Flexible and Robust Key Rollover in DNSSEC

DNSSEC security extensions make use of a publicprivate key pair to sign and validate origin and integrity of DNS data. The ability to renew keys is a standard operational practice in the deployment of DNSSEC. This key renewal, or actually key rollover, is a complex and error prone process. We propose a new method for key rollover in which not the individual procedural steps of a rollover are specified, but the validity of a step in the rollover process is specified. The rollover process can now find an optimal and correct path from an old key to a new key. The proposed method is robust, is effective in emergency situations in which a compromised key must be rolled over in the shortest amount of time possible, and allows for efficient combined rollover of multiple keys. The new key rollover method presented in this paper is implemented and integrated within the OpenDNSSEC software framework.