[144583] in cryptography@c2.net mail archive
RE: HSM outage causes root CA key loss
daemon@ATHENA.MIT.EDU (Weger, B.M.M. de)
Tue Jul 14 17:13:12 2009
From: "Weger, B.M.M. de" <b.m.m.d.weger@TUE.nl>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "cryptography@metzdowd.com"
<cryptography@metzdowd.com>
Date: Tue, 14 Jul 2009 23:09:41 +0200
In-Reply-To: <E1MQEYX-0002cn-Ei@wintermute01.cs.auckland.ac.nz>
Hi,
> reports that the PKI for their electronic health card has=20
> just run into
> trouble: they were storing the root CA key in an HSM, which=20
> failed. They now have a PKI with no CA key for signing new=20
> certs or revoking existing ones.
Suppose this happens in a production environment of some CA
(root or not), how big a problem is this? I can see two issues:
- they have to build a new CA and distribute its certificate
to all users, which is annoying and maybe costly but not a=20
security problem,
- if they rely on the CA for signing CRLs (or whatever=20
revocation mechanism they're using) then they have to find=20
some other way to revoke existing certificates.
No need to revoke any certificate.
Any other problems? Maybe something with key rollover or=20
interoperability?
Seems to me that for signing CRLs it's better to have a separate=20
"Revocation Authority" (whose certificate should be issued by=20
the CA it is revoking for); then revoking can continue when the=20
CA loses its private key. The CA still may have revoking=20
authority as well, at least to revoke the Revocation Authority's=20
certificate...
Grtz,
Benne de Weger
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
