[145596] in cryptography@c2.net mail archive
Re: Is this the first ever practically-deployed use of a threshold scheme?
daemon@ATHENA.MIT.EDU (Jakob Schlyter)
Tue Aug 3 11:36:16 2010
From: Jakob Schlyter <jakob@kirei.se>
In-Reply-To: <4C56DB7D.5080202@mit.edu>
Date: Tue, 3 Aug 2010 00:16:34 +0200
Cc: cryptography@metzdowd.com
To: Jeffrey Schiller <jis@MIT.EDU>
On 2 aug 2010, at 16.51, Jeffrey Schiller wrote:
> Does the root KSK exist in a form that doesn't require the HSM to
> re-join, or more to the point if the manufacturer of the HSM fails, is
> it possible to re-join the key and load it into a different vendor's
> HSM?
With the assistance of the vendor (or their employees), it would be =
possible to reassemble the storage master key (SMK) by combining 5 of 7 =
key shares, then decrypting the key backup. There is nothing in the HSM =
units itself that is needed for a key restore.
> In other words, is the value that is split the "raw" key, or is it in
> some proprietary format or encrypted in some vendor internal key?
The value that is split is the SMK, used to encrypt the actual key. The =
actual key is not split and, once in production, is never to be =
transported outside the ICANN Key Management Facility.
> Back in the day we used an RSA SafeKeyper to store the IPRA key (there
> is a bit of history, we even had a key ceremony with Vint Cerf in
> attendance). This was the early to mid '90s.
Aha, that's why Vint was so on top of things during the East Coast key =
ceremony :-)
> The SafeKeyper had an internal tamper key that was used to encrypt all
> exported backups (in addition to the threshold secrets required). If
> the box failed, you could order one with the same internal tamper
> key. However you could not obtain the tamper key and you therefore
> could not choose to switch HSM vendors.
In this case, the SMK =3D=3D the tamper key.
jakob
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
