Bonsoir, 2011/12/8 Daniel Kahn Gillmor <[email protected]>
> On 12/08/2011 01:44 PM, Erwann ABALEA wrote: > > How did you come to write that the software used by VeriSign and most CAs > > is based on OpenSSL and a few graphical front-ends such as TinyCA, > without > > any expensive hardware? > > I beg your pardon, I was clearly factually wrong there, but i think > you've missed the point of what i was trying to say. The point there > was that the hardware or software or software to run a CA doesn't need > to be expensive or exclusive. i shouldn't have claimed that you didn't > spend a lot of money on your particular implementation. i've just > fixed the article. > I don't have any problem with free and auditable software, of course, we use them everyday, and participate in their evolution. You can build a PKI using such products (and even integrate HSMs into command-line OpenSSL use, if you want). But as was said earlier by Patrick Patterson, the trust in a PKI doesn't rely (only) on the technical aspects. 90% of the value of a PKI is on procedures, audits, facilities, etc. That's true. Neglect it and your PKI project will surely fail. We spent a lot of time (and money) to develop our products, but we are today spending a lot more to securely operate it. For example, with separation of duties, simply activating an HSM for online use requires 6 or 7 different people (only 1 from the IT staff, the others are shareholders, key manager, Q&A staff), several vaults, biometric access controls, all this on distant places (several km away), and every operation is logged (paper). A Key Ceremony involves additional people (a notary to validate identities, a professional video staff to operate the internal video circuit and create DVDs of the whole operations, customer representatives to witness the operations, other shareholders, ...) and is performed in a dedicated room with no network connectivity, no window, dual biometric access control. These are the kind of procedures Patrick was talking about. > The problem is that if any one of your competitors is a bad actor, all > your policy compliance is meaningless for your relying parties, since > they're relying on your competitors as well. :( That's true. And I'm sure our competitors are also suffering from the bad press the X.509 model is getting since a few months. That's why the CABForum is working, and represented user base discussing (I'm talking about Mozilla, the only open process I know of). -- Erwann.
