[dns-wg] NTIA NoI: does anyone care?

On Tue, 21 Oct 2008, David Conrad wrote:
> On Oct 21, 2008, at 4:43 AM, B C wrote:
>> However one point that I would strongly support from the Verisign  
>> proposal is the multi user stewardship of the KSK (the M of N  
>> principle)
>
> Just to be clear, the KSK signing ceremony is something that happens  
> rarely, e.g. O(years).  Given the importance of the event, it would seem 
> to me that it would be appropriate for attendance of all  
> observers/participants to be mandatory (if someone isn't able to come  
> for whatever reason, e.g., they've disappeared, that person/entity's  
> role should be reassigned prior to the ceremony).  As such, M of N would 
> imply that you could have non-unanimity in the creation of the KSK.  This 
> strikes me as a really questionable situation to get into.  Given the 
> relative rarity of the KSK generation event, I am unclear as to why the 
> added complexity of M of N is beneficial.  Could someone explain?

To be clear, M-of-N in the VeriSign proposal applies to both KSK
generation and KSK use, i.e., every time the KSK is used to sign a new
root zone keyset, M-of-N authorizers need to be present.  This form of
M-of-N is implemented in modern HSMs and can be done today.

This choice was a very conscious decision to avoid concentrating
control of the KSK in any single organization.  (Reading the proposal,
you will note that VeriSign is not proposing to control the KSK
itself.)  Since root keysets can be signed in advance (e.g., generate
X future ZSKs and then sign them all at once when M-of-N are present),
M-of-N authorization for the KSK need not be administratively onerous.

Matt