Re: [DNSOP] [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
David McGrew <mcgrew@cisco.com> Wed, 11 March 2009 22:27 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF8B63A690A for <dnsop@core3.amsl.com>; Wed, 11 Mar 2009 15:27:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.499
X-Spam-Level:
X-Spam-Status: No, score=-6.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZWeJq9Cx6rJ for <dnsop@core3.amsl.com>; Wed, 11 Mar 2009 15:27:08 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id EE2043A6A84 for <dnsop@ietf.org>; Wed, 11 Mar 2009 15:27:07 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.38,346,1233532800"; d="scan'208";a="141703846"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-3.cisco.com with ESMTP; 11 Mar 2009 22:27:44 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id n2BMRia4027146; Wed, 11 Mar 2009 15:27:44 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n2BMRiL6012975; Wed, 11 Mar 2009 22:27:44 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 11 Mar 2009 15:27:44 -0700
Received: from stealth-10-32-254-214.cisco.com ([10.32.254.214]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 11 Mar 2009 15:27:43 -0700
Message-Id: <150BF658-516A-4643-A0C5-34AFADEE6700@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: mstjohns@comcast.net
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Wed, 11 Mar 2009 15:27:42 -0700
X-Mailer: Apple Mail (2.930.3)
X-OriginalArrivalTime: 11 Mar 2009 22:27:44.0294 (UTC) FILETIME=[99080C60:01C9A298]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1770; t=1236810464; x=1237674464; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20David=20McGrew=20<mcgrew@cisco.com> |Subject:=20Re=3A=20[dnsext]=20New=20Version=20Notification =20for=20draft-mcgrew-tss-02=20(fwd) |Sender:=20; bh=l0ZiyNz47aS+wUeTvf2uGTOEnsK26xsLLIFBnznON34=; b=rt7aKznzVqG8j2AbyCYHHFXFdamvgpMP1HPu2/iqSZnyvSrE+njE//1TEs uop9WtvGl7Ko/Wi9pjiY2+KjEXw0J5mvL88uhwRqv4JPR6TwPwpAkuSK0fuC e6N8ksu2cA;
Authentication-Results: sj-dkim-3; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Mailman-Approved-At: Wed, 11 Mar 2009 16:29:12 -0700
Cc: namedroppers@ops.ietf.org, Alfred HÎnes <ah@tr-sys.de>, dnsop@ietf.org
Subject: Re: [DNSOP] [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2009 22:27:09 -0000
Hi Mike, > Hi Alfred - > A better scheme for threshold signing for the root might be the > Shoup paper: "Practical Threshold Signatures", Victor Shoup (sho@zurich.ibm.com > ), IBM Research Paper RZ3121, 4/30/99 > The major difference between the two is that the Shamir system > (which you describe) requires the base secret (private key) be > reconstituted (by a trusted entity) before it can be used, where the > Shoup system allows partial signatures with a public gather > function. E.g. In a 3 of 5 system, each of the 3 key share holders > partial-sign the data using their share of the private key and send > it (as public data) to a central location where a gather function is > used to form the actual signature. I agree that threshold signatures have nice security properties, and that Shoup's PTS method looks good, especially because its signature- share generation step does not require any interaction between the signers. As you say, the TSS draft lacks the partial-signature capability, but TSS does have the benefit of simplicity. > Shamir is nice in that it can be used for any set of key bits. But > the reconstitution requirement is a point of weakness where the > actual private key may be compromised. The Shoup system is only > specified for RSA as far as I know. Shoup's PTS method requires the use of a trusted dealer to generate the private keys of all of the signers. So while it eliminates the need for a trusted dealer during the signing step, it does not eliminate that need entirely. (At least this is the case for the paper that you cited above; if there is work that eliminates the trusted dealer, I would be very interested to see it.) best regards, David
- [DNSOP] New Version Notification for draft-mcgrew… Alfred Hönes
- Re: [DNSOP] [dnsext] New Version Notification for… Michael StJohns
- Re: [DNSOP] [dnsext] New Version Notification for… bmanning
- Re: [DNSOP] [dnsext] New Version Notification for… Michael StJohns
- Re: [DNSOP] [dnsext] New Version Notification for… Michael StJohns
- Re: [DNSOP] [dnsext] New Version Notification for… David McGrew