[698] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (sameer)
Tue May 6 00:18:30 1997
From: sameer <sameer@c2.net>
To: adam@homeport.org (Adam Shostack)
Date: Mon, 5 May 1997 20:54:41 -0700 (PDT)
Cc: marc@cygnus.com, cryptography@c2.net
In-Reply-To: <199705060011.UAA05325@homeport.org> from Adam Shostack at "May 5, 97 08:11:41 pm"
Losing your server key and cert is a nsty thing. But any
server used in production like amazon.com is going to be backed up. If
they lose their key/cert they just recover from backup. They're down
for all of perhaps 30 minutes.
I think it is unwise to promote key recovery in a situation
where simple backups will do the job just fine.
> 1. Getting your www server cert revoked is a practical
> impossible. You might be able to get it onto a CRL, but theres no
> checking. (This is OK--revocation is a hard problem, and not solving
> it is acceptable most of the time.)
>
> 2. Getting a new server cert from Verisign takes at least 24 hours.
> (especially if you lose the cert and are trying to do business.) If
> you have a backup, you should be ok.
>
> 3. Recovery information for a server cert needs to be as carefully
> controlled as the real certificate.
>
> 4. Certificate recovery may be better done with a backup copy than
> with a 'recovery' technology such as secret sharing. However, having
> a way to get your lost certificate back could be awfully useful to a
> big company--anyone know how much confidence and money a company like
> Amazon would lose in 12 hours of getting a new cert?
>
> Adam
>
>
> Marc Horowitz wrote:
> | >> Oh, but I guess saying that Netscape is responding to customer
> | >> requirements by including support for corporate key recovery wouldn't
> | >> make such good press release spam.
> |
> | (I don't want to sound contentious here, but it still does, a little.
> | I'm really curious about the answer.)
> |
> | What exactly are the customer requirements for key recovery in a web
> | server? Key recovery (corporate, not GAK, of course) is only useful
> | in an environment where encryption is used to protect data storage,
> | not when encryption is only used for authentication and communication
> | security. If I lose my personal certificate or my server's
> | certificate, no data is lost, because nothing persistent uses that
> | key; the issuer can revoke the old one, and issue a new one.
>
>
> --
> "It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
--
Sameer Parekh Voice: 510-986-8770
President FAX: 510-986-8777
C2Net
http://www.c2.net/ sameer@c2.net
