[Cryptography] Sony "root" certificates exposed
Tom Mitchell
mitch at niftyegg.com
Mon Dec 15 22:09:46 EST 2014
On Mon, Dec 15, 2014 at 7:02 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI --
> ......
>
> GoP had details on every server and PC, as well as SPE’s “root”
> certificate.
Is there any evidence that new certificates have been generated and issued.
It seems that this is a prudent step.
In fact it seems that _many_ groups should establish a policy
to regenerate and reissue keys that exist on anything other
than vaults with air gapped machines.
In this world I can see dual key processing where bits and tools
in a second vault are used.
Before folk get too vault $$ crazy this can be accomplished with
a Raspberry-Pi or Beaglebone Black. Modest financial investments
are very possible and devices with easy to duplicate (backup and store)
OS/boot devices are modest (most modern laptops qualify).
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141215/31527872/attachment.html>
More information about the cryptography
mailing list