Skip to Content.
Sympa Menu

cacert-policy - RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification

Subject: Policy-Discussion

List archive

RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification


Chronological Thread 
  • From: <Lambert.Hofstra AT ins.com>
  • To: <cacert-policy AT lists.cacert.org>
  • Subject: RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification
  • Date: Mon, 20 Feb 2006 10:35:48 -0000
  • List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
  • List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

> This makes me wonder if it would be possible to have a key generator
> somewhere that would split it into a 2/4 share scheme before ever
> letting it leave the box -- preferably one that would do all the
> encryption necessary to send via S/MIME to each of the employees, as
> well as talking to the SMTP server to do so.
> 
> Just musing...
> 
> -Kyle H

FIPS 140-2 requires for level 3 and 4 that keys can only be exported in
such a way ("Secret and private keys established using manual methods
shall be entered or output encrypted or with split knowledge
procedures.", see
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf ;)

Most devices support both n out of m, or n-components mechanisms.

This makes me wonder: what is the security level of the cryptographic
hardware in use at CAcert?

Lambert Hofstra  


> _______________________________________________
> Have you subscribed to our RSS News Feed yet?
> 
> CAcert-Policy mailing list
> CAcert-Policy AT lists.cacert.org
> http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy




Archive powered by MHonArc 2.6.16.

Top of Page