During a coversation about the Yeti project, Davey Song brought up an idea about using threshold signatures within DNSSEC. While he talked about it primarily for the root zone within the context of having multiple signers for it, I'm curious to know what operators think about the concept for other zones, and if there's any interest in having a working implementation.
DNSKEY RRs contain public keys. Corresponding secret keys are managed by signing entities in various ways: * It may be for a low-risk zone and a human may leave the key on the nameserver itself * The key may be held by some number of trustworthy staff offline and when signing is required, one of them signs the zone and returns the signed zone * It may be managed by an automated system under the control of one or more people * It may be held in a locked computer system which may be accessed when multiple trustworthy "keepers" are present * There may be schemes like this: https://www.icann.org/news/blog/the-problem-with-the-seven-keys In many of these cases, it may be possible for one rogue person to sign records against the wish of the rest of the trustworthy group appointed by a zone owner. Even though it's unlikely, it's possible to do so because the control over secret key material may be available to one person, even if it is wrapped in multiple layers. The concept of threshold crypto is that there is a public DNSKEY, for which the secret key is not available in a single form where it can be reconstructed. Instead, N members of a group have some key material each respectively, and any M (< N) members of the group may work together to prepare RRSIGs by using their respective key materials individually, and collaborating to generate the signatures. It may be possible for such a scheme to be compatible with existing DNSSEC algorithms. Is there any operator interest in this? Mukund _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
