[145536] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold scheme?
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sat Jul 31 18:30:55 2010
Date: Sat, 31 Jul 2010 14:54:53 -0400
From: Adam Shostack <adam@homeport.org>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: cryptography@metzdowd.com
In-Reply-To: <E1Of5no-00071w-Ok@wintermute02.cs.auckland.ac.nz>
On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote:
| Apparently the DNS root key is protected by what sounds like a five-of-seven
| threshold scheme, but the description is a bit unclear. Does anyone know
| more?
|
| (Oh, and for people who want to quibble over "practically-deployed", I'm not
| aware of any real usage of threshold schemes for anything, at best you have
| combine-two-key-components (usually via XOR), but no serious use of real n-
| of-m that I've heard of. Mind you, one single use doesn't necessarily count
| as "practically deployed" either).
We had a 3 of 7 for the ZKS master keys back in the day. When we
tested, we discovered that no one had written the secret-combining
code, and so Ian Goldberg wrote some and posted it to usenix for
backup.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
