Hi, > reports that the PKI for their electronic health card has > just run into > trouble: they were storing the root CA key in an HSM, which > failed. They now have a PKI with no CA key for signing new > certs or revoking existing ones.
Suppose this happens in a production environment of some CA (root or not), how big a problem is this? I can see two issues: - they have to build a new CA and distribute its certificate to all users, which is annoying and maybe costly but not a security problem, - if they rely on the CA for signing CRLs (or whatever revocation mechanism they're using) then they have to find some other way to revoke existing certificates. No need to revoke any certificate. Any other problems? Maybe something with key rollover or interoperability? Seems to me that for signing CRLs it's better to have a separate "Revocation Authority" (whose certificate should be issued by the CA it is revoking for); then revoking can continue when the CA loses its private key. The CA still may have revoking authority as well, at least to revoke the Revocation Authority's certificate... Grtz, Benne de Weger --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
