[144577] in cryptography@c2.net mail archive
HSM outage causes root CA key loss
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jul 14 11:48:26 2009
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cryptography@metzdowd.com
Date: Mon, 13 Jul 2009 17:58:29 +1200
I haven't been able to find an English version of this, but the following news
item from Germany:
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864
reports that the PKI for their electronic health card has just run into
trouble: they were storing the root CA key in an HSM, which failed. They now
have a PKI with no CA key for signing new certs or revoking existing ones.
(When I talk about PKI I always title the root CA as "the Single Point of
Failure", but I think this is the first time in a non-private CA where it's
actually become this in practice. For private-label PKIs it's a lot more
common because of the "lesser-known public key" phenomenon).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
