Re: [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
Michael StJohns <mstjohns@comcast.net> Wed, 11 March 2009 03:40 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9888F3A6833; Tue, 10 Mar 2009 20:40:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.927
X-Spam-Level:
X-Spam-Status: No, score=-0.927 tagged_above=-999 required=5 tests=[AWL=-0.490, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NrUAuYZ7njoW; Tue, 10 Mar 2009 20:40:09 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 4A1213A681D; Tue, 10 Mar 2009 20:40:09 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1LhFEc-000G9O-E5 for namedroppers-data0@psg.com; Wed, 11 Mar 2009 03:35:58 +0000
Received: from [76.96.62.24] (helo=QMTA02.westchester.pa.mail.comcast.net) by psg.com with esmtp (Exim 4.69 (FreeBSD)) (envelope-from <mstjohns@comcast.net>) id 1LhFEW-000G8T-Nz for namedroppers@ops.ietf.org; Wed, 11 Mar 2009 03:35:55 +0000
Received: from OMTA10.westchester.pa.mail.comcast.net ([76.96.62.28]) by QMTA02.westchester.pa.mail.comcast.net with comcast id Reyc1b0070cZkys52fbrRC; Wed, 11 Mar 2009 03:35:51 +0000
Received: from MIKES-LAPTOM.comcast.net ([68.48.0.201]) by OMTA10.westchester.pa.mail.comcast.net with comcast id Rfbq1b00E4LCBKY3Wfbqru; Wed, 11 Mar 2009 03:35:51 +0000
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Tue, 10 Mar 2009 23:35:50 -0400
To: bmanning@vacation.karoshi.com
From: Michael StJohns <mstjohns@comcast.net>
Subject: Re: [dnsext] New Version Notification for draft-mcgrew-tss-02 (fwd)
Cc: Alfred Hönes <ah@tr-sys.de>, namedroppers@ops.ietf.org, dnsop@ietf.org
In-Reply-To: <20090311024928.GA13301@vacation.karoshi.com.>
References: <200903100248.DAA07637@TR-Sys.de> <E1Lh59Y-0005Xn-92@psg.com> <20090311024928.GA13301@vacation.karoshi.com.>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Message-Id: <E1LhFEc-000G9O-E5@psg.com>
I've got one. I modified an implementation of Shoup by Steve Weis which does raw RSA sigs to do PKCS1-v1.5 RSA signatures and from those to do DNSSEC signing. It allows the generation and wrapping of shares under remotely generated public keys - e.g. share holder public keys. When signatures are required, the data to be signed is sent to the share holders who decrypt their share with their private key, do a partial signature and return the signature share to the central location (or post it to a mailing list :-) ). The zone manager combines the partial signatures into a DNSSEC formatted RRSIG, verifies the signature is correct across the RRSet and then publishes it. Let me see if I can get permission to distribute it. Hmm.. looks like he's posted the underlying libraries. See http://code.google.com/p/threshsig/updates/list Mike At 10:49 PM 3/10/2009, bmanning@vacation.karoshi.com wrote: > I really like the Shoup paper. But I've not seen too many implementations in the wild. :) > >--bill > > >On Tue, Mar 10, 2009 at 12:49:55PM -0400, Michael StJohns wrote: >> Hi Alfred - >> >> A better scheme for threshold signing for the root might be the Shoup paper: "Practical Threshold Signatures", Victor Shoup (sho@zurich.ibm.com), IBM Research Paper RZ3121, 4/30/99 >> >> The major difference between the two is that the Shamir system (which you describe) requires the base secret (private key) be reconstituted (by a trusted entity) before it can be used, where the Shoup system allows partial signatures with a public gather function. E.g. In a 3 of 5 system, each of the 3 key share holders partial-sign the data using their share of the private key and send it (as public data) to a central location where a gather function is used to form the actual signature. >> >> Shamir is nice in that it can be used for any set of key bits. But the reconstitution requirement is a point of weakness where the actual private key may be compromised. >> >> The Shoup system is only specified for RSA as far as I know. >> >> Mike >> >> >> >> At 10:48 PM 3/9/2009, Alfred =?hp-roman8?B?SM5uZXM=?= wrote: >> >This tools might be of interest for implementors of DNSSEC, >> >e.g. the folks wanting to distibute control over the future Root >> >Zone primary Key Signing Keys between the RIRs and ICANN/IANA. >> > >> >The new version should hopefully be ready for implementation. >> > >> > >> >----- Forwarded message from IETF I-D Submission Tool ----- >> > >> >> From: IETF I-D Submission Tool <idsubmission@ietf.org> >> >> Message-Id: <20090309204424.AD5F73A687B@core3.amsl.com> >> >> Date: Mon, 9 Mar 2009 13:44:24 -0700 (PDT) >> >> Subject: New Version Notification for draft-mcgrew-tss-02 >> > >> >A new version of I-D, draft-mcgrew-tss-02.txt has been successfuly >> >submitted by David McGrew and posted to the IETF repository. >> > >> >Filename: draft-mcgrew-tss >> >Revision: 02 >> >Title: Threshold Secret Sharing >> >Creation_date: 2009-03-09 >> >WG ID: Independent Submission >> >Number_of_pages: 26 >> > >> >Abstract: >> >Threshold secret sharing (TSS) provides a way to generate N shares >> >from a value, so that any M of those shares can be used to >> >reconstruct the original value, but any M-1 shares provide no >> >information about that value. This method can provide shared access >> >control on key material and other secrets that must be strongly >> >protected. >> > >> >This note defines a threshold secret sharing method based on >> >polynomial interpolation in GF(256) and a format for the storage and >> >transmission of shares. It also provides usage guidance, describes >> >how to test an implementation, and supplies test cases. >> > >> > >> >The IETF Secretariat. >> > >> > >> >----- End of forwarded message from IETF I-D Submission Tool ----- >> > >> > >> >Kind regards, >> > Alfred. >> > >> >-- >> > >> >+------------------------+--------------------------------------------+ >> >| TR-Sys Alfred Hoenes | Alfred Hoenes Dipl.-Math., Dipl.-Phys. | >> >| Gerlinger Strasse 12 | Phone: (+49)7156/9635-0, Fax: -18 | >> >| D-71254 Ditzingen | E-Mail: ah@TR-Sys.de | >> >+------------------------+--------------------------------------------+ >> > >> > >> >-- >> >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >> >the word 'unsubscribe' in a single line as the message text body. >> >archive: <http://ops.ietf.org/lists/namedroppers/> >> >> >> >> -- >> to unsubscribe send a message to namedroppers-request@ops.ietf.org with >> the word 'unsubscribe' in a single line as the message text body. >> archive: <http://ops.ietf.org/lists/namedroppers/> > >-- >to unsubscribe send a message to namedroppers-request@ops.ietf.org with >the word 'unsubscribe' in a single line as the message text body. >archive: <http://ops.ietf.org/lists/namedroppers/> -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- [dnsext] New Version Notification for draft-mcgre… Alfred Hönes
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… bmanning
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… Michael StJohns
- Re: [dnsext] New Version Notification for draft-m… David McGrew