increasing the zone signing key size for the root zone
TRANSCRIPT
![Page 1: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/1.jpg)
Increasing the Zone Signing Key Sizefor the Root ZoneDuane WesselsRIPE 72, CopenhagenMay 26, 2016
![Page 2: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/2.jpg)
Verisign Public
Presentation Outline
• Current root zone DNSSEC parameters• Schedule• Change details• Consequences of a 2048-bit ZSK• Fallback plan
2
![Page 3: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/3.jpg)
Verisign Public
Initialisms
KSK Key Signing Key Operated by IANA/ICANNZSK Zone Signing Key Operated by VerisignKSR Key Signing Request XML-formatted bundle of keys to be signedSKR Signed Key Response XML-formatted bundle of signatures
3
![Page 4: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/4.jpg)
Verisign Public
This is not the KSK Rollover
• You may have recently heard about work underway to roll the root zone Key Signing Key (aka Trust Anchor).
• That’s not what this is.
• Verisign is working closely with the other Root Zone Management partners to ensure that the ZSK length change does not coincide with other activity that would increase the root zone DNSKEY response size.
4
![Page 5: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/5.jpg)
Verisign Public
Current DNSSEC parameters
5
Parameter KSK ZSKAlgorithm 8 8
Size 2048-bits 1024-bitsRolled (not yet*) quarterly
Re-sign period 10 days 12 hoursSignature validity 15 days 10 days
Signs DNSKEYs everything else
• ZSK size will be increased to 2048-bits
• No other parameters will be changed
*Sticklers will bring up the DURZ transition in 2010
![Page 6: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/6.jpg)
Verisign Public
Schedule
Date Milestone2016-04-15 ✔ ️ Testing between ICANN and Verisign2016-05-12 ✔ ️ KSK ceremony #25; sign 2016Q3 ZSKs2016-08-11 KSK ceremony #26; sign 2016Q4 ZSKs2016-09-20 First 2048-bit ZSK pre-published in root zone2016-10-01 Root zone signed with 2048-bit ZSK
6
![Page 7: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/7.jpg)
Verisign Public
Schedule
7
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Cere
mon
y 24
(Q2
keys
)
Cere
mon
y 25
(Q3
keys
)
Cere
mon
y 26
(Q4
keys
)
1024-bit ZSK1024-bit ZSK
1024-bit ZSK2048-bit ZSK
Cere
mon
y 27
(Q1
keys
)
Cere
mon
ies
Publ
ished
Keys
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
![Page 8: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/8.jpg)
Verisign Public
Schedule
8
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov DecCe
rem
ony
24 (Q
2 ke
ys)
Cere
mon
y 25
(Q3
keys
)
Cere
mon
y 26
(Q4
keys
)
1024-bit ZSK1024-bit ZSK
1024-bit ZSK2048-bit ZSK
Cere
mon
y 27
(Q1
keys
)
Cere
mon
ies
Publ
ished
Keys
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
![Page 9: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/9.jpg)
Verisign Public
Rollover Details
9
![Page 10: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/10.jpg)
Verisign Public
The ZSK Rollover Process
• ZSK is Rolled quarterly• Quarter is divided into 9 slots of 10 days each
• Sometimes the 9th slot is longer
• The DNSKEY RRSIG record changes in each slot• Uses pre-publish technique
• Incoming ZSKs pre-published for one slot (9th slot)• Outgoing ZSKs post-published for one slot (1st slot)
• Size of DNSKEY response message increased due to pre-/post-publish
10
![Page 11: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/11.jpg)
Verisign Public 11
Slot 1 Slot 2..8 Slot 9 Slot 1 Slot 2..8 Slot 9 Slot 1 Slot 2..8 Slot 9
1024sign+publish
1024pre-publish
1024sign+publish
1024post-publish
1024sign+publish
1024sign+publish
1024sign+publish
1024post-publish
1024sign+publish
1024sign+publish
1024pre-publish
Qn Qn+1 Qn+2
ZSK 1024→1024 Normal Rollover
1024sign+publish
1024sign+publish
DNSKEYresponse
size increase
DNSKEYresponse
size increase
![Page 12: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/12.jpg)
Verisign Public 12
Slot 1Jul 2016
Slot 2..8 Jul..Sep 2016
Slot 9Sep 2016
Slot 1Oct 2016
Slot 2..8Oct..Dec 2016
Slot 9Dec 2016
Slot 1Jan 2017
Slot 2..8Jan..Mar 2017
Slot 9Mar 2017
1024sign+publish
2048pre-publish
1024sign+publish
1024post-publish
2048sign+publish
2048sign+publish
2048sign+publish
2048post-publish
2048sign+publish
2048sign+publish
2048pre-publish
ZSK 1024→2048 Rollover2016 Q3 Jul-Sep 2016 Q4 Oct-Dec 2017 Q1Jan-Mar
Ceremony 25 KSR, May 2016 Ceremony 26 KSR, Aug 2016 Ceremony 27 KSR, Nov 2016
1024sign+publish
2048sign+publish
...
