S Moonesamy <sm+icann@elandsys.com> wrote: > At 06:39 PM 04-04-2020, Michael Richardson wrote: >> https://www.iana.org/dnssec/dps/zsk-operator/dps-zsk-operator-v2.0.pdf says: >> >> 5.2.2. Private key (m-of-n) multi-person control >> Verisign has implemented technical and procedural mechanisms that >> require the participation of multiple trusted individuals to perform >> sensitive cryptographic operations. Verisign uses "Secret Sharing" >> to split the activation data needed to make use of a RZ ZSK private >> key into separate parts called "Secret Shares" which are held by >> trained and trusted individuals called "Shareholders." A threshold >> number of Secret Shares (m) out of the total number of Secret Shares >> created and distributed for a particular HSM (n) is required to >> activate a RZ ZSK private key stored on the module. The threshold >> number of shares needed to sign a root Zone File is 3. It should be >> noted that the number of shares distributed for disaster recovery >> tokens may be less than the number distributed for operational HSMs, >> while the threshold number of required shares remains the same. >> Secret Shares are protected in accordance with this DPS. >> >> --- > The document which you cited is for the Root Zone Maintainer (Verisign). yes, I realize that there are two documents. They are at least 70% identical. >> I would think that the different HSM would synchornize the encrypted copy of >> the private key, and thus the split secret would be the same n pieces. >> Of course, the key could be moved to another HSM by the initial m-of-n >> people, it could be *re*-encrypted to n' pieces and some other m' people >> required. The n and n' people could completely or partially overlap. > There are four HSMs. Any one of them can be used for a KSK Ceremony. Yes, I guess that split material contains the entire context needed, and that nothing is actually stored in the HSM. >> {BTW: When I read the KSK ceremony script, at: >> >> https://data.iana.org/ksk-ceremony/40/20200216-KC40-Ceremony_Script_Annotate... >> >> I see that the KSR arrives on a smartcard.} > A Flash Drive is inserted in Step 5 (Page 14). The KSR is on it. It seems like the weakest link, btw. >> (BTW: I recognize that I'm reading KSK and ZSK documents at the same time) >> >> I was surprised at the lack of references in the dps documents to any theory >> about how this process was created. This is what I am looking for: a >> palette of ways to make key ceremonies for a variety of different threat >> levels. > I suggest looking at NIST SP 800-57. Thank you. I knew that such a thing existed, but I am very weak in the NIST-fu. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-