[ksk-rollover] Retention of the 2010 KSK
Olaf Kolkman
kolkman at isoc.org
Thu Apr 4 08:36:45 UTC 2019
On 3 Apr 2019, at 16:09, Joe Abley wrote:
> On 3 Apr 2019, at 05:10, Olaf Kolkman <kolkman at isoc.org> wrote:
>
>> It occurs to me that the requirements are probably straight forward.
>
> This seems like a bad sign!
>
>> Key N signs Key N+1 with a time of signature timestamp. Seems to me that writing down how the bits are stored is a short exercise.
>
> Back when Wouter proposed a similar mechanism, years ago (TALINK? something like that) my objection to it was that a compromise of any key along the chain breaks it in ways that are not trivial to signal to a relying party, remembering that the kind of relying party we're apparently trying to accommodate include those that have been sitting on a shelf for five years but still have aspirations about being secure.
>
> I find Mike StJohn's cautionary shouting about key hoarding quite convincing.
I am not talking about keeping the private keys around. I am saying create a signature over the new key with a timestamp of signature and keep that around - a relatively clean variety of data that is already available anyway.
That said I agree, all mechanisms to get from t(N) to t(N+i) (time when key N was in use to time when a future key is in use) by following a chain of signatures is not the best of ideas. But, if we ever want to go there, as methodology of last resort, having a clean blob of signed key material around may turn out to be useful.
—Olaf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190404/681b8056/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 858 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190404/681b8056/signature.asc>
More information about the ksk-rollover
mailing list