Hi,

> reports that the PKI for their electronic health card has 
> just run into
> trouble: they were storing the root CA key in an HSM, which 
> failed.  They now have a PKI with no CA key for signing new 
> certs or revoking existing ones.

Suppose this happens in a production environment of some CA
(root or not), how big a problem is this? I can see two issues:
- they have to build a new CA and distribute its certificate
  to all users, which is annoying and maybe costly but not a 
  security problem,
- if they rely on the CA for signing CRLs (or whatever 
  revocation mechanism they're using) then they have to find 
  some other way to revoke existing certificates.
No need to revoke any certificate.
Any other problems? Maybe something with key rollover or 
interoperability?

Seems to me that for signing CRLs it's better to have a separate 
"Revocation Authority" (whose certificate should be issued by 
the CA it is revoking for); then revoking can continue when the 
CA loses its private key. The CA still may have revoking 
authority as well, at least to revoke the Revocation Authority's 
certificate...

Grtz,
Benne de Weger

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to