[705] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue May 6 11:40:22 1997
From: Adam Shostack <adam@homeport.org>
In-Reply-To: <199705060354.UAA15743@gabber.c2.net> from sameer at "May 5, 97 08:54:41 pm"
To: sameer@c2.net (sameer)
Date: Tue, 6 May 1997 09:37:08 -0400 (EDT)
Cc: cryptography@c2.net
I agree with Sameer here. What is the requirement being served by
KR/OKAY in Netscape's system?
Adam
(I also like Sameer's use of KR/OKAY and KR/GAK to indicate how close
they are to each other. Mandated OKAY features can be turned into
GAK. Better to let the market decide which KR features are needed,
and how to implement them.)
sameer wrote:
| Losing your server key and cert is a nsty thing. But any
| server used in production like amazon.com is going to be backed up. If
| they lose their key/cert they just recover from backup. They're down
| for all of perhaps 30 minutes.
| I think it is unwise to promote key recovery in a situation
| where simple backups will do the job just fine.
| > 3. Recovery information for a server cert needs to be as carefully
| > controlled as the real certificate.
| >
| > 4. Certificate recovery may be better done with a backup copy than
| > with a 'recovery' technology such as secret sharing. However, having
| > a way to get your lost certificate back could be awfully useful to a
| > big company--anyone know how much confidence and money a company like
| > Amazon would lose in 12 hours of getting a new cert?
| >
| > Adam
| >
| >
| > Marc Horowitz wrote:
| > | >> Oh, but I guess saying that Netscape is responding to customer
| > | >> requirements by including support for corporate key recovery wouldn't
| > | >> make such good press release spam.
| > |
| > | (I don't want to sound contentious here, but it still does, a little.
| > | I'm really curious about the answer.)
| > |
| > | What exactly are the customer requirements for key recovery in a web
| > | server? Key recovery (corporate, not GAK, of course) is only useful
| > | in an environment where encryption is used to protect data storage,
| > | not when encryption is only used for authentication and communication
| > | security. If I lose my personal certificate or my server's
| > | certificate, no data is lost, because nothing persistent uses that
| > | key; the issuer can revoke the old one, and issue a new one.
| >
| >
| > --
| > "It is seldom that liberty of any kind is lost all at once."
| > -Hume
| >
| >
|
|
| --
| Sameer Parekh Voice: 510-986-8770
| President FAX: 510-986-8777
| C2Net
| http://www.c2.net/ sameer@c2.net
|
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
