To:
Edward Lewis <lewis@tislabs.com>
Cc:
dnsop@cafax.se, dnssec@nlnetlabs.nl
From:
ted@tednet.nl (Ted Lindgreen)
Date:
Tue, 17 Oct 2000 15:46:16 +0200
In-Reply-To:
"Edward Lewis's message as of Oct 16, 21:22"
Reply-To:
Ted.Lindgreen@tednet.nl
Sender:
owner-dnsop@cafax.se
Subject:
Re: DNSSEC and Parent SIG in Child zone
[Quoting Edward Lewis, on Oct 16, 21:22, in "Re: DNSSEC and Paren ..."] > At 9:49 AM -0400 10/13/00, Ted Lindgreen wrote: > >Reason to ask this, is that there seems no security-technical reason > >to have this SIG in the parent zonefile instead. > > How about this: > > Having the parent publish the keys eliminates a beneficial three-way > handshake. (How beneficial is open to question.) Given the current > definition: I fully agree that a three-way handshake is desirable. However, I am not sure that having the parent publish the keys eliminates this handshake: > 1) The child "signals" the intent to be secure by submitting keys to the > parent. > > 2) The parent "acknowledges" the child's desire to be secure by signing > > 3) The child "accepts" this invitation by publishing the keys. The In case (only) the parent publishes the SIG over the child new KEY, 1) and 2) do not change. In 3) the child can also "accept" the invitation by starting to use the new KEY to sign its zone. > important part of this step is that the child has the option, once the > parent has returned the signature, to decide if the signature is right. Cryptograhically, or security-technically I see no difference between a child: 1. verifying a parent-SIG over own-KEY with parent-KEY, then including the parent-SIG in own zonefile, and then starting to use the new KEY. 2. verifying a parent-SIG over own-KEY with parent-KEY, and starting to use the new KEY. Please note, that in order to verify the parent-SIG, one has to consult the parent-zone anyway to collect the parent-KEY. > I.e., what if someone adds or modifies the keys between the time the child > sends them and the parent receives them? The parent won't know this and > publishing the erroneous keys and the signature would be a problem. This is a very serious problem. In fact, we see the verification by the parent before signing a childs zone-KEY as the most critical part (in terms of security) of implementing DNSSEC at TLDs. However, this problem is independend of where the SIG will be located after having been generated. Regards, -- Ted.