| ▲ | 0123456789ABCDE 5 hours ago |
| doesn't this event speak for itself though? |
|
| ▲ | Avamander 5 hours ago | parent | next [-] |
| Kind-of. But there are worse things than outages when it's PKIs we're talking about. DNSSEC is also extremely opaque and unmonitored. Any compromise will not be noticed. Nor will anyone have any recourse against misbehaving roots. Fun fact, CloudFlare has used the same KSK for zones it serves more than a decade now. |
| |
| ▲ | daneel_w 4 hours ago | parent [-] | | Which is fine. Not because KSK rollover is supposedly complicated, but if you can't manage to keep your private keys and PKI safe in the first place then key rotation is just a security circus trick. But if you do know how to keep them safe, then... | | |
| ▲ | Avamander 3 hours ago | parent [-] | | It is not fine. Keeping key material safe is not a boolean between "permanently safe" and "leaks immediately". Keeping key material secure for more than a decade while it's in active use is vastly more complex than keeping it secure for a month, until it rotates. For all we know, some ex-employee might be walking around with that KSK, theoretically being able to use it for god knows what for an another decade. | | |
| ▲ | cyberax an hour ago | parent [-] | | > Keeping key material secure for more than a decade while it's in active use is vastly more complex than keeping it secure for a month, until it rotates. Nope. Key material rotation is just circus when it's done for the sake of rotation. > For all we know, some ex-employee might be walking around with that KSK, theoretically being able to use it for god knows what for an another decade. Or maybe an employee has compromised the new key that is going to be rotated in, while the old key is securely rooted in an HSM? | | |
| ▲ | tptacek 28 minutes ago | parent [-] | | The point of rotation for these kinds of keys is that it limits the blast radius of what happens if an employee compromises such a key. This is sort of like how there are one or two die-hard PGP advocates who have come up with a whole Cinematic Universe where authenticated encryption is problematic ("it breaks error recovery! it's usually not what you want!") because mainstream PGP doesn't do it. Except here, it's that key rotation is bad, because of how often DNSSEC has failed to successfully pull off coordinated key rotations. |
|
|
|
|
|
| ▲ | pocksuppet an hour ago | parent | prev [-] |
| Let's Encrypt going down isn't equivalent to a rant about how encryption was a terrible idea from the very beginning and we should all just use unencrypted traffic. |
| |
