Subject: Policy-Discussion
List archive
- From: Duane <duane AT cacert.org>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification
- Date: Tue, 21 Feb 2006 09:59:11 +1100
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
Lambert.Hofstra AT ins.com
wrote:
I'm sorry, but I don't understand what you propose: you want to generate
a new root cert, and have it signed by the current root cert? And thus
use the HSM for an intermediate CA? That would indicate that you secure
the intermediate level better than the root CA, and that does not sound
correct.
Or the other way around? Generate a new root cert. Use that to sign the
current root cert, thereby demoting the existing CA to an intermediate
CA, and asking everyone to import the new root cert?
I guess this would work.
Either of these proposals would work I guess, I was suggesting the former, this way keys signed by the new sub-root would still be valid without importing another cert.
There is of course the possibility to try and hack the existing root
cert into the new HSM, but this is not common practice ( normally only
possible with identical HSM's: export LMK in components, import LMK into
new HSM, export keys encrypted under LMK and import the encrypted key
into the new HSM.). The whole export/import might not be possible,
depending on type of HSM (is it a PC card, or a standalone unit?). Also,
you would need to have a very strict ceremony just to ensure the root
cert will only be used to import it into the other CA (the HSM) and is
immediately destroyed aftterwards. Tricky. It would solve the root cert
issue when you succeed, however, How do you guarantee that the root cert
has not been copied in the process? That would effectively ruin the
trustworthyness of the CAcert certificates...
No I wasn't suggesting putting the existing root cert on the HSM, there is a number of reasons we need to move away from the current root cert being the primary root, it uses MD5 hash, it's been used to sign client/server certs, and it wasn't generated in a secure way, ie it's accessible if the hardware is stolen and the attacker is determined enough.
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, (continued)
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Duane, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/21/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/21/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Peter Williams, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Duane, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/23/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/23/2006
Archive powered by MHonArc 2.6.16.