[dns-operations] [Ext] Re: Contingency plans for the next Root KSK Ceremony

Phillip Hallam-Baker phill at hallambaker.com
Wed Apr 1 22:03:48 UTC 2020

It is an interesting problem and one that we did not have to consider when
we built the VeriSign root.

I don't have a practical answer to the immediate problem. But assuming that
this is going to remain an ongoing issue, perhaps we should start looking
at threshold signature techniques that would allow future ceremonies to be
physically separated should the need arise.

Given that this would require FIPS140 hardware to be built to the specs
etc... This is not a short fix, the horizon for deployment would be five
years minimum. But the longer we delay, the longer it will take.

I have developed an initial threshold signatures paper

That does not (quite) provide the answer you need. But my colleagues at
Waterloo have developed a similar scheme 'FROST' which might have what is
needed. FROST extends the work to allow signature keys to be created in a
distributed process rather than being generated centrally and then split as
mine does.

We will be discussing my proposal to adopt this as a CFRG work item at the
virtual interim on Wednesday Apr-22-2020 0900
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200401/0ef69c53/attachment.html>

More information about the dns-operations mailing list