On Wed, Jan 8, 2014 at 11:54 PM, ianG <i...@iang.org> wrote: > On 9/01/14 02:49 AM, Paul F Fraser wrote: >> >> Software and physical safe keeping of Root CA secret key are central to >> security of a large set of issued certificates. >> Are there any safe techniques for handling this problem taking into >> account the need to not have the control in the hands of one person? >> Any links or suggestions of how to handle this problem? > > The easiest place to understand the formal approach would be to look at > Baseline Requirements, which Joe pointed to. It's the latest in a series of > documents that has emphasised a certain direction. > > (fwiw, the techniques described in BR are not safe, IMHO. But they are > industry 'best practice' so you might have to choose between loving > acceptance and safety.)
Is there a better reference for safe or a place that has commentary on the 'best practice' weaknesses? _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography