HSM outage causes root CA key loss
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jul 13 01:58:29 EDT 2009
I haven't been able to find an English version of this, but the following news
item from Germany:
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864
reports that the PKI for their electronic health card has just run into
trouble: they were storing the root CA key in an HSM, which failed. They now
have a PKI with no CA key for signing new certs or revoking existing ones.
(When I talk about PKI I always title the root CA as "the Single Point of
Failure", but I think this is the first time in a non-private CA where it's
actually become this in practice. For private-label PKIs it's a lot more
common because of the "lesser-known public key" phenomenon).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list