[145529] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold scheme?
daemon@ATHENA.MIT.EDU (Jakob Schlyter)
Sat Jul 31 18:04:42 2010
From: Jakob Schlyter <jakob@kirei.se>
In-Reply-To: <E1Of5no-00071w-Ok@wintermute02.cs.auckland.ac.nz>
Date: Sat, 31 Jul 2010 21:30:13 +0200
Cc: cryptography@metzdowd.com
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
On 31 jul 2010, at 08.44, Peter Gutmann wrote:
> Apparently the DNS root key is protected by what sounds like a =
five-of-seven
> threshold scheme, but the description is a bit unclear. Does anyone =
know
> more?
The DNS root key is stored in HSMs. The key backups (maintained by =
ICANN) are encrypted with a storage master key (SMK), created inside the =
HSM and then split among 7 people (aka "Recovery Key Share Holders"). To =
recover the SMK in case of all 4 HSMs going bad, 5 of 7 key shares are =
required. (https://www.iana.org/dnssec/icann-dps.txt section 5.2.4)
According to the FIPS 140-2 Security Policy of the HSM, an AEP Keyper, =
the M-of-N key split is done using a La Grange interpolating Polynomial.
I'd be happy to answer any additional questions,
jakob (part of the team who designed and implemented this)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
