On Thu, Sep 6, 2018 at 2:15 PM Steve Crocker wrote:
> I've been thinking about a version of this problem for several years.
> Attached are a short paper and presentation on the topic of a tamperproof
> root zone update system. The ideas are also applicable to other levels in
> the DNS tree.
>
>
Great stuff Steve. John Gilmore and I talked about the use of byzantine
quorum systems for key management at ISOC in 1998. And Olaf Kolkman, Johan
Ihren and I proposed such a system in 2005 as an alternative to what became
RFC 5011. I built a DNS system that used these ideas for DNS key
managemen
I also ask the same question and look for solutions. I do find a statement from
a paper (The Honey Badger of BFT Protocols@ CCS 2016) that " if an trusted
party is unavailable, then a distributed key generation protocol could be used
instead (c.f., Boldyreva [11])."
[11] A. Boldyreva. Threshold