Is this the first ever practically-deployed use of a threshold scheme?

Jeffrey Schiller jis at MIT.EDU
Mon Aug 2 10:51:41 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

OK. I'm being a bit lazy but...

I've read through the ceremony script and all that, but I have a
simple question which the script documents didn't really answer:

Does the root KSK exist in a form that doesn't require the HSM to
re-join, or more to the point if the manufacturer of the HSM fails, is
it possible to re-join the key and load it into a different vendor's
HSM?

In other words, is the value that is split the "raw" key, or is it in
some proprietary format or encrypted in some vendor internal key?

Back in the day we used an RSA SafeKeyper to store the IPRA key (there
is a bit of history, we even had a key ceremony with Vint Cerf in
attendance). This was the early to mid '90s.

The SafeKeyper had an internal tamper key that was used to encrypt all
exported backups (in addition to the threshold secrets required). If
the box failed, you could order one with the same internal tamper
key. However you could not obtain the tamper key and you therefore
could not choose to switch HSM vendors.

                        -Jeff


- -- 
========================================================================
Jeffrey I. Schiller
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis at mit.edu
http://jis.qyv.name
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFMVtt98CBzV/QUlSsRAvCRAJ0esya4xAMEXsFOFUF0kcBaue40owCfRsjZ
Ep+hF6LLzEcS+BDQYPvNbfg=
=qzNb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list