Secret-sharing for GPG?
Edward S. Marshall
emarshal at logic.net
Fri Dec 4 20:02:15 CET 1998
On Fri, 4 Dec 1998, brian moore wrote:
> It would be useful for other reasons, too. Things like 'role accounts'
> with the Internic are sort of stupid without key-sharing. Either
> everyone on the role-list has the same key (which means they can steal
> it if they leave and forge mail that breaks your name service) or you're
> back to having one person do the job which defeats the point of a role
> account. I have no idea how places that host a million domain
> customers handle it.
You don't need anything very fancy. Each individual who deals with
InterNIC transactions needs only to sign with their personal key and
submit to a local address, which just happens to be a quick script that
verifies the signature (rejecting the message if unauthorized), strips the
sig, and resigns it with the role signature, sending it off to
hostmaster at internic.net.
No muss, no fuss, and minimal work to get running.
Now, to really make that useful, you combine it with a local InterNIC
tracking system which tracks the progress of common tasks and
automatically responds to particular actions, or redirects responses to
the original local submitter. (Basically, you give every transaction a
local tracking number which you stick in the subject line of the message;
InterNIC always responds with it included in the new subject on the ACK,
which gives you the InterNIC tracking number which you reference all new
tasks from.)
That, however, is significantly more work to get running properly, and
requires a good deal of experimentation to help scripts automatically
recognize important responses (such as when to close the ticket ;-). It
took me a long time to trust it enough to hand it over to tech support...
I wish they'd just come up with a nice real-time system to talk to (which
they promised over a year and a half ago; I've probably still got the
email where they told me that); that would have eliminated all the
email-based tracking hackery I had to come up with. But this is truely
off-topic for this list, so I'll stop ranting now. ;-)
--
Edward S. Marshall <emarshal at logic.net> [ What goes up, must come down. ]
http://www.logic.net/~emarshal/ [ Ask any system administrator. ]
Linux labyrinth 2.1.129 #2 SMP Thu Nov 26 13:54:26 CST 1998 i586 unknown
7:50pm up 8 days, 5:03, 3 users, load average: 0.18, 0.06, 0.01
More information about the Gnupg-devel
mailing list