PKI root signing ceremony, etc.

Dave Howe DaveHowe at gmx.co.uk
Mon Dec 15 09:34:14 EST 2003 

Peter Gutmann wrote:
> "Dave Howe" <DaveHowe at gmx.co.uk> writes:
>> Key management and auditing is pretty much external to the actual
>> software regardless of which solution you use I would have thought.
>
> Not necessarily.  I looked at this in an ACSAC'2000 paper (available
> from http://www.acsac.org/2000/abstracts/18.html).  This uses a
> TP-capable database as its underlying engine, providing the necessary
> auditing capabilities for all CA operations.  This was desgined to
> meet the security/auditing requirements in a number of PKI standards
> (see the paper for full details, I've still got about 30cm of paper
> stacked up somewhere from this).  The paper is based on
> implementation experience with cryptlib, you can't do anything
> without generating an audit trail provided you have proper security
> on the TP system (that is, a user can't inject arbitrary transactions
> into the system or directly access the database files).  I tested the
> setup by running it inside a debugger and resetting/halting the
> program at every point in a transaction, and it recovered from each
> one.  It can be done, it's just a lot of work to get right.
*nods*
I meant in this context - certainly, a well designed CA package would
enforce security and audit trailing (I can easily visualise one that uses
a composite (split) access key n of m, and could probably code up such a
tool in a day or so) but Rich's original design had no audit or key
management other than that imposed externally on the (essentially
flatfile) stucture of Openssl command line tools.

> I should mention after having done all that work that most CAs rely on
> physical and personnel security more than any automatic
> logging/auditing. Take a PC and an HSM, lock it in a back room
> somewhere, and declare it a secure CA.
*nods* and that is probably as secure as any other method, and a *lot*
more secure than a "safe" exe running on insecure hardware.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list