On 13 Aug 2015, at 13:04, Stephen Farrell wrote:
On 13/08/15 17:33, Joe Abley wrote:
On 13 Aug 2015, at 12:18, Dave Crocker wrote:
On 8/13/2015 9:14 AM, Stewart Bryant wrote:
Many of the interesting cases can be addressed by some mixture of
extreme key fragmentation with escrow fragmented across a set
of organizations that are both unable and unlikely to collude, but
would co-operate with an appropriate third party if presented with
the appropriate justification.
That's theory that could reasonably sound appealing. Are there
real-world examples of a model like this showing the desired
properties
that balance safety and utility?
Management of root zone DNSSEC Key Signing Key (KSK).
I don't think those are at all the same.
Very good, then. Turns out that inferring the topic of conversation by
1:100 sampling of messages in threads on this list is a bad idea.
So no, not the same in many ways, including the important aspect
that the KSK backup system is reality whereas the other is fantasy.
:-)
PS: A nit, but I assume that it is not "copies" of the KSK you
meant but rather cryptographic shares in that key which are an
entirely different thing.
Yes, apologies for the loose description.
Joe