[14945] in cryptography@c2.net mail archive
Re: PKI root signing ceremony, etc.
daemon@ATHENA.MIT.EDU (Dave Howe)
Mon Dec 15 21:12:05 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Dave Howe" <DaveHowe@gmx.co.uk>
To: "Email List: Cryptography" <cryptography@metzdowd.com>
Date: Mon, 15 Dec 2003 14:34:14 -0000
Peter Gutmann wrote:
> "Dave Howe" <DaveHowe@gmx.co.uk> writes:
>> Key management and auditing is pretty much external to the actual
>> software regardless of which solution you use I would have thought.
>
> Not necessarily. I looked at this in an ACSAC'2000 paper (available
> from http://www.acsac.org/2000/abstracts/18.html). This uses a
> TP-capable database as its underlying engine, providing the necessary
> auditing capabilities for all CA operations. This was desgined to
> meet the security/auditing requirements in a number of PKI standards
> (see the paper for full details, I've still got about 30cm of paper
> stacked up somewhere from this). The paper is based on
> implementation experience with cryptlib, you can't do anything
> without generating an audit trail provided you have proper security
> on the TP system (that is, a user can't inject arbitrary transactions
> into the system or directly access the database files). I tested the
> setup by running it inside a debugger and resetting/halting the
> program at every point in a transaction, and it recovered from each
> one. It can be done, it's just a lot of work to get right.
*nods*
I meant in this context - certainly, a well designed CA package would
enforce security and audit trailing (I can easily visualise one that uses
a composite (split) access key n of m, and could probably code up such a
tool in a day or so) but Rich's original design had no audit or key
management other than that imposed externally on the (essentially
flatfile) stucture of Openssl command line tools.
> I should mention after having done all that work that most CAs rely on
> physical and personnel security more than any automatic
> logging/auditing. Take a PC and an HSM, lock it in a back room
> somewhere, and declare it a secure CA.
*nods* and that is probably as secure as any other method, and a *lot*
more secure than a "safe" exe running on insecure hardware.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
