[Yeti DNS Discuss] KROLL status. Plus a question about double-signing!
gih at apnic.net
Tue Aug 2 06:17:38 UTC 2016
> The second issue is that Davey Song noticed that I had not included any
> time with double-signing of the ZSK by both the old and new KSK. The
> actual procedure defined in RFC 6781 section 4.1.2. specifies a
> My belief is that this double-signing is useful if you have a parent
> updating a DS record, but not for the root. Right now the KROLL
> experiment does not include a double-signing phase.
> We have two choices (and possibly more):
> 1. Modify the experiment to include a double-signing phase. This will
> make it more closely match RFC 6781.
But section 4.1.2 of 6781 appears to explicitly address the situation of
rolling the KSK of a delegated zone, the the considerations of double
signing appear to relate to the synchronisation of the parent DS and the
RRSIG os the child DNSKEY records.
For the root things are different and the only time that two sigs are needed
for the root zone DNSKEY are when you want to use a RFC5011-style revocation of
the old KSK, which can only be done in the RRSIG, assuming that you publish the
new KSK in the DNSKEY record for a minimum of the RFC5011 hold-down period plus a
replay attack window size (I understand that a liberal safe time would be 60 days).
> 2. Leave the experiment as defined, without a double-signing phase.
> This more closely matches the ICANN roll plan, although not
> Personally I prefer to leave the experiment, although I admit that
> mostly this is because I don't want to change things more than
> necessary while it is underway.
The risk with double signing is of course the larger response size of the
query for the DNSKEY of the root zone, and the problem there
lies in the issues relating to UDP packet fragmentation and IPv6.
More information about the discuss