Re: [DNSOP] [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
Michael StJohns <mstjohns@comcast.net> Tue, 10 March 2009 16:49 UTC
Return-Path: <mstjohns@comcast.net>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 332BA3A6981 for <dnsop@core3.amsl.com>; Tue, 10 Mar 2009 09:49:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.728
X-Spam-Level:
X-Spam-Status: No, score=-1.728 tagged_above=-999 required=5 tests=[AWL=0.571, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1lhZbBMHEsA1 for <dnsop@core3.amsl.com>; Tue, 10 Mar 2009 09:49:21 -0700 (PDT)
Received: from QMTA07.westchester.pa.mail.comcast.net (qmta07.westchester.pa.mail.comcast.net [76.96.62.64]) by core3.amsl.com (Postfix) with ESMTP id 2E2F03A6967 for <dnsop@ietf.org>; Tue, 10 Mar 2009 09:49:20 -0700 (PDT)
Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA07.westchester.pa.mail.comcast.net with comcast id RNc81b00B1HzFnQ57UpwDr; Tue, 10 Mar 2009 16:49:56 +0000
Received: from MIKES-LAPTOM.comcast.net ([68.48.0.201]) by OMTA14.westchester.pa.mail.comcast.net with comcast id RUpv1b00H4LCBKY3aUpv6L; Tue, 10 Mar 2009 16:49:56 +0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Tue, 10 Mar 2009 12:49:55 -0400
To: Alfred Hönes <ah@tr-sys.de>, namedroppers@ops.ietf.org, dnsop@ietf.org
From: Michael StJohns <mstjohns@comcast.net>
In-Reply-To: <200903100248.DAA07637@TR-Sys.de>
References: <200903100248.DAA07637@TR-Sys.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <20090310164920.2E2F03A6967@core3.amsl.com>
X-Mailman-Approved-At: Tue, 10 Mar 2009 11:15:57 -0700
Subject: Re: [DNSOP] [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2009 16:49:22 -0000
Hi Alfred - A better scheme for threshold signing for the root might be the Shoup paper: "Practical Threshold Signatures", Victor Shoup (sho@zurich.ibm.com), IBM Research Paper RZ3121, 4/30/99 The major difference between the two is that the Shamir system (which you describe) requires the base secret (private key) be reconstituted (by a trusted entity) before it can be used, where the Shoup system allows partial signatures with a public gather function. E.g. In a 3 of 5 system, each of the 3 key share holders partial-sign the data using their share of the private key and send it (as public data) to a central location where a gather function is used to form the actual signature. Shamir is nice in that it can be used for any set of key bits. But the reconstitution requirement is a point of weakness where the actual private key may be compromised. The Shoup system is only specified for RSA as far as I know. Mike At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: >This tools might be of interest for implementors of DNSSEC, >e.g. the folks wanting to distibute control over the future Root >Zone primary Key Signing Keys between the RIRs and ICANN/IANA. > >The new version should hopefully be ready for implementation. > > >----- Forwarded message from IETF I-D Submission Tool ----- > >> From: IETF I-D Submission Tool <idsubmission@ietf.org> >> Message-Id: <20090309204424.AD5F73A687B@core3.amsl.com> >> Date: Mon, 9 Mar 2009 13:44:24 -0700 (PDT) >> Subject: New Version Notification for draft-mcgrew-tss-02 > >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly >submitted by David McGrew and posted to the IETF repository. > >Filename: draft-mcgrew-tss >Revision: 02 >Title: Threshold Secret Sharing >Creation_date: 2009-03-09 >WG ID: Independent Submission >Number_of_pages: 26 > >Abstract: >Threshold secret sharing (TSS) provides a way to generate N shares >from a value, so that any M of those shares can be used to >reconstruct the original value, but any M-1 shares provide no >information about that value. This method can provide shared access >control on key material and other secrets that must be strongly >protected. > >This note defines a threshold secret sharing method based on >polynomial interpolation in GF(256) and a format for the storage and >transmission of shares. It also provides usage guidance, describes >how to test an implementation, and supplies test cases. > > >The IETF Secretariat. > > >----- End of forwarded message from IETF I-D Submission Tool ----- > > >Kind regards, > Alfred. > >-- > >+------------------------+--------------------------------------------+ >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | >| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | >+------------------------+--------------------------------------------+ > > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/>
- [DNSOP] New Version Notification for draft-mcgrew… Alfred Hönes
- Re: [DNSOP] [dnsext] New Version Notification for… Michael StJohns
- Re: [DNSOP] [dnsext] New Version Notification for… bmanning
- Re: [DNSOP] [dnsext] New Version Notification for… Michael StJohns
- Re: [DNSOP] [dnsext] New Version Notification for… Michael StJohns
- Re: [DNSOP] [dnsext] New Version Notification for… David McGrew