[Opendnssec-user] Key rollovers
aristima at csc.fi
Mon Nov 16 09:02:24 UTC 2009
On Mon, 2009-11-16 at 10:41 +0200, Jakob Schlyter wrote:
> On 16 nov 2009, at 08.22, Antti Ristimäki wrote:
> > Just wondering, whether it's possible to add some level of extra
> > authentication to the key rollover process? Now, if one can access the
> > OpenDNSSEC server with sufficient privileges, he or she can trigger the
> > key rollover by giving the "ods-ksmutil key rollover..." command,
> > right?
> I understand your concern, but since a large part of the security model of OpenDNSSEC relies on the signer being secure it's a rather large change. if that would not be the case, I think we'd have a lot of other issues that might be important as well.
> we could however considering adding a "are you sure?" question to the more "destructive" commands of ods-ksmutil. would that help?
Hi Jakob and thanks for your response. I don't know if a "are you sure?"
kind of confirmation question would add so much to the overall security.
I agree that the utmost security of the signer itself is the key factor
when designing a secure signing system.
This being the case, one should consider very carefully how to arrange
the management access to the signer server. If a single administrator is
able to log in to the signer and gain root privileges, he or she becomes
quite an attractive target...
More information about the Opendnssec-user