Secret-sharing for GPG?

[brian moore]

On Fri, Dec 04, 1998 at 08:02:15PM -0600, Edward S. Marshall wrote:
> On Fri, 4 Dec 1998, brian moore wrote:
> > It would be useful for other reasons, too.  Things like 'role accounts'
> > with the Internic are sort of stupid without key-sharing.  Either
> > everyone on the role-list has the same key (which means they can steal
> > it if they leave and forge mail that breaks your name service) or you're
> > back to having one person do the job which defeats the point of a role
> > account.   I have no idea how places that host a million domain
> > customers handle it.
> 
> You don't need anything very fancy. Each individual who deals with
> InterNIC transactions needs only to sign with their personal key and
> submit to a local address, which just happens to be a quick script that
> verifies the signature (rejecting the message if unauthorized), strips the
> sig, and resigns it with the role signature, sending it off to
> hostmaster at internic.net.

This breaks when someone steals the key from the central server: they
now have the ability to get around the "must have 2 signatures" rules.
If they copy it to a floppy, they can keep it as an insurance package
for when they get canned.

Icky.

There are ways to split keys (mathematically) that allow key sharing
with no central secret key storage.  The "business" versions of PGP
claim to have it, though I haven't seen it.  (I don't do Windows. :))

(I'd love to know how they do it protocol wise, because there are
interesting problems to solve to make it usable like allowing for it to
be handled in a time-shifted mechanism like email when not everyone can
open a socket to each other at the same time.)

-- 
Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster