* Tony Finch [2014-02-13 21:56]: > There was some discussion last month about dispersing trust in the root. > http://www.ietf.org/mail-archive/web/dnsop/current/msg10977.html > > This inspired me to write up a concrete proposal for the > quorum-of-witnesses idea that I have vaguely suggested several > times over the last few years.
The proposed approach disperses the trust into which TA to choose and when to rollover to a new TA. However, it does not disperse the trust that the TA is not misused and not compromised. If I have to fully trust the TA private key holder anyway, my personal assessment would be to trust their TA publication channel as well, e.g. the ones in draft-jabley-dnssec-trust-anchor. The problem I see is the asymmetry of roles between the TA private key holder and the witnesses. The witnesses have no means to assert that the TA holder does not share the key with their government or anybody else. To disperse the trust of a key, you would need a threshold cryptosystem where the TA private key portions are shared among equal peers. Regards, Matt -- Universität Duisburg-Essen Verteilte Systeme Bismarckstr. 90 / BC 316 47057 Duisburg
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
