On 9/01/14 02:49 AM, Paul F Fraser wrote:
Software and physical safe keeping of Root CA secret key are central to security of a large set of issued certificates. Are there any safe techniques for handling this problem taking into account the need to not have the control in the hands of one person? Any links or suggestions of how to handle this problem?
The easiest place to understand the formal approach would be to look at Baseline Requirements, which Joe pointed to. It's the latest in a series of documents that has emphasised a certain direction.
However, it is not the only answer. The best way to describe it is that it is 'best practices' for the CA industry, and once you achieve that way, you're on the path to being inculcated. If that's your goal, the BR is your answer.
As you don't say much about your problem space is, it's difficult to answer your real question: what are safe techniques for handling root CA keys?
(fwiw, the techniques described in BR are not safe, IMHO. But they are industry 'best practice' so you might have to choose between loving acceptance and safety.)
iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography