On 8/06/2011, at 10:59 AM, Michael Newbery wrote:
Which leads me to ask, is if possible for no one person to know the key, but rather to have just a portion of a key?
Not if the controls are followed. In any system, ours as proposed for .nz, or the TCR system for the root, collusion between multiple bad actors can lead to controls being subverted and key material stolen.
Regardless, and in support of Dean's position I think, can we have the exact processes around the keeping of the keys set out on an open forum so we can evaluate them?
That's what publishing the DPS is intended to achieve. Is the level of detail in there on key management processes sufficient? I should, in tandem with Andy's commitment, firmly commit that we in NZRS will only proceed with DNSSEC plans that have community acceptance. In fact this is something we feel so strongly about that before we published our DNSSEC plans we proposed to our regulator (DNCL) that community acceptance of our plans be a formal metric in our SLA. Hence my desire to have this discussion in public and not private, so that people get a fair go at hearing the various concerns and explanations and can make informed assessments of our proposals. cheers Jay
-- Michael Newbery IP Architect TelstraClear Limited
TelstraClear. Simple Solutions. Everyday Residential 0508 888 800 Business 0508 555 500 Enterprise & Government 0508 400 300
This email contains information which may be confidential and subject to copyright. If you are not the intended recipient you must not use, distribute or copy this email or attachments. If you have received this email in error please notify us immediately by return email and delete this email and any attachments. TelstraClear Limited accepts no responsibility for changes made to this email or to any attachments after transmission from TelstraClear Limited. It is your responsibility to check this email and any attachments for viruses. Emails are not secure. They can be intercepted, amended, lost or destroyed and may contain viruses. Anyone who communicates with TelstraClear Limited by email is taken to accept these risks. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
-- Jay Daley Chief Executive .nz Registry Services (New Zealand Domain Name Registry Limited) desk: +64 4 931 6977 mobile: +64 21 678840