HSM outage causes root CA key loss
Dirk-Willem van Gulik
dirkx at webweaving.org
Tue Jul 14 19:05:11 EDT 2009
Weger, B.M.M. de wrote:
> - if they rely on the CA for signing CRLs (or whatever
> revocation mechanism they're using) then they have to find
> some other way to revoke existing certificates.
...
> Seems to me that for signing CRLs it's better to have a separate
> "Revocation Authority" (whose certificate should be issued by
> the CA it is revoking for); then revoking can continue when the
> CA loses its private key. The CA still may have revoking
> authority as well, at least to revoke the Revocation Authority's
> certificate...
Unfortunately those code paths seem rarely traveled/tested between
implementations and even within a single implementations fraught with
caveats; so one often ends up with a (sub) CA in the same chain as the
cert one wants to revoke.
> Any other problems? Maybe something with key rollover or
> interoperability?
Aye - and there is another area which is even less traveled than above.
Dw
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list