[15010] in cryptography@c2.net mail archive
Re: PKI root signing ceremony, etc.
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Mon Dec 22 19:38:33 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <200312151046.hBFAk7P14910@cs.auckland.ac.nz>
Date: Sun, 21 Dec 2003 11:47:25 -0500
To: cryptography@metzdowd.com
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: pgut001@cs.auckland.ac.nz (Peter Gutmann), DaveHowe@gmx.co.uk
One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
deposit box as well. The certificate signing would take place at the
bank, either in one of the small rooms they provide or in a borrowed
conference room.
This approach buys a large amount of physical security and an audit
trail for the process at very minimal cost. It also addresses
another thorny problem: how to match the control of a corporate
master certificate to corporate governance mechanisms. Board members
of most corporations are poor potential custodians of cryptographic
material. Any password sharing system runs the risk of what to do if
the secret holders are all fired. Banks, on the other hand, are used
to dealing with situations like changing access controls after a
major management shakeup.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
