On Mon, Oct 4, 2010 at 7:56 AM, Joe Abley <jab...@hopcount.ca> wrote:
> Hi, > > On 2010-10-04, at 10:31, Eric Rescorla wrote: > > > On Sun, Oct 3, 2010 at 10:54 AM, Joe Abley <jab...@hopcount.ca> wrote: > > > >> On 2010-10-03, at 13:31, Eric Rescorla wrote: > >> > >> > I'm asking because I'm pretty familiar with cryptography and I know > that keys don't suddenly become > >> > worthless just because they get past their intended use lifetime. The > semantics of signature > >> > security of old keys is a lot more complicated than that. > >> > >> The context here is the publication of DNSSEC trust anchors for the root > zone. > >> > >> At least some of the cases we're talking about involve signatures > necessarily made by keys after an emergency key roll which has taken place > because the old key has been compromised. Such signatures are worthless. > >> > > > > I don't think this follows. > > In the context of our discussion, it does. We are discussing arrangements > for publishing a trust anchor for a key whose management has already been > carefully specified, and does not include (for example) pre-generation of > the next key in the way you suggest. > Carefully specified, perhaps, but what you're saying here also makes me think it was also incorrectly specified, since, as I said, the technique I described is well-known, and failing to do so leads to precisely the complications that are at issue here. So, rather than designing a bunch of kludgy workarounds, it would be better to ask what the right thing to do is, even if that requires changing some preexisting document. -Ekr
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
