[15021] in cryptography@c2.net mail archive
Re: PKI root signing ceremony, etc.
daemon@ATHENA.MIT.EDU (Dan Geer)
Tue Dec 23 13:36:40 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@metzdowd.com
In-reply-to: Your message of "Sun, 21 Dec 2003 11:47:25 EST."
<a06002005bc0b7ab9bbd6@[192.168.0.2]>
Date: Mon, 22 Dec 2003 21:57:33 -0500
From: Dan Geer <geer@TheWorld.com>
One approach to securing infrequent signing or working keys from a
corporate master certificate is to store the certificate in a bank
safe deposit box. The certificate generation software (say on a self
booting CD or perhaps an entire laptop) could be stored in the safe
deposit box as well. The certificate signing would take place at the
bank, either in one of the small rooms they provide or in a borrowed
conference room.
Dare I mention the CertCo/Identrus threshold crypto
in this context? CertCo certainly nailed all the
parts of this, e.g., fragment generation in abstentia.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