Old 1024-bit ZSK will bepost-published through
slot 3.
![Page 13: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/13.jpg)
Verisign Public
1024-2048 Rollover
• Much like normal 1024 rollover• Except longer post-publish period for outgoing 1024-bit
key• ...just in case
13
![Page 14: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/14.jpg)
Verisign Public
Consequences of a 2048-bit ZSK
14
![Page 15: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/15.jpg)
Verisign Public
Size of Signed DNSKEY Response
736
883
1011
864
1139
2048 KSK RRSIG 1024 ZSK
2048 ZSK2048 KSK RRSIG 1024 ZSK
2048 KSK RRSIG 1024 ZSK 1024 ZSK
2048 KSK RRSIG 2048 ZSK
2048 KSK RRSIG 2048 ZSK 2048 ZSK
Normal 1024 ZSK
1024-1024 ZSK Roll
1024-2048 ZSK Roll
Normal 2048 ZSK
2048-2048 ZSK Roll
2048-2048 KSK Roll
2048 KSK Roll + ZSK Roll
2048 KSK RRSIG 2048 ZSK2048 KSK
2048 KSK RRSIG 2048 ZSK2048 KSK
1139
1414
2048 KSK RRSIG 2048 ZSK2048 KSK RRSIG2048 KSK Revoke
2048 ZSK
1425
15
• DNSKEY response size changes throughout this process• Normal (non-roll) size increases from 736 to 864 octets• ZSK rollover size increases from 883 to 1138 octets• Future KSK revoke size would be 1425 octets
![Page 16: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/16.jpg)
Verisign Public
Size of Signed DNSKEY Response
736
883
1011
864
1139
2048 KSK RRSIG 1024 ZSK
2048 ZSK2048 KSK RRSIG 1024 ZSK
2048 KSK RRSIG 1024 ZSK 1024 ZSK
2048 KSK RRSIG 2048 ZSK
2048 KSK RRSIG 2048 ZSK 2048 ZSK
Normal 1024 ZSK
1024-1024 ZSK Roll
1024-2048 ZSK Roll
Normal 2048 ZSK
2048-2048 ZSK Roll
2048-2048 KSK Roll
2048 KSK Roll + ZSK Roll
2048 KSK RRSIG 2048 ZSK2048 KSK
2048 KSK RRSIG 2048 ZSK2048 KSK
1139
1414
2048 KSK RRSIG 2048 ZSK2048 KSK RRSIG2048 KSK Revoke
2048 ZSK
1425
16
• DNSKEY response size changes throughout this process• Normal (non-roll) size increases from 736 to 864 octets• ZSK rollover size increases from 883 to 1138 octets• Future KSK revoke size would be 1425 octets
![Page 17: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/17.jpg)
Verisign Public
Size of Other Signed Responses
• All non-DNSKEY RRSets are signed by the ZSK• DO=1 responses will be larger• 1024-bit ZSK signature (RRSIG) : 159 octets• 2048-bit ZSK signature (RRSIG) : 287 octets• But its not that simple....• We replayed real query logs to various DNSSEC
configurations to understand traffic impacts
17
![Page 18: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/18.jpg)
Verisign Public
Measurement Methodology
• Captured 10 minutes of queries sent to a.root-servers.net• Signed a root zone with various DNSSEC configurations• Replayed traffic over both UDP and TCP
• Including client EDNS0 UDP message sizes and DO flag values
• Recorded the response size, TC flag, etc.
18
![Page 19: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/19.jpg)
Verisign Public
Quick Stats
• Zone File• SOA Serial 2016022401
• Input Trace:• February 24, 2016• 22:00:00 -- 22:10:00 UTC (10 minutes duration)• 40,993,338 IP packets captured• 37,494,153 DNS UDP queries captured
• 62,490 queries/second
• A-root sites: NYC3, LON3, LAX2, FRA1, HKG5
19
![Page 20: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/20.jpg)
Verisign Public
Percent of All responses that are Fragmented
Perc
ent
0
0.2
0.4
0.6
0.8
1
1.2
1.4
1024 Normal1024−1024 Roll1024−2048 Roll PrePub1024−2048 Roll PostPub2048 Normal2048−2048 Roll
Fragmentation
20
Essentially zero fragmentation. Only responses to “ANY” queries
exceed the fragmentation limit. Very few of those in the input trace.
