On Tue, 21 Oct 2008, David Conrad wrote:
On Oct 21, 2008, at 4:43 AM, B C wrote:
However one point that I would strongly support from the Verisign proposal is the multi user stewardship of the KSK (the M of N principle)
Just to be clear, the KSK signing ceremony is something that happens rarely, e.g. O(years). Given the importance of the event, it would seem to me that it would be appropriate for attendance of all observers/participants to be mandatory (if someone isn't able to come for whatever reason, e.g., they've disappeared, that person/entity's role should be reassigned prior to the ceremony). As such, M of N would imply that you could have non-unanimity in the creation of the KSK. This strikes me as a really questionable situation to get into. Given the relative rarity of the KSK generation event, I am unclear as to why the added complexity of M of N is beneficial. Could someone explain?
To be clear, M-of-N in the VeriSign proposal applies to both KSK generation and KSK use, i.e., every time the KSK is used to sign a new root zone keyset, M-of-N authorizers need to be present. This form of M-of-N is implemented in modern HSMs and can be done today. This choice was a very conscious decision to avoid concentrating control of the KSK in any single organization. (Reading the proposal, you will note that VeriSign is not proposing to control the KSK itself.) Since root keysets can be signed in advance (e.g., generate X future ZSKs and then sign them all at once when M-of-N are present), M-of-N authorization for the KSK need not be administratively onerous. Matt