Re: [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
bmanning@vacation.karoshi.com Wed, 11 March 2009 02:58 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0EE83A6817; Tue, 10 Mar 2009 19:58:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.67
X-Spam-Level:
X-Spam-Status: No, score=-4.67 tagged_above=-999 required=5 tests=[AWL=-0.175, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sR2T5vIxGeb9; Tue, 10 Mar 2009 19:58:38 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id A90223A6970; Tue, 10 Mar 2009 19:58:38 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LhEWn-000Doe-Gt for namedroppers-data0@psg.com; Wed, 11 Mar 2009 02:50:41 +0000
Received: from [198.32.6.68] (helo=vacation.karoshi.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <bmanning@karoshi.com>) id 1LhEWh-000Do1-NK for namedroppers@ops.ietf.org; Wed, 11 Mar 2009 02:50:39 +0000
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id n2B2nVff013314; Wed, 11 Mar 2009 02:49:33 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id n2B2nSHF013313; Wed, 11 Mar 2009 02:49:28 GMT
Date: Wed, 11 Mar 2009 02:49:28 +0000
From: bmanning@vacation.karoshi.com
To: Michael StJohns <mstjohns@comcast.net>
Cc: Alfred Hönes <ah@tr-sys.de>, namedroppers@ops.ietf.org, dnsop@ietf.org
Subject: Re: [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
Message-ID: <20090311024928.GA13301@vacation.karoshi.com.>
References: <200903100248.DAA07637@TR-Sys.de> <E1Lh59Y-0005Xn-92@psg.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <E1Lh59Y-0005Xn-92@psg.com>
User-Agent: Mutt/1.4.1i
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
I really like the Shoup paper. But I've not seen too many implementations in the wild. :) --bill On Tue, Mar 10, 2009 at 12:49:55PM -0400, Michael StJohns wrote: > Hi Alfred - > > A better scheme for threshold signing for the root might be the Shoup paper: "Practical Threshold Signatures", Victor Shoup (sho@zurich.ibm.com), IBM Research Paper RZ3121, 4/30/99 > > The major difference between the two is that the Shamir system (which you describe) requires the base secret (private key) be reconstituted (by a trusted entity) before it can be used, where the Shoup system allows partial signatures with a public gather function. E.g. In a 3 of 5 system, each of the 3 key share holders partial-sign the data using their share of the private key and send it (as public data) to a central location where a gather function is used to form the actual signature. > > Shamir is nice in that it can be used for any set of key bits. But the reconstitution requirement is a point of weakness where the actual private key may be compromised. > > The Shoup system is only specified for RSA as far as I know. > > Mike > > > > At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: > >This tools might be of interest for implementors of DNSSEC, > >e.g. the folks wanting to distibute control over the future Root > >Zone primary Key Signing Keys between the RIRs and ICANN/IANA. > > > >The new version should hopefully be ready for implementation. > > > > > >----- Forwarded message from IETF I-D Submission Tool ----- > > > >> From: IETF I-D Submission Tool <idsubmission@ietf.org> > >> Message-Id: <20090309204424.AD5F73A687B@core3.amsl.com> > >> Date: Mon, 9 Mar 2009 13:44:24 -0700 (PDT) > >> Subject: New Version Notification for draft-mcgrew-tss-02 > > > >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly > >submitted by David McGrew and posted to the IETF repository. > > > >Filename: draft-mcgrew-tss > >Revision: 02 > >Title: Threshold Secret Sharing > >Creation_date: 2009-03-09 > >WG ID: Independent Submission > >Number_of_pages: 26 > > > >Abstract: > >Threshold secret sharing (TSS) provides a way to generate N shares > >from a value, so that any M of those shares can be used to > >reconstruct the original value, but any M-1 shares provide no > >information about that value. This method can provide shared access > >control on key material and other secrets that must be strongly > >protected. > > > >This note defines a threshold secret sharing method based on > >polynomial interpolation in GF(256) and a format for the storage and > >transmission of shares. It also provides usage guidance, describes > >how to test an implementation, and supplies test cases. > > > > > >The IETF Secretariat. > > > > > >----- End of forwarded message from IETF I-D Submission Tool ----- > > > > > >Kind regards, > > Alfred. > > > >-- > > > >+------------------------+--------------------------------------------+ > >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | > >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | > >| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | > >+------------------------+--------------------------------------------+ > > > > > >-- > >to unsubscribe send a message to namedroppers-request@ops.ietf.org with > >the word 'unsubscribe' in a single line as the message text body. > >archive: <http://ops.ietf.org/lists/namedroppers/> > > > > -- > to unsubscribe send a message to namedroppers-request@ops.ietf.org with > the word 'unsubscribe' in a single line as the message text body. > archive: <http://ops.ietf.org/lists/namedroppers/> -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] New Version Notification for draft-mcgre… Alfred Hönes
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… bmanning
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… David McGrew