![Page 21: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/21.jpg)
Verisign Public
Percent of ./DNSKEY responses that are Truncated
Perc
ent
0
1
2
3
4
5
61024 Normal1024−1024 Roll1024−2048 Roll PrePub1024−2048 Roll PostPub2048 Normal2048−2048 Roll
Truncation -- DNSKEY
21
![Page 22: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/22.jpg)
Verisign Public
Percent of All responses that are Truncated
Perc
ent
0
0.2
0.4
0.6
0.8
1
1.2
1.41024 Normal1024−1024 Roll1024−2048 Roll PrePub1024−2048 Roll PostPub2048 Normal2048−2048 Roll
Truncation -- All
22
![Page 23: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/23.jpg)
Verisign Public
Cumulative Distribution of All Response Sizes
0 200 400 600 800 1000 1200 1400
Perc
ent
0
0.2
0.4
0.6
0.8
11024 Normal1024−1024 Roll1024−2048 Roll PrePub1024−2048 Roll PostPub2048 Normal2048−2048 Roll
Response Size Distribution
23
The size of the key used for signing determines the
difference in response sizes.
Lines with the same signing key size are stacked on top
of each other.
![Page 24: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/24.jpg)
Verisign Public
Bandwidth of All responses
Mbi
t/s
0
50
100
150
200
250
300
3501024 Normal1024−1024 Roll1024−2048 Roll PrePub1024−2048 Roll PostPub2048 Normal2048−2048 Roll
Bandwidth
24
This is the bandwidth measured by the
simulation for a single root server letter (A).
![Page 25: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/25.jpg)
Verisign Public
Fallback Plan
25
![Page 26: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/26.jpg)
Verisign Public
Need for Fallback
• We fully expect the length change to occur without incident
• However, unforeseen problems may be beyond our control
• Should it be necessary, we are prepared to revert to a “known good state”• i.e. a 1024-bit ZSK
• In fact the exact same 1024-bit key just prior to the length change
26
![Page 27: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/27.jpg)
Verisign Public
Dual KSRs / SKRs
In support of this fallback plan, ICANN will sign two KSRs at two root KSK ceremonies:• The 2048-bit ZSK
• plus associated post-publish and pre-publish keys
• The fallback 1024-bit ZSK• plus associated post-publish and pre-publish keys
27
![Page 28: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/28.jpg)
Verisign Public
Slot 1Jul 2016
Slot 2..8 Jul..Sep 2016
Slot 9Sep 2016
Slot 1Oct 2016
Slot 2..8Oct..Dec 2016
Slot 9Dec 2016
Slot 1Jan 2017
Slot 2..8Jan..Mar 2017
Slot 9Mar 2017
1024sign+publish
2048pre-publish
1024sign+publish
1024post-publish
2048sign+publish
2048sign+publish
2048sign+publish
2048post-publish
2048sign+publish
2048sign+publish
2048pre-publish
ZSK 1024→2048 -- Dual KSR
1024sign+publish
1024sign+publish
1024pre-publish
1024sign+publish
1024sign+publish
1024sign+publish
1024post-publish
1024sign+publish
2016 Q3 Jul-Sep 2016 Q4 Oct-Dec 2017 Q1Jan-MarCeremony 25 KSR, May 2016 Ceremony 26 KSR, Aug 2016 Ceremony 27 KSR, Nov 2016
28
![Page 29: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/29.jpg)
Verisign Public
Slot 1Jul 2016
Slot 2..8 Jul..Sep 2016
Slot 9Sep 2016
Slot 1Oct 2016
Slot 2..8Oct..Dec 2016
Slot 9Dec 2016
Slot 1Jan 2017
Slot 2..8Jan..Mar 2017
Slot 9Mar 2017
1024sign+publish
2048pre-publish
1024sign+publish
1024post-publish
2048sign+publish
2048sign+publish
2048sign+publish
2048post-publish
2048sign+publish
2048sign+publish
2048pre-publish
ZSK 1024→2048 -- Dual KSR
1024sign+publish
1024sign+publish
1024pre-publish
1024sign+publish
1024sign+publish
1024sign+publish
1024post-publish
1024sign+publish
Note: this is the same key
in both Q3 and Q4
2016 Q3 Jul-Sep 2016 Q4 Oct-Dec 2017 Q1Jan-MarCeremony 25 KSR, May 2016 Ceremony 26 KSR, Aug 2016 Ceremony 27 KSR, Nov 2016
29
