I haven't been able to find an English version of this, but the following news item from Germany:
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864 reports that the PKI for their electronic health card has just run into trouble: they were storing the root CA key in an HSM, which failed. They now have a PKI with no CA key for signing new certs or revoking existing ones. (When I talk about PKI I always title the root CA as "the Single Point of Failure", but I think this is the first time in a non-private CA where it's actually become this in practice. For private-label PKIs it's a lot more common because of the "lesser-known public key" phenomenon). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com