional multiple of the minimums of the TTL and the
signature durations.<br>
</p>
<p>2) Useful to have third party verification that the ledger is
tracking the state as provided by the root publisher.</p>
<p>3) Because the time of submission is locked in place relative to
a lot of other transactions, it should be impossible for a revoked
key to later lie in a way that causes a resolver to accept that
lie. E.g. signing a key add RRSet in 2025 that purports to add a
fake key in 2020 (i.e. the signature date times in the RRSig are
2020 even though the signature is being formed in 2025).<br>
</p>
<p>4) At 1 record a week, this is about a 100 records to parse and
process if you're dormant for 2 years. And NO - you may not
accept the last transaction in the ledger as the final state of
the trust anchor set. You MUST process all of the transactions in
order.<br>
</p>
<p>5) None of this requires the additional use of any of the private
key material (besides it being used at the time it signs the
DNSKEY RRSet). So delete the 2010 key.<br>
</p>
<p>This is more complex than "just sign the key", but it also
probably works unlike "just sign the key".</p>
<p>Mike</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:75ae921a-ba42-8250-f31a-f5e43629dcb8@nthpermutation.com">
<p>But that's complex and probably requires that the root key
holders add another step to the process of managing the keys.
It's not something that's a simple add on.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:EFEAF715-AB01-4E82-80A9-412376948CFC@akamai.com">
<div class="WordSection1">
<p><o:p></o:p></p>
<p>Or you tell folks turning on old computers to just reconfig
first. :)<o:p></o:p></p>
</div>
</blockquote>
<p>That gets my vote. Or - they just down load all the security
patches that have been signed with the vendor of the devices
private key to include the new starting trust anchor set.</p>
<p>Later, Mike</p>
<p><br>
</p>
</blockquote>
<p><br>
</p>
</body>
</html>