On 2010-09-14, at 13:55, Tony Finch wrote: > On Tue, 14 Sep 2010, Joe Abley wrote: >> >> Doesn't trust-history impose a requirement high standards of operational >> security for key materials which have long since fallen out of >> production, and hence extend the possible window for a key compromise >> long after the key has stopped being used? From an operational >> perspective this worries me. > > I haven't checked the draft, but it should be possible to throw away a > private key after it has signed its successor and been decommissioned.
Right. I'm concerned about the scenario where - KSK goes out of production - KSK is supposed to be destroyed following some suitable emergency roll-back window - KSK is not actually destroyed due to operational error - KSK is compromised by someone (hard disk found in dumpster) - KSK is used to create an apparently-legitimate branch of the trust-history chain, legitimising a bogus key In normal operation this would not be a concern because the retired KSK is of no practical use. By inventing a practical use for the retired KSK, the requirements for secure handling are extended until the end of time. I agree that in an ideal world the KSK would be securely destroyed. I don't often feel like I live in that world, however, hence my worry. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
