[dns-wg] NTIA NoI: does anyone care?
Matt Larson mlarson at verisign.com
Tue Oct 21 20:04:01 CEST 2008
On Tue, 21 Oct 2008, David Conrad wrote: > On Oct 21, 2008, at 10:34 AM, Matt Larson wrote: >> This choice was a very conscious decision to avoid concentrating >> control of the KSK in any single organization. > > That's not what I'm questioning. I don't think any proposal is putting > control in any single organization. Given the importance of the KSK, the > question is why would you ever want a situation where N is less than M. I think you mean "M is less than N". > It seems to me that lack of unanimity of the key (part) holders would be > just crazy. M < N allows for some parties not to be present, which might be reasonable depending on which parties make up the N. (As a practical matter, when hardware-based authorization tokens are used, M is always less than N, with additional tokens held in escrow or otherwise kept safe, so a failure can be tolerated.) Matt
[ dns-wg Archives ]