On Sat, Jul 31, 2010 at 06:44:12PM +1200, Peter Gutmann wrote: | Apparently the DNS root key is protected by what sounds like a five-of-seven | threshold scheme, but the description is a bit unclear. Does anyone know | more? | | (Oh, and for people who want to quibble over "practically-deployed", I'm not | aware of any real usage of threshold schemes for anything, at best you have | combine-two-key-components (usually via XOR), but no serious use of real n- | of-m that I've heard of. Mind you, one single use doesn't necessarily count | as "practically deployed" either).
We had a 3 of 7 for the ZKS master keys back in the day. When we tested, we discovered that no one had written the secret-combining code, and so Ian Goldberg wrote some and posted it to usenix for backup. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
