All,
On 2018-09-05 20:45, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Domain Name System Operations WG of the IETF.
Title : Reverse DNS in IPv6 for Internet Service Providers
During a coversation about the Yeti project, Davey Song brought up an
idea about using threshold signatures within DNSSEC. While he talked
about it primarily for the root zone within the context of having
multiple signers for it, I'm curious to know what operators think about
the concept for other
Hi Mukund.
I talked about this to Davey in Montreal. There's an implementation
in github[1] and presentations in OARC[2] and ICANN[3].
I'm not sure if its being used right now in a live zone, but certainly
in labs and testing. There's been some interests with academic
institutions, but don't think
On Thu, Sep 06, 2018 at 02:34:12PM -0300, Hugo Salgado-Hernández wrote:
> Hi Mukund.
> I talked about this to Davey in Montreal. There's an implementation
> in github[1] and presentations in OARC[2] and ICANN[3].
Aha so you're the original source :)
> I'm not sure if its being used right now in a
On 23:19 06/09, Mukund Sivaraman wrote:
> On Thu, Sep 06, 2018 at 02:34:12PM -0300, Hugo Salgado-Hernández wrote:
> > Hi Mukund.
> > I talked about this to Davey in Montreal. There's an implementation
> > in github[1] and presentations in OARC[2] and ICANN[3].
>
> Aha so you're the original source
How do you prevent compromise of the central service?
Steve
On Thu, Sep 6, 2018 at 3:02 PM, Hugo Salgado-Hernández
wrote:
> On 23:19 06/09, Mukund Sivaraman wrote:
> > On Thu, Sep 06, 2018 at 02:34:12PM -0300, Hugo Salgado-Hernández wrote:
> > > Hi Mukund.
> > > I talked about this to Davey in
On 15:08 06/09, Steve Crocker wrote:
> How do you prevent compromise of the central service?
>
For the initial setup a physical ceremony is necessary,
to check there's no extra subkeys and for secure transmision
of them. But afterwards there's no need. Each node can check
the final signature vali
Let me flag a key point. You said this scheme will *detect* faked
signatures. If you want to *prevent* faked signatures, you need additional
structure.
Steve
On Thu, Sep 6, 2018 at 3:22 PM, Hugo Salgado-Hernández
wrote:
> On 15:08 06/09, Steve Crocker wrote:
> > How do you prevent compromise
On 15:25 06/09, Steve Crocker wrote:
> Let me flag a key point. You said this scheme will *detect* faked
> signatures. If you want to *prevent* faked signatures, you need additional
> structure.
The orchestrator can detect faked signature pieces when is
merging them, before going live. So for th
On 9/6/2018 3:08 PM, Steve Crocker wrote:
How do you prevent compromise of the central service?
The "Dealer" is only doing confidential processing during the key
generation phase. Once that's done, you can do a wipe. The
subsequent signature operations are all distributed. The combine
o
My focus is on preventing the orchestrator from faking the signatures.
Steve
Sent from my iPhone
> On Sep 6, 2018, at 3:52 PM, Hugo Salgado-Hernández wrote:
>
>> On 15:25 06/09, Steve Crocker wrote:
>> Let me flag a key point. You said this scheme will *detect* faked
>> signatures. If you wa
I've read it. I think its cooked. I think we should move to WGLC.
I could quibble, but they'd be like tribbles. I think the author
should add me to the acknowledgements for NOT forcing tribbles into
the document.
"This is a poor inference." needed to be used more often.
-G
On Thu, Sep 6, 2018 at
Hi Mukund,
Thank you for proposing here for comments and discussion. I would like to
share more background on this if people are interested.
Actually I was inspired by several sources. One is the Multisignature
(https://en.bitcoin.it/wiki/Multisignature ) concept from Bitcoin which help
to reduc
13 matches
Mail list logo
