On Thu, Jan 9, 2014 at 7:51 AM, Thierry Moreau <thierry.mor...@connotech.com > wrote:
> I would suggest that the DNSSEC deployment at the root would be a good > case study for IT security management, from an historic perspective. The > primary source documents, and the conclusion of such case study, could be > helpful to you but ... > I'd actually look at DNSSEC as something of an antipattern. They ostensibly seem to be using One Key To Rule Them all and a Shamir-like secret sharing scheme. This makes less sense to me than a multisignature trust system / threshold signature system with n root keys and a threshold t such that we need t of n signatures in order for something to be considered signed. While I'm sure they took great care to airgap and delete the DNSSEC root key from the computer it was generated on, that's an unnecessary risk that simply doesn't have to exist. Furthermore a multisignature trust system makes it easy to rotate the root keys: if one is compromised you simply sign a new root key document with t of n signatures again, listing out the newly reissued public key. -- Tony Arcieri
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography