On 9/22/2014 2:53 PM, David Conrad wrote:
I am personally aware of (c). I have never viewed the time as an issue; I am there to perform a task and I would like to see it done correctly. Thank you (sincerely) for your efforts. However, I’ve been told by several people that it is becoming increasingly challenging to get sufficient TCRs to show up for key ceremonies.
Hmm... this may be something else to consider. Right now, we're doing pretty much straight signature stuff. The policy enforced by the HSM is simply "if enabled by sufficient smart cards, then sign the data offered". That requires everyone to mostly be in one room. Instead, if you had an HSM which had a policy wrapper around the KSK key that said "I will sign something if I can verify that N of K other authorized entities have signed the exact thing". Each of the TCRs does a signature using their own key (using smart card etc) over the new KSK data. Each of those signed blobs is fed into the HSM one at a time until the HSM was able to identify N valid and different signatures and signers of the same data, at which point it emits its own signature over that object. The feeding in of the signed blobs becomes a local administrative issue rather than a critical cryptographic process. Doing something like this with Javacard would be simple. It also means that the partial signers get an extended chance to examine the data to be signed prior to the signing action. Just another possibility. Mike