Policy-Discussion

[Daniel Black <daniel AT cacert.org>]

On Friday 26 March 2010 00:00:35 Elwing wrote:
> 
> I just wanted to respond to this part - is there a lockbox facility at the
> Data center where the root is hosted?  Could it possibly used to store
> such a token?  There's a list of "authorized users" that can request the
> contents of that box, they have the pin to unlock that token. You'd
> effectively need two people: the Data Center manager/operations staff for
> physical access, and the person with the PIN for logical access. The PIN
> could be changed if necessary.

I seem to think the risk of legal impounding of CAcert's infrastructure 
needed 
to be considered. Like all security solutions its a tradeoff and this may be 
one of them that gets traded off.

> Another method I've seen (and it's been audited against the Federal bridge,
> but not any of the WebTrust/etc audits) is that the root key is stored on
> the RootCA hard drives.  The drives are RAIDed - 2 need to be brought
> together to bring up the CA.  However, this only works when you've got an
> off-line root.

yes - offline root is a highly desirable requirement

nice idea. Using software raid it could even be used for USB disks or any 
other media. The RAID natively supports the M of N required for recovery.


-- 
Daniel Black
CAcert

Attachment: smime.p7s
Description: S/MIME cryptographic signature