On Fri, 30 Jul 2010, Joe Abley wrote:
One observation from a non-crypto operations guy that was drawn into
this project and has learnt a lot from having to implement the
infrastructure designed by real crypto people: security is not always
obvious. What seems like a flaw is often not, and what seems safe is
often risky. There is a great deal to learn about security engineering,
and what seems obvious is frequently not.
Trust is also based on perception, whether justified or not.
The participants in the community wanted this kind of key ceremony
and many ceremonial key holders for a variety of reasons. If the
community changes its mind in the future, and wants a different kind of
key ceremony and ceremonial key holders, then submit comments and propose
changes.
Whether Recovery Key Share Holders serve any useful role after the HSMs
are initialized is one of those questions that lots of beer may help.
