Trust Anchor Update

1
Trust Anchor Update

• draft-ietf-dnsext-trustupdate-timers-00.txt
• Mike StJohns
• 10 November 2004

2
Outline

• Definitions
• Design Goals
• State Diagram
• Example

3
Protocol Goals

• Provide a mechanism to allow DNS Clients and
  Caching/Recursive Servers to update specific sets
  of DNSSEC trust anchors based on changes in DNS
  accessible data.

4
Definitions

• Trust Point A specific point on the DNS tree
  that a resolver treats as an origin of trust.
• Trust Anchor A specific DNSKEY located at a
  trust point

5
Design Goals

• Survive an N-1 key compromise (where N is the
  number of trust anchors at a trust point)
• Minimize other attacks (e.g. addition of new keys
  by compromiser)
• Ensure common state at resolvers assuming
  resolvers query the DNSKEY RRSet in defined time.

6
Trust Model

• Current trust anchor(s) provide chain of trust
  for new trust anchors
• E.g. Because I trusted key A and key A was used
  to sign key B, I can now directly trust key B.
• But deal with gotchas key compromise,
  revocation,

7
Resolver Trust Anchor State Machine
NB Differs slightly from ID version!
8
Resolver Trust Anchor State Table

• ---------------------------
  -----------------------
• FROM Start AddPend Valid
  MissingRevokedRemoved
• -----------------------------------------------
  -----------
• Start NewKey
  
• -----------------------------------------------
  -----------
• AddPend KeyRem AddTime
  
• -----------------------------------------------
  -----------
• Valid KeyRem
  Revbit
• -----------------------------------------------
  -----------
• Missing KeyPres
  Revbit
• -----------------------------------------------
  -----------
• Revoked
  RemTime
• -----------------------------------------------
  -----------
• Removed
  
• -----------------------------------------------
  -----------

9
Example- Adding A Trust Anchor

• Assume an existing trust anchor key 'A'.
• Generate a new key pair.
• Create a DNSKEY record from the key pair and set
  the SEP and Zone Key bits.
• Add the DNSKEY to the RRSet.
• Sign the DNSKEY RRSet ONLY with the existing
  trust anchor key - 'A'.
• Wait a while.

10
Example - Deleting a Trust Anchor

• Assume existing trust anchors 'A' and 'B' and
  that you want to revoke and delete 'A'.
• Set the revocation bit on key 'A'.
• Sign the DNSKEY RRSet with both 'A' and 'B'. 'A'
  is now revoked. The operator SHOULD include the
  revoked 'A' in the RRSet for at least the remove
  hold-down time, but then may remove it from the
  DNSKEY RRSet.

11
5.3 Key Roll-Over

• Assume existing keys A and B. 'A' is actively in
  use (i.e. has been signing the DNSKEY RRSet.) 'B'
  was the stand-by key. (i.e. has been in the
  DNSKEY RRSet and is a valid trust anchor, but
  wasn't being used to sign the RRSet.)
• Generate a new key pair 'C'.
• Add 'C' to the DNSKEY RRSet.
• Set the revocation bit on key 'A'.
• Sign the RRSet with 'A' and 'B'. 'A' is now
  revoked, 'B' is now the active key, and 'C' will
  be the stand-by key once the hold-down expires.
• The operator SHOULD include the revoked 'A' in
  the RRSet for at least the remove hold-down time,
  but may then remove it from the DNSKEY RRSet.

12
Example Active Key Compromised

• This is the same as the mechanism for Key
  Roll-Over above assuming 'A' is the active key.

13
Example Stand-by Key Compromised

• Using the same assumptions and naming conventions
  as Key Roll-Over above
• Generate a new key pair 'C'.
• Add 'C' to the DNSKEY RRSet.
• Set the revocation bit on key 'B'.
• Sign the RRSet with 'A' and 'B'. 'B' is now
  revoked, 'A' remains the active key, and 'C' will
  be the stand-by key once the hold-down expires.
  'B' SHOULD continue to be included in the RRSet
  for the remove hold-down time.

14
Timers

• New Addition to Protocol
• Clients periodically refresh their knowledge of
  information at trust points to track changes.