[dns-operations] Ceremony-next (was: Separating .ARPA operations from the root zone)

[Ángel]

On 2020-08-07 at 14:08 -0400, Phillip Hallam-Baker wrote:
> I am of course aware of the cost of PKI ceremonies. I taught the
> VeriSign ceremony course. I am thinking of separating the ceremonies
> as a longer term goal and there is technology developed since we wrote
> the VeriSign ceremonies that allows the cost to be greatly reduced. 
> 
> One way sequence technology and threshold signatures mean that it is
> no longer necessary for key ceremony key holders to meet in the same
> physical location. Nobody is going to let us try out new technology on
> the root zone. But we can probably get away with that for .arpa and
> then transition the dot to that approach.
> 
> 
> So what I would suggest is:
> 1) Separate the hosts for .ARPA from the root zone hosts.
> 2) Create a separate set of HSMs for .ARPA but administer them within
> the ICANN root ceremony
> 3) Transition ARPA to next generation technology which avoids the need
> to meet to perform ceremonies in person.
> 
(Maybe not the most suited mailing list for this topic, but following on
the original one)

How are you envisioning the new ceremony to work?
I was expecting that to be based on some remote signing, but then you
both mention they would be physically administered in the ICANN root
ceremony and there would be no in-person meetings.

A (cryptographically) signed affidavit “I command thou, HSM 0xBADBEEF to
sign 5ebe2294ecd0e0f08eab7690d2a6ee69 with the secret that lies beneath
you” by N witnesses?

Some kind of multi-party computation?


In fact, if the verifying code wasn't frozen, it'd be trivial to have a
distributed root signature based on a given quorum of signatories, with
the HSM only as backups, but that's not an option now.


Best regards