PKI root signing ceremony, etc.

[Peter Gutmann]

"Dave Howe" <DaveHowe at gmx.co.uk> writes:

>Key management and auditing is pretty much external to the actual software
>regardless of which solution you use I would have thought.

Not necessarily.  I looked at this in an ACSAC'2000 paper (available from
http://www.acsac.org/2000/abstracts/18.html).  This uses a TP-capable database
as its underlying engine, providing the necessary auditing capabilities for
all CA operations.  This was desgined to meet the security/auditing
requirements in a number of PKI standards (see the paper for full details,
I've still got about 30cm of paper stacked up somewhere from this).  The paper
is based on implementation experience with cryptlib, you can't do anything
without generating an audit trail provided you have proper security on the TP
system (that is, a user can't inject arbitrary transactions into the system or
directly access the database files).  I tested the setup by running it inside
a debugger and resetting/halting the program at every point in a transaction,
and it recovered from each one.  It can be done, it's just a lot of work to
get right.

I should mention after having done all that work that most CAs rely on
physical and personnel security more than any automatic logging/auditing.
Take a PC and an HSM, lock it in a back room somewhere, and declare it a
secure CA.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com