[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

Michael StJohns msj at nthpermutation.com
Mon Sep 22 19:14:29 UTC 2014

On 9/22/2014 2:53 PM, David Conrad wrote:
>> >I am personally aware of (c).  I have never viewed the time as an issue; I am there to perform a task and I would like to see it done correctly.
> Thank you (sincerely) for your efforts.  However, I’ve been told by several people that it is becoming increasingly challenging to get sufficient TCRs to show up for key ceremonies.

Hmm... this may be something else to consider.  Right now, we're doing 
pretty much straight signature stuff.  The policy enforced by the HSM is 
simply "if enabled by sufficient smart cards, then sign the data 
offered".  That requires everyone to mostly be in one room.

Instead, if you had an HSM which had a policy wrapper around the KSK key 
that said "I will sign something if I can verify that N of K other 
authorized entities have signed the exact thing".   Each of the TCRs 
does a signature using their own key (using smart card etc) over the new 
KSK data.  Each of those signed blobs is fed into the HSM one at a time 
until the HSM was able to identify N valid and different signatures and 
signers of the same data, at which point it emits its own signature over 
that object.

The feeding in of the signed blobs becomes a local administrative issue 
rather than a critical cryptographic process.

Doing something like this with Javacard would be simple.  It also means 
that the partial signers get an extended chance to examine the data to 
be signed prior to the signing action.

Just another possibility.


More information about the ksk-rollover mailing list