To:
"Scott Rose" <scottr@antd.nist.gov>
Cc:
<dnsop@cafax.se>
From:
Johan Ihren <johani@autonomica.se>
Date:
10 Oct 2002 15:32:57 +0200
In-Reply-To:
<002d01c26f99$fe429110$b9370681@antd.nist.gov>
Sender:
owner-dnsop@cafax.se
User-Agent:
Gnus/5.0808 (Gnus v5.8.8) Emacs/20.3
Subject:
Re: Interim signing of the root zone.
"Scott Rose" <scottr@antd.nist.gov> writes: > Related to the draft topic - I was doing some further research on > key management and I was wondering why the key rollover scheme in > the draft was chosen: why so often? Wow, a technical comment. Thanks, Scott. There are two reasons: 1. This is an *interim* scheme and as such it is important not to give the impression that the trusted key is something to file and forget. I.e. I'm trying to avoid anyone putting long term trust into these keys. 2. One of the main objectives is to, in the particular context of the root zone, gain operational experience with key mgmt, rollovers, exchanges between the holders of key signing keys and operational keys (since they are likely to continue being separate entities for the root zone), etc. With long lived keys we won't get nearly as much experience, since we'll hang off the same key signing key for years. Furthermore we won't get as much experience in how to publish new trusted keys to actually get them into as many resolvers as possible. The bottom line is that this is not a production design that is optimized for maximum security with minimum cost. Rather it is designed to be staging area to gain experience while at the same time not fooling end users into believing they got the final product. Regards, Johan