From the Beginning: Key Transitions in the First 15 Years of DNSSEC

When the global rollout of the DNS Security Extensions (DNSSEC) began in 2005, it started a first-of-its-kind trial: increasing complexity of a core Internet protocol in favor of better security for the overall Internet. The necessary cryptographic key management is made particularly challenging by DNS' loosely-federated delegation substrate and unprecedented cryptographic scale. Though fundamental for current and future operational success, our community lacks a clear notion of how to empirically evaluate the process of securely changing (or transitioning) keys. In this paper, we propose two building blocks to fundamentally understand and assess key transitions. First, the anatomy of key transitions: measurable and well-defined properties of key changes; and second a novel classification model based on this anatomy to describe key transitions practices in abstract terms. Our anatomy enables the evaluation of cryptographic keys' life cycles in general, and comparison of operational practices with prescribed key management processes, e.g., RFC key rollover guidelines. The fine-grained transition anatomy is then abstracted through our classification model to characterize transitions in abstract terms which rather describe a transition's behavior than its specific features. The applicability and utility of our proposed transition anatomy and transition classes are exemplified for the global DNSSEC deployment. Specifically, we use measurements from the first 15 years of the DNSSEC rollout to detect and measure which key rollover/transitions have been used, to what degree, and what their rates of errors and warnings have been. Our results show measurable gaps between prescribed key management processes and key transitions in the wild. We also find evidence that such noncompliant transitions are inevitable in the wild.