key-timing
Stephen Morris
John Dickinson
Johan Ihren
Matthijs Mekking
IETF90, dnsop
key-timing: the past
Version -03 was two years ago
● There was an alternative document:
● draft-mekking-dnsop-dnssec-key-timing-bis
● Consensus was to ship the key-timing draft
● So there was a WGLC in August 2012
● And then nothing
●
key-timing: the present
We are now at version -04
● The consensus still is to ship it
● “We are practicing the art of
necromancy” - Tim
● New co-editor
● We patched the document and
think its much cleaner
●
key-timing: the present
●
Lots of editorial changes
KSK Double-Signature is renamed Double-KSK
● Summary table removed
● ZSK Double-RRSIG has been removed
●
Update diagrams and text to better reflect key
states and key lifetimes.
●
key-timing: the present
|1| |2| |3| |4| |5| |6| |7| |8| |9|
| | | | | | | | |
Key N | |<­Ipub­>|<­­­>|<­­­­­­­Lzsk­­­­­>|<­Iret­>|<­­­>|
| | | | | | | | |
Key N+1 | | | | |<­Ipub­>|<­>|<­­­Lzsk­­ ­ ­
| | | | | | | | |
Tgen Tpub Trdy Tact TpubS Tret Tdea Trem
­­­­ Time ­­­­>
Trdy = Tpub + Ipub
key-timing: the present
|0| |1| |2| |3| |4| |5| |6| |7| |8|
| | | | | | | | |
Key N | |<­Ipub­>|<­­­>|<­­­­­­­Lzsk­­­­­­>|<­Iret­>|<­­­>|
| | | | | | | | |
Key N+1 | | | | |<­Ipub­>|<­­>|<­­­Lzsk­­­­ ­ ­
| | | | | | | | |
Key N Tgen Tpub Trdy Tact Tret Tdea Trem
Key N+1 Tgen Tpub Trdy Tact
­­­­ Time ­­­­>
Trdy(N) = Tpub(N) + Ipub
key-timing: the future
●
New WGLC
There are ideas for improvement
● But let's discuss that after we ship this
●