HSM outage causes root CA key loss

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jul 15 01:05:05 EDT 2009


Nicolas Williams <Nicolas.Williams at sun.com> writes:

>This goes to show that we do need a TA distribution protocol (not for the
>web, mind you), and it needs to use PKI -- a distinct, but related PKI.  

... and now you have two (probably unsolveable) problems instead of one.  

In addition because the second problem virtually never occurs, it'll receive 
little or no evaluation in the real world, and will either not work when it's 
needed or will break when it's not needed, allowing your main PKI to be 
compromised through it.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list