Subject: CAcert Code Development list.
List archive
- From: Srijith K <sk.list AT gmail.com>
- To: cacert-devel AT lists.cacert.org
- Subject: [CAcert-Devel] Implementing CACert root server backend using Threshold Crypto?
- Date: Wed, 17 Nov 2004 09:59:04 +0100
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=Y1m/R1ruC/c0Rxs+FSDcS91nO73TyAzIEBqILht+PLciLdbeD5ic80fTYh/hwB/X7lWpw68D/I6gXYan6Nsb+2dcwMDJrO9h/PUqa//w4TnbicP7oJYMNmK0X6eP5d6thtfkxWNeHwm00StsV9AwBZbxu7qJ1lx8yH6SeChi/3Q=
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-devel>
- List-id: "CAcert Code Development list." <cacert-devel.lists.cacert.org>
Hi,
Is it too far fetched if I ask whether there have been any discussion
on implementing the CACert root server backend using Threshold
Cryptographic primitives?
The basic idea of using Threshold Crypto is that the CA's secret key
will never be stored at one single server, rather it is distributed
among several servers. Even when it has to be used, the secret key
never needs to be reconstructed at one single place.
This will bring in a whole new level of fault/intrusion tolerance into
the system.
The ITTC project at http://crypto.stanford.edu/~dabo/ITTC/ has already
implemented a CA using this concept.
Any thoughts?
- [CAcert-Devel] Implementing CACert root server backend using Threshold Crypto?, Srijith K, 11/17/2004
Archive powered by MHonArc 2.6.16.