On Fri, Dec 6, 2013 at 11:12 AM, David Conrad <[email protected]> wrote:
> On Dec 5, 2013, at 7:27 AM, Phillip Hallam-Baker <[email protected]> wrote: > > A better approach is to design the system so that it takes a defection > by more than one party. Instead of relying on just the ICANN root KSK > require a TLD to be signed by three out of five trusted national cryptolabs. > > Trusted by whom? E.g., trusted like NIST now? (No disrespect of folks at > NIST intended: just observing some may no longer view them as trustable) > I mean trusted in the technical sense of relying on them (albeit to a qualified degree). And it is important to note that trusted does not mean the same thing as trustworthy, a point I raised at one of the early trusted computing group efforts (only Microsoft seemed to take note or maybe they came up with the understanding independently). If you have a three out of five scheme one should choose five labs that are very likely to collude. The UK, US, Australia, Canada and New Zealand would not be a very good choice. The UK, France, Russia, India and Brazil would be a rather better one. Of maybe you would want to have the EFF or the like in there (if they could set up a secure facility and maintain it at acceptable cost). > I personally believe a better approach is to make the operation of the > system extremely public and documented such that it doesn't matter who is > involved since the risk would be too high that attempts at compromise would > be observed. This is what ICANN tried to do with the root KSK (one can > argue whether they succeeded). > These do not need to be exclusive, nor was that my proposal. I would expect any national cryptolab to follow the established industry practices. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
