[128299] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Web expert on his 'catastrophe' key for the internet

daemon@ATHENA.MIT.EDU (Marshall Eubanks)
Fri Jul 30 01:59:30 2010

From: Marshall Eubanks <tme@americafree.tv>
To: James Hess <mysidia@gmail.com>
In-Reply-To: <AANLkTi=0R4eGEq3W0iJgc=kYbHhn05k6FeX-ZsaY+=hT@mail.gmail.com>
Date: Fri, 30 Jul 2010 01:59:13 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org


On Jul 30, 2010, at 12:55 AM, James Hess wrote:

> On Thu, Jul 29, 2010 at 10:23 PM, Franck Martin <franck@genius.com>  
> wrote:
>> Hmmm, from the interview of the British guy, the smart card seems  
>> to be in UK (he did a lapsus on it), which differs from what you  
>> describe.
>
> You gotta read up on the whole ceremony and   their statement of
> practices:   https://www.iana.org/dnssec/icann-dps.txt ...


Hmm. Looks like an RFC, but isn't. Do you know if there are any plans  
to actually publish this ?

Regards
Marshall

>  Crypto
> Officers are different from  Recovery Key Share Holders.
> Crypto officers hold a key to a safe deposit box in the safe room
> Safe 2,  containing the operator cards.
> "Tier 5"



>
> Each vault contains a Tamper-evident bag (TEB)  with a smart card
> required to authenticate with the HSM to perform crypto operations.
> Those cards don't leave the facility.
> The operatorscards are  only authentication tokens,  the key is stored
> on the hardware security modules.
>
> Hardware security modules, and the laptop+DVD+USB Flash stick required
> to operate them are stored in
> tamper evident bags in Safe 1.
>
> There are 7 crypto officers per site, but only  3 are required to
> authenticate to the HSM  to enable it to perform operations.
>
> The recovery key share holders  have a key to a bank safety deposit
> box under _their own_ control,
> containing a smartcard in  tamper-evident bag,     holding part of
> the     HSM's  internal encryption key.
>
> Each  RKSH has to provide and maintain records of where they are
> storing their smartcard.
> 7  RKSH per site, but only 5 are required for recovery operations.
>
>
> --
> -J
>
>
home help back first fref pref prev next nref lref last post