[145534] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold scheme?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Sat Jul 31 18:07:03 2010
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <E1Of5no-00071w-Ok@wintermute02.cs.auckland.ac.nz>
Date: Sat, 31 Jul 2010 23:14:41 +0200
Cc: cryptography@metzdowd.com
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
On Jul 31, 2010, at 8:44 12AM, Peter Gutmann wrote:
> Apparently the DNS root key is protected by what sounds like a =
five-of-seven
> threshold scheme, but the description is a bit unclear. Does anyone =
know
> more?
>=20
> (Oh, and for people who want to quibble over "practically-deployed", =
I'm not
> aware of any real usage of threshold schemes for anything, at best you =
have
> combine-two-key-components (usually via XOR), but no serious use of =
real n-
> of-m that I've heard of. Mind you, one single use doesn't necessarily =
count
> as "practically deployed" either).
There is circumstantial evidence that such schemes were deployed for =
U.S. nuclear weapons command and control. I also wonder if it's used =
for some of the NSA's root keys -- they run very large PKIs.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
