On 8/6/11 12:22 PM, "Jay Daley"
On 8/06/2011, at 10:59 AM, Michael Newbery wrote:
Which leads me to ask, is if possible for no one person to know the key, but rather to have just a portion of a key?
Not if the controls are followed.
In any system, ours as proposed for .nz, or the TCR system for the root, collusion between multiple bad actors can lead to controls being subverted and key material stolen.
And unless I'm missing something, all that takes for .nz is the collusion of two people: one SA and one SO. The root by contrast requires much greater collusion. The paragraph I have a little trouble with is: "A System Administrator is allowed to physically access the device containing the keys. A Security Officer is allowed to access the keystore holding the keys." Cast in the passive voice, this doesn't actually tell me who enforces this, nor in what manner.
That's what publishing the DPS is intended to achieve. Is the level of detail in there on key management processes sufficient?
Close, in fact maybe this discussion will establish that they are sufficient. -- Michael Newbery IP Architect TelstraClear Limited TelstraClear. Simple Solutions. Everyday Residential 0508 888 800 Business 0508 555 500 Enterprise & Government 0508 400 300 This email contains information which may be confidential and subject to copyright. If you are not the intended recipient you must not use, distribute or copy this email or attachments. If you have received this email in error please notify us immediately by return email and delete this email and any attachments. TelstraClear Limited accepts no responsibility for changes made to this email or to any attachments after transmission from TelstraClear Limited. It is your responsibility to check this email and any attachments for viruses. Emails are not secure. They can be intercepted, amended, lost or destroyed and may contain viruses. Anyone who communicates with TelstraClear Limited by email is taken to accept these risks.