Policy-Discussion

[Dieter Hennig <dieter.hennig AT id.ethz.ch>]

Dear Laura,

sorry, I'm not an expert for using HSM-cards (right?) for a long time
(more then 20 years).  My question is: how much it costs, to use it for
10 years, because after 10 yeares we would have to change the sub-roots
and in this case we could change the hardware too?

Elwing schrieb am 23.03.2010 13:32:
> As I saw this on the policy list, I'm replying there only.  
> 
> My first question is what mechanism is being used to store/generate the 
> root keys?  Is it an HSM (such as nCipher/SafeNet)?  If so, why not use the 
> multi-party mechanisms built into those HSMs?  5 key parts are generated on 
> tokens (usually referred to as the "green" tokens) and distributed to 5 
> people (board members perhaps?).  At least 2 of those (up to 5 depending on 
> the configuration) must be brought together to recreate the root key.  At 
> that point, you have legal recourse (at least in the US) with charges of 
> collusion if the key parts are brought together without permission. The 
> HSMs also provide for backup tokens if necessary.
> Since this is how the majority of CAs in the world handle this, I don't see 
> how an auditor could fault you for doing something similar (I certainly 
> wouldn't if I were auditing CACert).  
> 
> Now, I don't understand how the root key is being handled now, so this 
> comment may be totally off.
> 
> Laura

By my experience it is very hard to find SOC-cards, which are not broken
after 10 years. Hope, for the atom weapon missiles this is not the case,
but I'm not sure about.


Best regards


Dieter Hennig
-- 
Dieter Hennig
Informatikdienste/Helpdesk
ETH Zuerich, STB G 18.2
8092 Zuerich, Stampfenbachstr. 69
Tel: +41 44 632 4278
Fax: +41 44 632 1900

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature