On 15 April 2020 from 15:00 to 16:30 (UTC+2), the DNS Working Group held a remote session via Zoom.
Managing the trust anchor of the DNS against adversity, Kim Davies.
Scribe: Boris Duval
Status: Draft
1. Managing the trust anchor of the DNS against adversity
Kim Davies
Vice President, IANA Functions, PTI
Roland van Rijswijk-Deij asked if IANA had considered using HSMs that support remote authentication for the TCRs. Roland added that he has experience using HSMs in a DNSSEC context and that it allowed them to avoid travelling to a facility to perform certain kind of operations.
Kim replied that the primary design of the facility implied that the security elements were stored in a safe and kept offline. He added that having HSMs with some kind of remote management capability would require a complete rethink of the current system.
Roland further suggested to have a post-event check proving that the ceremony was performed correctly.
Kim answered that he was open to the concept but that they had to first look if it was viable operationally and financially. He added that they were currently building features in their security system that will provide real-time reporting to the community.
Steve Crocker mentioned that it would be useful to have a summary of the discrepancies that occurred over the last ten years to compare them with the underlying assumptions that have been fundamental to the current system design.
Kim agreed that it would be a good area to do research but pointed out that their staff was already really busy handling operational day-to-day activities and that they didn’t have a lot of opportunities to step-back and make this kind of analysis.
Joao fulfilled one of the ceremony’s steps live on Zoom by putting his TCR key into a tamper evident bag. He will then send the key to IANA’s office via post mail.
Samuel Weiler asked Kim if he knew how and where the additional keys generated will be held before they are handed over.
Kim replied that they don’t have an exact answer at the moment as his team is still devising the protocol. However, he added that in the context of a normal ceremony, they place the sign key response unto a USB drive and put it in a tamper evident bag. They then take it back to their office and send the keys to their web servers using TLS. In this case, they would do something similar using a drive that contains nine months’ worth of signatures and send them to their web servers three months at a time while keeping the USB drive somewhere safe during the time in-between.
Samuel suggested that IANA collect feedback from the community about the future of the key ceremony.
Kim agreed.
Sergey Myasoedov commented that he was happy that IANA was considering new locations for the key ceremonies and asked Kim if they had specific requirements to choose those locations.
Kim answered that they don’t have specific requirements at the moment. He added that they first needed to assess if the current set-up is fit for purpose. However, he added that the new locations should be easily accessible to IANA staff as they need to perform a lot of operational tasks in-between ceremonies.
There were no further questions.