Welome to the Internet, here's your private key

[Peter Gutmann]

It is accepted practice among security people that you generate your own
private key.  It is also, unfortunately, accepted practice among non-security
people that your CA generates your private key for you and then mails it to you
as a PKCS #12 file (for bonus points the password is often included in the same
or another email).  Requests to have the client generate the key themselves and
submit the public portion for certification are met with bafflement, outright
refusal, or at best grudging acceptance if they're big enough to have some
clout.  This isn't a one-off exception, this is more or less the norm for
private industry working with established (rather than internal, roll-your-own)
CAs.  This isn't the outcome of pressure from shadowy government agencies, this
is just how things are done.  Be afraid.

(I have a paper in the works which covers things like this in some detail, but
 the number of times this has come up recently is sufficiently alarming that I
 thought I'd post a heads-up here to let others who aren't exposed to this sort
 of stuff know about it.  This also doesn't begin to go into the number of CAs
 who are re-certifying the same user key over and over again, year after year
 ("We haven't been informed that it's been compromised, so it's safe to keep
 using it for another year")).

Peter.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com