[145572] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold
daemon@ATHENA.MIT.EDU (Peter Trei)
Mon Aug 2 09:26:19 2010
Date: Mon, 02 Aug 2010 08:06:26 -0400
From: Peter Trei <treip@responseconcepts.com>
To: Adam Shostack <adam@homeport.org>
CC: Peter Gutmann <pgut001@cs.auckland.ac.nz>, cryptography@metzdowd.com
In-Reply-To: <20100731185453.GA4543@homeport.org>
On 7/31/2010 2:54 PM, Adam Shostack wrote:
> On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote:
> | Apparently the DNS root key is protected by what sounds like a five-o=
f-seven
> | threshold scheme, but the description is a bit unclear. Does anyone =
know
> | more?
> |
> | (Oh, and for people who want to quibble over "practically-deployed", =
I'm not
> | aware of any real usage of threshold schemes for anything, at best y=
ou have
> | combine-two-key-components (usually via XOR), but no serious use of =
real n-
> | of-m that I've heard of. Mind you, one single use doesn't necessari=
ly count
> | as "practically deployed" either).
>
> We had a 3 of 7 for the ZKS master keys back in the day. When we
> tested, we discovered that no one had written the secret-combining
> code, and so Ian Goldberg wrote some and posted it to usenix for
> backup.
> =20
At RSA Security back in the early 2000s, I devised protection schemes,=20
and wrote product code using 5 of 7 Shamir secret sharing for certain=20
products.
Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
