HSM outage causes root CA key loss

Dirk-Willem van Gulik dirkx at webweaving.org
Tue Jul 14 19:05:11 EDT 2009

Weger, B.M.M. de wrote:

> - if they rely on the CA for signing CRLs (or whatever
>    revocation mechanism they're using) then they have to find
>    some other way to revoke existing certificates.
> Seems to me that for signing CRLs it's better to have a separate
> "Revocation Authority" (whose certificate should be issued by
> the CA it is revoking for); then revoking can continue when the
> CA loses its private key. The CA still may have revoking
> authority as well, at least to revoke the Revocation Authority's
> certificate...

Unfortunately those code paths seem rarely traveled/tested between 
implementations and even within a single implementations fraught with 
caveats; so one often ends up with a (sub) CA in the same chain as the 
cert one wants to revoke.

 > Any other problems? Maybe something with key rollover or
 > interoperability?

Aye - and there is another area which is even less traveled than above.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list