HSM outage causes root CA key loss

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Jul 13 01:58:29 EDT 2009

I haven't been able to find an English version of this, but the following news
item from Germany:


reports that the PKI for their electronic health card has just run into
trouble: they were storing the root CA key in an HSM, which failed.  They now
have a PKI with no CA key for signing new certs or revoking existing ones.

(When I talk about PKI I always title the root CA as "the Single Point of
Failure", but I think this is the first time in a non-private CA where it's
actually become this in practice.  For private-label PKIs it's a lot more
common because of the "lesser-known public key" phenomenon).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list