[Yeti DNS Discuss] Rollover to ECDSA
ljsong at biigroup.cn
Fri Aug 17 03:58:04 UTC 2018
For your information, we are going to design and test the algorithm rollover experiment in Yeti. I received some suggestions from experienced experts (one in the mail below). It is appreciated if you can send us suggestion and comments.
Recommend Geoff's article on ECDSA: https://www.potaroo.net/ispcol/2018-08/ecdsafin.html
发件人: Geoff Huston [mailto:gih at apnic.net]
发送时间: 2018年8月17日 9:53
收件人: "Davey Song(宋林健)"
主题: Re: Thanks for your article on "Measuring ECDSA in DNSSEC"
Yes, I think its now time to transition away from RSA and move to ECDSA P-256 for DNSSEC and the major rationale for this change is the smaller size of the RRSIG, DNSKEY and DS records when using ECDSA.
About the only thing I am aware of as a potential trap is that some DNS validation implementations (notably PowerDNS, I think) will not tolerate a KSK and a ZSK using different algorithms in the same zone. However I am not aware of the exact details here and I have not investigated this in any other detail.
You may want to experiment with the transition scenarios of a signed zone performing a shift from RSA to ECDSA with both KSK and ZSK keys.
Should you transition the KSK and leave the ZSK constant and then transition the ZSK? In this case will some resolvers have problems with the different algorithms used in the KSK and ZSK.
Should you transition both the KSK and the ZSK at the same time? What does this mean (cached resolvers will have old zsk signed RRSIG records and of the current DNSKEY RR does not have both old and new ZSK records there is the risk of generating spurious DNSSEC validation failures.
So in summary, I don't think there is any real issue with using ECDSA P-256 in DNSSEC signed zones today, but an algorithm roll from RSA to ECDSA in a signed zone does present some un-mapped potential problems which should be investigated more fully.
> On 17 Aug 2018, at 11:44 am, Davey Song(宋林健) <ljsong at biigroup.cn> wrote:
> Dear Geoff,
> I’m writing to thank you for the article on “Measuring ECDSA in DNSSEC”. It helps me to understand the state of art on ECDSA and positive signal to implement it in DNSEC due to IPv6 fragmentation issue. For your information, I’m going to propose a experiment in Yeti testbed on DNSSEC Algorithm rollover which is requested by Yeti’s sponsors. So do you have some insights or suggestions on this, or traps to avoid? I appreciate if you can give me some guidance.
> Best regards,
More information about the discuss