[6336] in cryptography@c2.net mail archive
Re: starting up servers that need access to secrets
daemon@ATHENA.MIT.EDU (Ted Lemon)
Wed Jan 5 13:25:31 2000
Message-Id: <200001051606.LAA13985@grosse.manhattan.fugue.com>
To: Rich Salz <salzr@certco.com>
Cc: "Jeffrey M. Smith" <jsmith@purdue.edu>, cryptography@c2.net
In-Reply-To: Message from Rich Salz <salzr@certco.com>
of "Wed, 05 Jan 2000 10:22:57 EST." <Pine.BSI.3.96.1000105100750.19961B-100000@haggis.ma.certco.com>
Date: Wed, 05 Jan 2000 11:06:31 -0500
From: Ted Lemon <mellon@isc.org>
> I believe better protection would be to
> keep private keys on external tamper-evident hardware.
This is certainly true. However, if somebody compromises your system
with the smart encryption card, then they can probably use the card to
sign things. This isn't as good as having your key, since if you can
close the hole you don't necessarily have to repudiate the key
(although you probably should). There's no perfect solution, of
course. All of the solutions we've talked about make sense given
different cost/benefit scenarios.
_MelloN_
