[Cryptography] Sony "root" certificates exposed

Tom Mitchell mitch at niftyegg.com
Mon Dec 15 22:09:46 EST 2014

On Mon, Dec 15, 2014 at 7:02 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> FYI --
> ......

> GoP had details on every server and PC, as well as SPE’s “root”
> certificate.

Is there any evidence that new certificates have been generated and issued.

It seems that this is a prudent step.

In fact it seems that _many_ groups should establish a policy
to regenerate and reissue keys that exist on anything other
than vaults with air gapped machines.

In this world I can see dual key processing where bits and tools
in a second vault are used.

Before folk get too vault $$ crazy this can be accomplished with
a Raspberry-Pi or Beaglebone Black.   Modest financial investments
are very possible and devices with easy to duplicate  (backup and store)
OS/boot  devices are modest (most modern laptops qualify).

  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141215/31527872/attachment.html>

More information about the cryptography mailing list