HSM outage causes root CA key loss
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Jul 15 01:05:05 EDT 2009
Nicolas Williams <Nicolas.Williams at sun.com> writes:
>This goes to show that we do need a TA distribution protocol (not for the
>web, mind you), and it needs to use PKI -- a distinct, but related PKI.
... and now you have two (probably unsolveable) problems instead of one.
In addition because the second problem virtually never occurs, it'll receive
little or no evaluation in the real world, and will either not work when it's
needed or will break when it's not needed, allowing your main PKI to be
compromised through it.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list