[Swan-dev] multiple RSA keys for rollover, ipsec.secrets, ckaid issues

Paul Wouters paul at nohats.ca
Thu Apr 13 13:50:35 UTC 2017

On Thu, 13 Apr 2017, Antony Antony wrote:

>> I am looking at ensuring that RSA key rollover works. This is supposed
>> to be supported via leftrsasigkey= and leftrsasigkey2=
> Wouldn't a simple RSA keyrollover work with one key in the connection? May be you are thinking of an advanced case.

The use case is that IPSECKEY records are cached at various DNS caches,
so when changing a key, there will be a time when connections can be
expecting either your old or new key. So they must work at once for a
brief (TTL) time.

> I tested a simple case for east and road.
> Initially road has one key, key A.  road is the initiator and it is going to rollover its key pair.
> First update DNS IPSECKEY RR for road with the second key. Now it has two,  key A and key B.
> Road only has one private key, key A, Which means ipsec.secrets has exactly one entry.

This would cause a problem for anyone using the IPSECKEY RR with the
public key that road has no private key for?

>> 	leftrsasigkey=0sKEY1
>> 	leftrsasigkey2=0sKEY2
>> 	[...]
> Imagine road loaded both private keys. How would it choose the key to send ikev2 AUTH payload?
> How would initiator know to rollover? There is no expire timer? Valid until like a CERT.

That is why I was asking if anyone remembers how this was supposed to
work in the original design :)


More information about the Swan-dev mailing list