Is this the first ever practically-deployed use of a threshold scheme?

[Peter Gutmann]

Thierry Moreau <thierry.moreau at connotech.com> writes:

>With the next key generation for DNS root KSK signature key, ICANN may have
>an opportunity to improve their procedure.

What they do will really depend on what their threat model is.  I suspect that
in this case their single biggest threat was "lack of display of sufficient
due diligence", thus all the security calisthenics (remember the 1990s Clipper
key escrow procedures, which involved things like having keys generated on a
laptop in a vault with the laptop optionally being destroyed afterwards, just
another type of security theatre to reassure users).  Compare that with the
former mechanism for backing up the Thawte root key, which was to keep it on a
floppy disk in Mark Shuttleworth's sock drawer because no-one would ever look
for it there.  Another example of this is the transport of an 1894-S dime
(worth just under 2 million dollars) across the US, which was achieved by
having someone dress in somewhat grubby clothes and fly across the country in
cattle class with the slabbed coin in his pocket, because no-one would imagine
that some random passenger on a random flight would be carrying a ~$2M coin.
So as this becomes more and more routine I suspect the accompanying
calisthenics will become less impressive.

(What would you do with the DNSSEC root key if you had it?  There are many 
vastly easier attack vectors to exploit than trying to use it, and even if you 
did go to the effort of employing it, it'd be obvious what was going on as 
soon as you used it and your fake signed data started appearing, c.f. the 
recent Realtek and JMicron key issues.  So the only real threat from its loss 
seems to be acute embarassment for the people involved, thus the due-diligence 
exercise).

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com