dnsext-3----Page:9
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
|
Our proposal: M-of-N rollover validation Given a security apex “.YY” where there are several keys, “N keys”. Furthermore the set of keys is signed by each key, i.e. there are N signatures over the keys. Then automatic tracking of key rollovers becomes possible if the resolver adopts the local policy: Best of all is that this can be achieved entirely outside the actual resolver, since this only affects the store of trusted keys, not the actual behaviour of the resolver. “If the set of keys changes, but the new set is signed by at least M keys that I already trust then I will accept every key in the new set as a trusted-key” |