HSM outage causes root CA key loss

Nicolas Williams Nicolas.Williams at sun.com
Tue Jul 14 17:23:21 EDT 2009

On Tue, Jul 14, 2009 at 11:09:41PM +0200, Weger, B.M.M. de wrote:
> Suppose this happens in a production environment of some CA
> (root or not), how big a problem is this? I can see two issues:
> - they have to build a new CA and distribute its certificate
>   to all users, which is annoying and maybe costly but not a 
>   security problem,

Not a security problem?  Well, if you have a way to do authenticated
trust anchor distribution that doesn't depend on the lost CA, then sure,
it's not a security problem.  But that's just not likely, or at least
there's no standard for authenticated TA distribution, yet.  If you can
do unauthenticated TA distribution without much trouble (as opposed to
by, say, having to physically visit every host), then chances are you
have no security to begin with.

If there was such a standard you'd want to make real sure that you have
separate keys for TA distribution than for your CA, with similar
physical and other security safeguards.

This goes to show that we do need a TA distribution protocol (not for
the web, mind you), and it needs to use PKI -- a distinct, but related
PKI.  As long as both sets of hardware tokens don't die simultaneously,
then you'll be OK.  Add multiple CAs for TA distro and you get more

> - if they rely on the CA for signing CRLs (or whatever 
>   revocation mechanism they're using) then they have to find 
>   some other way to revoke existing certificates.

The only other ways are: distribute the new CA certs, and/or use OCSP
(which must use a different cert than the CA).  OCSP is the better
answer, if you can get all apps to use it.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list