An increasingly common requirement in distributed network environments is the need to distribute security mechanisms across several network components. This includes both cryptographic key
distribution and cryptographic computation. Most proposed se
curity mechanisms are based on threshold cryptography, which allows a cryptographic computation to be shared amongst network
components in such a way that a threshold of active components are required for the security operation to be successfully enabled. Although there are many different proposed techniques available, we feel that the practical issues that determine both what kind of technique is selected for implementation and how it is implemented are often glossed over. In this paper we thus establish a new framework for network security architects to apply when considering adoption of such mechanisms. This framework identifies the critical design decisions that need to be taken into account and is intended to aid both design and implementation. As part of this framework we propose a taxonomy of management models and application environments. We also demonstrate the utility of the framework by applying it to a VPN environment.
