On Thu, Jan 09, 2014 at 10:36:23AM -0800, Tony Arcieri wrote: > I'd actually look at DNSSEC as something of an antipattern. They ostensibly > seem to be using One Key To Rule Them all and a Shamir-like secret sharing > scheme. > > This makes less sense to me than a multisignature trust system / threshold > signature system with n root keys and a threshold t such that we need t of > n signatures in order for something to be considered signed. > > While I'm sure they took great care to airgap and delete the DNSSEC root > key from the computer it was generated on, that's an unnecessary risk that > simply doesn't have to exist. > > Furthermore a multisignature trust system makes it easy to rotate the root > keys: if one is compromised you simply sign a new root key document with t > of n signatures again, listing out the newly reissued public key. > > -- > Tony Arcieri
A talk from 29C3 explains the DNSSEC root key generation process: "An overview of secure name resolution" http://mirror.netcologne.de/CCC/congress/29C3/mp4-h264-HQ/29c3-5146-en-an_overview_of_secure_name_resolution_h264.mp4 http://youtu.be/eOGezLjlzFU if you prefer YouTube. -- staticsafe _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography