Apparently the DNS root key is protected by what sounds like a five-of-seven
threshold scheme, but the description is a bit unclear. Does anyone know
more?
(Oh, and for people who want to quibble over "practically-deployed", I'm not
aware of any real usage of threshold schemes for anything, at b
On 31 jul 2010, at 08.44, Peter Gutmann wrote:
> Apparently the DNS root key is protected by what sounds like a five-of-seven
> threshold scheme, but the description is a bit unclear. Does anyone know
> more?
The DNS root key is stored in HSMs. The key backups (maintained by ICANN) are
encrypte
On Jul 31, 2010, at 8:44 12AM, Peter Gutmann wrote:
> Apparently the DNS root key is protected by what sounds like a five-of-seven
> threshold scheme, but the description is a bit unclear. Does anyone know
> more?
>
> (Oh, and for people who want to quibble over "practically-deployed", I'm not
On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote:
| Apparently the DNS root key is protected by what sounds like a five-of-seven
| threshold scheme, but the description is a bit unclear. Does anyone know
| more?
|
| (Oh, and for people who want to quibble over "practically-deployed",
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/31/2010 02:44 AM, Peter Gutmann wrote:
> Apparently the DNS root key is protected by what sounds like a
> five-of-seven threshold scheme, but the description is a bit
> unclear. Does anyone know more?
>
> (Oh, and for people who want to quibble
On Sat, 31 Jul 2010, Jakob Schlyter wrote:
On 31 jul 2010, at 08.44, Peter Gutmann wrote:
Apparently the DNS root key is protected by what sounds like a five-of-seven
threshold scheme, but the description is a bit unclear. Does anyone know
more?
The DNS root key is stored in HSMs. The key b
Thanks to all the folks who pointed out uses of m-of-n threshold schemes,
however all of them have been for the protection of one-off, very high-value
keys under highly controlled circumstances by trained personnel, does anyone
know of any significant use by J.Random luser? I'm interested in this
Peter Gutmann wrote:
Apparently the DNS root key is protected by what sounds like a five-of-seven
threshold scheme, but the description is a bit unclear. Does anyone know
more?
Dear Peter,
It's about time the PKI experts have a look at DNSSEC ...
Let me try to convey my understanding to you
> (In a threshold cryptosystem, the shares would be used in a protocol to
> perform the desired cryptographic operation [e.g., signing] without ever
> reconstructing the real secret.) Has real threshold cryptography never
> been used anywhere?
Yes, the root key for the SET consortium was done
Thierry Moreau writes:
>With the next key generation for DNS root KSK signature key, ICANN may have
>an opportunity to improve their procedure.
What they do will really depend on what their threat model is. I suspect that
in this case their single biggest threat was "lack of display of sufficie
On 1 aug 2010, at 16.43, Thierry Moreau wrote:
> Technically, the USG requested FIPS-140-2 level 4 HSM technology for the DNS
> root signing gear. This implies a single source, with a very inflexible user
> interface (no special personalization of the HSM for the DNSSEC project). The
> threshol
On Sat, 31 Jul 2010, Jakob Schlyter wrote:
> The DNS root key is stored in HSMs. The key backups (maintained by ICANN)
> are encrypted with a storage master key (SMK), created inside the HSM and
> then split among 7 people (aka "Recovery Key Share Holders"). To recover the
> SMK in case of all 4 HS
Jakob Schlyter wrote:
On 1 aug 2010, at 16.43, Thierry Moreau wrote:
Technically, the USG requested FIPS-140-2 level 4 HSM technology for the DNS
root signing gear. This implies a single source, with a very inflexible user
interface (no special personalization of the HSM for the DNSSEC projec
Jonathan Katz wrote:
On Sat, 31 Jul 2010, Jakob Schlyter wrote:
On 31 jul 2010, at 08.44, Peter Gutmann wrote:
Apparently the DNS root key is protected by what sounds like a
five-of-seven
threshold scheme, but the description is a bit unclear. Does anyone
know
more?
The DNS root key is s
Peter Gutmann wrote:
Thierry Moreau writes:
With the next key generation for DNS root KSK signature key, ICANN may have
an opportunity to improve their procedure.
What they do will really depend on what their threat model is. I suspect that
in this case their single biggest threat was "lack
On Aug 1, 2010, at 7:10 AM, Peter Gutmann wrote:
Thanks to all the folks who pointed out uses of m-of-n threshold
schemes,
however all of them have been for the protection of one-off, very
high-value
keys under highly controlled circumstances by trained personnel,
does anyone
know of any si
Jerry Leichter writes:
>One could certainly screw up the design of a recovery system, but one
>would have to try. There really ought not be that much of difference
>between recovering from m pieces and recovering from one.
There's a *huge* difference, see my previous posting on this the las
On Aug 2, 2010, at 2:30 AM, Peter Gutmann wrote:
Jerry Leichter writes:
One could certainly screw up the design of a recovery system, but one
would have to try. There really ought not be that much of difference
between recovering from m pieces and recovering from one.
There's a *huge* diff
On 7/31/2010 2:54 PM, Adam Shostack wrote:
On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote:
| Apparently the DNS root key is protected by what sounds like a five-of-seven
| threshold scheme, but the description is a bit unclear. Does anyone know
| more?
|
| (Oh, and for people who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OK. I'm being a bit lazy but...
I've read through the ceremony script and all that, but I have a
simple question which the script documents didn't really answer:
Does the root KSK exist in a form that doesn't require the HSM to
re-join, or more to th
Jerry Leichter writes:
>Here's how I would do it: Key segments are stored on USB sticks. There's a
>spot on the device with m USB slots, two buttons, and red and green LED's.
>You put your "USB keys" into the slots and push the first button. If the red
>LED lights - you don't have enough sticks
On 2 aug 2010, at 16.51, Jeffrey Schiller wrote:
> Does the root KSK exist in a form that doesn't require the HSM to
> re-join, or more to the point if the manufacturer of the HSM fails, is
> it possible to re-join the key and load it into a different vendor's
> HSM?
With the assistance of the ve
On 2 aug 2010, at 08.30, Peter Gutmann wrote:
> For the case of DNSSEC, what would happen if the key was lost? There'd be a
> bit of turmoil as a new key appeared and maybe some egg-on-face at ICANN, but
> it's not like commercial PKI with certs with 40-year lifetimes hardcoded into
> every br
Peter Gutmann wrote:
That's a good start, but it gets a bit more complicated than that in practice
because you've got multiple components, and a basic red light/green light
system doesn't really provide enough feedback on what's going on. What you'd
need in practice is (at least) some sort of c
> There is more than the UI at stake here, i.e. the basic functionality of
> the scheme. Say you distribute shares in a 4 out of 7 scheme (ABCDEF)
> and share A is published on the web. How do you recover from the
> remaining 3 out of 6 scheme into a 4 out of 6 scheme without having a
> key cer
Tanja Lange wrote:
There is more than the UI at stake here, i.e. the basic functionality of
the scheme. Say you distribute shares in a 4 out of 7 scheme (ABCDEF)
and share A is published on the web. How do you recover from the
remaining 3 out of 6 scheme into a 4 out of 6 scheme without having
On Sun, Aug 1, 2010 at 7:10 AM, Peter Gutmann wrote:
> ...does anyone know of any significant use [of split keys] by
> J.Random luser? I'm interested in this from a usability point
> of view.
>
Maybe not J.Random but J.Corporate...
A few jobs ago back in the late '90s, I worked for Network Assoc
27 matches
Mail list logo
