On 13/08/15 17:33, Joe Abley wrote:
On 13 Aug 2015, at 12:18, Dave Crocker wrote:
On 8/13/2015 9:14 AM, Stewart Bryant wrote:
Many of the interesting cases can be addressed by some mixture of
extreme key fragmentation with escrow fragmented across a set
of organizations that are both unable and unlikely to collude, but
would co-operate with an appropriate third party if presented with
the appropriate justification.
That's theory that could reasonably sound appealing. Are there
real-world examples of a model like this showing the desired properties
that balance safety and utility?
Management of root zone DNSSEC Key Signing Key (KSK).
I don't think those are at all the same. The KSK case is basically
a once-off tiny-scale key storage thing run by relatively mutually
trusting parties where misbehaviour should be apparent or would be
pointless.
The mythical system Stuart is imagining would need to handle
extremely mutually untrusting parties at Internet scale in a system
that's basically supposed to support exactly the kind of thing that
would constitute misbehaviour in the KSK case.
So no, not the same in many ways, including the important aspect
that the KSK backup system is reality whereas the other is fantasy.
S.
PS: A nit, but I assume that it is not "copies" of the KSK you
meant but rather cryptographic shares in that key which are an
entirely different thing.