[Opendnssec-user] Sharedkeys for multiple zones

Discussion:

Arun Natarajan

2017-03-06 20:03:52 UTC

Hi,

Do you see any risk for sharing the same key pairs for multiple zone
files?, except the fact that if the key is compromised all the zones are
affected.

Thanks,
Arun

Yuri Schaeffer

2017-03-06 21:54:26 UTC

Permalink

Hi Arun,

Post by Arun Natarajan
Do you see any risk for sharing the same key pairs for multiple zone
files?, except the fact that if the key is compromised all the zones are
affected.

Yes*, but only in a specific case.

Normally using the same key for multiple zones is not a problem. Having
more signed data exposed does weaken your key, Though I don't think
conceptually there is any difference between signing 1000 1K record
zones versus 1 1000K record zone. It is just more data, which you can
mitigate by rolling your keys more often.

Now the specific case: when the zone content is not in your control.
I.e. you use the same key to sign the data of multiple costumers. If
your costumer can instruct your setup to sign chosen data (adding
records etc) it can use that to gain more knowledge about its key => and
thereby the key of others.

Best regards,
Yuri

* I'm not a cryptographer. Please ask for a second opinion if a business
decision depends on it.

Jakob Schlyter

2017-03-07 16:57:23 UTC

Permalink

Having more signed data exposed does weaken your key,

No, please stop saying that. Keys don't wear upon usage - especially not
signature keys.

jakob

Yuri Schaeffer

2017-03-08 11:41:29 UTC

Permalink

Hi Jakob,

Post by Jakob Schlyter
No, please stop saying that. Keys don't wear upon usage - especially not
signature keys.

Thanks. I was hoping you would chip in! Does this then also mean a
chosen plaintext attack is not an issue in the scenario I described?

Do you have a general advice on shared keys in DNS?

//Yuri

Jakob Schlyter

2017-03-10 06:50:02 UTC

Permalink

Post by Yuri Schaeffer
Thanks. I was hoping you would chip in! Does this then also mean a
chosen plaintext attack is not an issue in the scenario I described?

As I understand it, this is not an issue when signing.

Post by Yuri Schaeffer
Do you have a general advice on shared keys in DNS?

I would consider shared keys only if I had a lot of zones and a HSM with
limited space and/or other reasons for keeping the number of keys down
to a minimum.

jakob

Arun Natarajan

2017-03-09 09:51:53 UTC

Permalink

Post by Yuri Schaeffer
Normally using the same key for multiple zones is not a problem. Having
more signed data exposed does weaken your key, Though I don't think
conceptually there is any difference between signing 1000 1K record
zones versus 1 1000K record zone. It is just more data, which you can
mitigate by rolling your keys more often.

thanks Yuri.

trying to compare the effort/impact of maintaining separate keys for n
number of zones vs shared key for all those zones with a frequent roll over.

Yes the plain text attack - I believe it does not matter - shared keys
with multiple zones or a large zone with dedicated keys got the same risk?

the concerns of shared keys were also about the practical side:
- should the keys be rolled over at the same time for all zones?
- introducing new zones - does it really use the active shared key for
signing a new zones especially when the key is supposed to be dead, based
on an old zone policy?

Now the specific case: when the zone content is not in your control.

Post by Yuri Schaeffer
I.e. you use the same key to sign the data of multiple costumers. If
your costumer can instruct your setup to sign chosen data (adding
records etc) it can use that to gain more knowledge about its key => and
thereby the key of others.

Yes, I meant the zones belongs to one organization.
--
arun

Yuri Schaeffer

2017-03-09 11:27:11 UTC

Permalink

Hi Arun,

Post by Arun Natarajan
- should the keys be rolled over at the same time for all zones?

No.
Zones will share keys but they need not be in phase. So in general when
having multiple zones with shared keys you have 2 keys instead of one.
Some of the zones use the newest key, some of them still use the old
(because they haven't rolled yet).

Post by Arun Natarajan
- introducing new zones - does it really use the active shared key for
signing a new zones especially when the key is supposed to be dead,
based on an old zone policy?

When adding a new zone (idem for just rolling a key on an existing zone)
the enforcer will find the most recent key in use for that policy.
However if it deems the key to old (it is about to be rolled) it will
generate a new key. Existing zones rolling at a later time will then
roll to this new key.

So you won't see all your zones rolling at once (unless you added them
all at once). Nor will the rolling of zone A be blocked by zone B. Keys
being used longer than 1/2 their lifetime will not be considered a
candidate to roll to. So worst case a key is used for 1.5 its KASP
configured lifetime.

//Yuri

Emil Natan

2017-03-09 11:36:10 UTC

Permalink

Post by Yuri Schaeffer
Normally using the same key for multiple zones is not a problem. Having

Post by Yuri Schaeffer
more signed data exposed does weaken your key, Though I don't think
conceptually there is any difference between signing 1000 1K record
zones versus 1 1000K record zone. It is just more data, which you can
mitigate by rolling your keys more often.

I'm using shared keys for multiple zones. I set these zones under one
policy, then rotate the keys per policy and not per zone.

Post by Yuri Schaeffer
- introducing new zones - does it really use the active shared key for
signing a new zones especially when the key is supposed to be dead, based
on an old zone policy?

Did not test this one, it's unlikely scenario in my case, but it worth a
try.

Emil

Post by Yuri Schaeffer
Now the specific case: when the zone content is not in your control.

Yes, I meant the zones belongs to one organization.
--
arun
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user