Re: [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
David McGrew <mcgrew@cisco.com> Thu, 12 March 2009 21:54 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3B04E3A69D2; Thu, 12 Mar 2009 14:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.472
X-Spam-Level:
X-Spam-Status: No, score=-3.472 tagged_above=-999 required=5 tests=[AWL=-2.977, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id njEUs1Dx2rDA; Thu, 12 Mar 2009 14:54:40 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 0A4F43A6AAB; Thu, 12 Mar 2009 14:54:40 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1Lhslm-000C79-Vv for namedroppers-data0@psg.com; Thu, 12 Mar 2009 21:48:50 +0000
Received: from [66.92.146.20] (helo=stora.ogud.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <namedroppers@stora.ogud.com>) id 1Lhsli-000C6t-0R for namedroppers@ops.ietf.org; Thu, 12 Mar 2009 21:48:48 +0000
Received: from stora.ogud.com (localhost [127.0.0.1]) by stora.ogud.com (8.14.3/8.14.3) with ESMTP id n2CLmiT3033286 for <namedroppers@ops.ietf.org>; Thu, 12 Mar 2009 17:48:44 -0400 (EDT) (envelope-from namedroppers@stora.ogud.com)
Received: (from namedroppers@localhost) by stora.ogud.com (8.14.3/8.14.3/Submit) id n2CLmidO033285 for namedroppers@ops.ietf.org; Thu, 12 Mar 2009 17:48:44 -0400 (EDT) (envelope-from namedroppers)
Received: from [171.71.176.72] (helo=sj-iport-3.cisco.com) by psg.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from <mcgrew@cisco.com>) id 1LhWtt-0003q4-Ad for namedroppers@ops.ietf.org; Wed, 11 Mar 2009 22:27:51 +0000
X-IronPort-AV: E=Sophos;i="4.38,346,1233532800"; d="scan'208";a="141703846"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-3.cisco.com with ESMTP; 11 Mar 2009 22:27:44 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id n2BMRia4027146; Wed, 11 Mar 2009 15:27:44 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n2BMRiL6012975; Wed, 11 Mar 2009 22:27:44 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 11 Mar 2009 15:27:44 -0700
Received: from stealth-10-32-254-214.cisco.com ([10.32.254.214]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 11 Mar 2009 15:27:43 -0700
Message-Id: <150BF658-516A-4643-A0C5-34AFADEE6700@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: mstjohns@comcast.net
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v930.3)
Subject: Re: [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
Date: Wed, 11 Mar 2009 15:27:42 -0700
Cc: Alfred HÎnes <ah@tr-sys.de>, dnsop@ietf.org, namedroppers@ops.ietf.org
X-Mailer: Apple Mail (2.930.3)
X-OriginalArrivalTime: 11 Mar 2009 22:27:44.0294 (UTC) FILETIME=[99080C60:01C9A298]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1770; t=1236810464; x=1237674464; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mcgrew@cisco.com; z=From:=20David=20McGrew=20<mcgrew@cisco.com> |Subject:=20Re=3A=20[dnsext]=20New=20Version=20Notification =20for=20draft-mcgrew-tss-02=20(fwd) |Sender:=20; bh=l0ZiyNz47aS+wUeTvf2uGTOEnsK26xsLLIFBnznON34=; b=rt7aKznzVqG8j2AbyCYHHFXFdamvgpMP1HPu2/iqSZnyvSrE+njE//1TEs uop9WtvGl7Ko/Wi9pjiY2+KjEXw0J5mvL88uhwRqv4JPR6TwPwpAkuSK0fuC e6N8ksu2cA;
Authentication-Results: sj-dkim-3; header.From=mcgrew@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Scanned-By: MIMEDefang 2.64 on 66.92.146.20
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
[ Moderators note: Post was moderated, either because it was posted by a non-subscriber, or because it was over 20K. With the massive amount of spam, it is easy to miss and therefore delete relevant posts by non-subscribers. Please fix your subscription addresses. ] Hi Mike, > Hi Alfred - > A better scheme for threshold signing for the root might be the > Shoup paper: "Practical Threshold Signatures", Victor Shoup (sho@zurich.ibm.com > ), IBM Research Paper RZ3121, 4/30/99 > The major difference between the two is that the Shamir system > (which you describe) requires the base secret (private key) be > reconstituted (by a trusted entity) before it can be used, where the > Shoup system allows partial signatures with a public gather > function. E.g. In a 3 of 5 system, each of the 3 key share holders > partial-sign the data using their share of the private key and send > it (as public data) to a central location where a gather function is > used to form the actual signature. I agree that threshold signatures have nice security properties, and that Shoup's PTS method looks good, especially because its signature- share generation step does not require any interaction between the signers. As you say, the TSS draft lacks the partial-signature capability, but TSS does have the benefit of simplicity. > Shamir is nice in that it can be used for any set of key bits. But > the reconstitution requirement is a point of weakness where the > actual private key may be compromised. The Shoup system is only > specified for RSA as far as I know. Shoup's PTS method requires the use of a trusted dealer to generate the private keys of all of the signers. So while it eliminates the need for a trusted dealer during the signing step, it does not eliminate that need entirely. (At least this is the case for the paper that you cited above; if there is work that eliminates the trusted dealer, I would be very interested to see it.) best regards, David -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] New Version Notification for draft-mcgre… Alfred Hönes
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… bmanning
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… David McGrew