Have you seen the #DNSSEC Root Signing Ceremony??
https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/
Participants:
The Ceremony Administrator
An Internal Witness
The Credentials Safe Controller
The Hardware Safe Controller
Crypto Officer #1
Crypto Officer #2
Crypto Officer #3
"Their roles are divided in a way that ensures less than a 1:1,000,000 chance that a group of conspirators could compromise the root-signing key, assuming a 5% dishonesty rate amongst these individuals. "
@rysiek The way I understood it was that each participant can be dishonest 5% of the time. If they are all dishonest at that rate - and there is only a root signing ceremony every few months - a "group of conspirators" (subset of 7) have less than a one-one-millionth chance to compromise the key.
@uranther 7 individuals, 5% dishonesty rate?
What does that even mean? 100/7 = ~14%. A person can either be dishonest, or not.
Or are we talking about them being somewhat dishonest, some of the time?..
I don't get it.