Skip to Content.
Sympa Menu

cacert-policy - Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification


Chronological Thread 
  • From: Philipp Gühring <pg AT futureware.at>
  • To: Policy-Discussion <cacert-policy AT lists.cacert.org>
  • Subject: Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification
  • Date: Mon, 20 Feb 2006 12:02:51 +0100
  • List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
  • Organization: Futureware 2001

Hi,

> This makes me wonder if it would be possible to have a key generator
> somewhere that would split it into a 2/4 share scheme before ever
> letting it leave the box -- preferably one that would do all the
> encryption necessary to send via S/MIME to each of the employees, as
> well as talking to the SMTP server to do so.

The certificate machine is nearly completely offline, has no network stack on 
it, there is no SMTP there ...
The keys on it only leave the machine on encrypted backup media.

But perhaps 2/4 shared encrypted backups are an idea.

The question is, whether it really helps in the end. 
(Security vs. Availability tradeoff)

Best regards,
Philipp Gühring





Archive powered by MHonArc 2.6.16.

Top of Page