M of N Control
Hey guys, got another question. I am going to take my test this week. Was taking a practice exam from Sybex this weekend and came upon a question about M of N control. I have not heard of this before, and the only thing I have found so far was a website basically explaining it to be similiar to seperation of duties. I wanted to run this by you guys and see what ya'll had to say about it. ALSO... what is De facto?
Comments
reassembled to reconstruct the original secret. This might be used to allow a secret value to be shared by "n" external recipients without risking any compromise to the secret.
De Facto generally means a standard by consensus, that is no formal standards body declared it. For example Microsoft Word is the De Facto word processor used in the business world or Windows is the De Facto operating system shipped on new PC's.
Buy the way you will also find it mentioned in internet RFC3740 Multicast Group Security Architecture.
However, you don't want all officers to be required, in case one or more of them become incapacitated.
"Many archive systems use the M of N Control to ensure no single administrator can abuse the key recovery process. This access-control mechanism creates a PIN number during the archive process and splits the number into two or more parts (N is the number of parts). Each part is given to a separate key-recovery agent (a person authorized to retrieve a user's private key). The recovery system can reconstruct the PIN number only if M number of agents provide their individual PIN numbers. For M of N Control to work, N must be greater than one and M must be less than or equal to N."