Conversation

Notices

1. Embed this notice
   John Shaft (shaft@piaille.fr)'s status on Wednesday, 20-Sep-2023 22:09:50 JST John Shaft

   Totally missed that information : a new #KSK for the root zone was generated during Root KSK Ceremony 49 last April. It's still a RSA 2048-bits key and it's keytag is 46211 if I read the log correctly

   KSK Rollover incoming ! (in 2-3 years ^^)

   https://www.iana.org/dnssec/ceremonies/49

   #DNS #DNSSEC

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 20-Sep-2023 22:11:10 JST Haelwenn /элвэн/ :triskell:

     in reply to
     @shaft RSA 2048-bits seems a bit strange, is there a reason they're not switching to RSA 4096-bits or a better algorithm?
   • Embed this notice
     John Shaft (shaft@piaille.fr)'s status on Wednesday, 20-Sep-2023 22:20:17 JST John Shaft

     in reply to

     Ah! This #KSK rollover is delayed because the manufacturer of the #HSM used by IANA (and Verisign) for the KSK management will cease production of the devices used

     "There is a strong likelihood we will seek to generate a new KSK on a new HSM platform once operationalized, which will cause us to abandon the recently generated KSK"

     https://mm.icann.org/pipermail/root-dnssec-announce/2023/000160.html

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     John Shaft (shaft@piaille.fr)'s status on Wednesday, 20-Sep-2023 22:20:18 JST John Shaft

     in reply to

     Root zone will switch to #ECDSA keys in the 2030's I guess 😅

   • Embed this notice
     John Shaft (shaft@piaille.fr)'s status on Wednesday, 20-Sep-2023 22:45:32 JST John Shaft

     in reply to

     • Haelwenn /элвэн/ :triskell:

     @lanodan Many things:
     - HSM used might not be able to handle ECDSA (well, just learned that hardware will change)
     - 4096-bits RSA produces larger signatures. Not really adequate for DNS (and takes longer to sign)
     - Out-of-age big companies not able to work with ECDSA (pretty sure there is still lots of big resolvers too old for that)

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     John Shaft (shaft@piaille.fr)'s status on Wednesday, 20-Sep-2023 23:09:29 JST John Shaft

     in reply to

     • Haelwenn /элвэн/ :triskell:

     @lanodan Just for fun, try a request for a non-existant TLD¹: answer is already ≈ 1,000 bytes (there is 6 records in the NXDOMAIN answer: SOA, NSEC for the domain you queried and NSEC for root. Plus the signatures of the 3 records).

     RSA 4096 would create answers > 1232 bytes in those cases, thus answers will be truncated and queries should be retried using TCP. Lots of resources (and time) wasted

     ¹ eg. dig +dnssec grrrr

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Patrick Mevzek (pmevzek@framapiaf.org)'s status on Thursday, 21-Sep-2023 02:45:03 JST Patrick Mevzek

     in reply to

     • Haelwenn /элвэн/ :triskell:

     @lanodan @shaft This thread might be of interest to you: https://mailarchive.ietf.org/arch/msg/dnsop/3hzGyV9LGnUpw0ncFudWdQ2sZvc/ My understanding of the current trends and global points of view is that after RSA 2048 it is better to focus energy on switching to elliptic curves based algorithms and just shield away from RSA completely. For both reasons on size consequences of what is exchanged as DNS packets, and for fears of strength against quantum computing.

     Haelwenn /элвэн/ :triskell: likes this.