![Page 30: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/30.jpg)
Verisign Public
Slot 1Jul 2016
Slot 2..8 Jul..Sep 2016
Slot 9Sep 2016
Slot 1Oct 2016
Slot 2..8Oct..Dec 2016
Slot 9Dec 2016
Slot 1Jan 2017
Slot 2..8Jan..Mar 2017
Slot 9Mar 2017
1024sign+publish
2048pre-publish
1024sign+publish
1024post-publish
2048sign+publish
2048sign+publish
2048sign+publish
2048post-publish
2048sign+publish
2048sign+publish
2048pre-publish
ZSK 1024→2048 -- Dual KSR
1024sign+publish
1024sign+publish
1024pre-publish
1024sign+publish
1024sign+publish
1024sign+publish
1024post-publish
1024sign+publish
Sign two KSRs at May 2016 Ceremony
Note: this is the same key
in both Q3 and Q4
2016 Q3 Jul-Sep 2016 Q4 Oct-Dec 2017 Q1Jan-MarCeremony 25 KSR, May 2016 Ceremony 26 KSR, Aug 2016 Ceremony 27 KSR, Nov 2016
30
![Page 31: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/31.jpg)
Verisign Public
Slot 1Jul 2016
Slot 2..8 Jul..Sep 2016
Slot 9Sep 2016
Slot 1Oct 2016
Slot 2..8Oct..Dec 2016
Slot 9Dec 2016
Slot 1Jan 2017
Slot 2..8Jan..Mar 2017
Slot 9Mar 2017
1024sign+publish
2048pre-publish
1024sign+publish
1024post-publish
2048sign+publish
2048sign+publish
2048sign+publish
2048post-publish
2048sign+publish
2048sign+publish
2048pre-publish
ZSK 1024→2048 -- Dual KSR
1024sign+publish
1024sign+publish
1024pre-publish
1024sign+publish
1024sign+publish
1024sign+publish
1024post-publish
1024sign+publish
Sign two KSRs at May 2016 Ceremony
Sign two KSRs at Aug 2016 Ceremony
Note: this is the same key
in both Q3 and Q4
2016 Q3 Jul-Sep 2016 Q4 Oct-Dec 2017 Q1Jan-MarCeremony 25 KSR, May 2016 Ceremony 26 KSR, Aug 2016 Ceremony 27 KSR, Nov 2016
31
![Page 32: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/32.jpg)
Verisign Public
Fallback Criteria
• Something unforeseen• Something very serious• Something that can not be solved by (temporarily)
disabling DNSSEC validation at a small number of recursive name servers.
32
![Page 33: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/33.jpg)
Verisign Public
Important Milestones
• Introduction of 2048-bit ZSK to zone (pre-publish)• Slot 9 of Q3
• Zone signed by 2048-bit ZSK• Slot 1 of Q4• Cached RRSIGs will expire over the course of a few days
• Removal of old 1024-bit ZSK (end of post-publish)• Point of No Return
33
![Page 34: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/34.jpg)
Verisign Public
A “Slot 9” Fallback
If a problem arises during the slot 9 2048-bit pre-publish phase:• Simply un-publish the 2048-bit ZSK from the root zone• Publish only the current 1024-bit ZSK• Continue signing with the current 1024-bit ZSK• There will be no ZSK roll for the next calendar quarter
34
![Page 35: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/35.jpg)
Verisign Public
A “Slot 1” Fallback
If a problem arises during slot 1 after signing with the 2048-bit ZSK:• Revert to signing with the old 1024-bit ZSK
• It is still being published
• When to remove 2048-bit ZSK from zone depends on nature and severity of problem
35
![Page 36: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/36.jpg)
Verisign Public
Test Your Network
keysizetest.verisignlabs.com
36
![Page 37: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/37.jpg)
Verisign Public
keysizetest.verisignlabs.com
37
![Page 38: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/38.jpg)
Verisign Public
Questions?
38
![Page 39: Increasing the Zone Signing Key Size for the Root Zone](https://reader034.vdocument.in/reader034/viewer/2022042907/5871463e1a28ab55588b5831/html5/thumbnails/39.jpg)
© 2016 VeriSign, Inc. All rights reserved. VERISIGN and other trademarks, service marks, and designs are registered or unregistered trademarks of VeriSign, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are property of their respective owners.