PKI root signing ceremony, etc.
Dan Geer
geer at TheWorld.com
Mon Dec 22 21:57:33 EST 2003
One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
deposit box as well. The certificate signing would take place at the
bank, either in one of the small rooms they provide or in a borrowed
conference room.
Dare I mention the CertCo/Identrus threshold crypto
in this context? CertCo certainly nailed all the
parts of this, e.g., fragment generation in abstentia.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list