Vulnerability Development mailing list archives
Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Sat, 26 Aug 2000 14:29:00 +0800
At 01:16 PM 8/25/00 -0500, Timothy J. Miller wrote:
Christoph Puppe <christoph.puppe () DEFCOM-SEC COM> writes:smartcard-enabled company, when the CEO forgets his smartcard at home are *you* going to tell him that he *must* drive home and get it, or are you simply going to snatch his private key from escrow and issue him a temporary card?He should fire you if you don't.*You* know that and *I* know that, but this is *exactly* the approach being taken by most private PKI rollouts.
I disagree that some form of escrow is a bad idea in a corporate environment. For example the key itself or a master key could be split (Blakely Shamir style) and then encrypted and escrowed with multiple entities - e.g. board members, company safe. So you need a whole bunch of people to recreate the key, but it is still possible. And if the CEO keeps losing the key or forgetting the passphrase, the board members are going to get rather annoyed ;). With this approach if the CEO's smartcard is not available or the CEO is incapacitated, things can still be done. Whether corporations should exist as entities on their own is a different matter :). Cheerio, Link.
Current thread:
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI, (continued)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 17)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 18)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Dener Martins (Aug 22)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Timothy J. Miller (Aug 23)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Dener Martins (Aug 23)
- Re: Non-Mathmatical Forging of PKI Digital Certificates /Throwing Rocks at the PKI Alvin Foo (Aug 24)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Eric Knight (Aug 18)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 17)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 29)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Christoph Puppe (Aug 25)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Timothy J. Miller (Aug 25)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Lincoln Yeoh (Aug 26)
- Re: Non-Mathmatical Forging of PKI Digital Certificates / Throwing Rocks at the PKI Pluto (Aug 29)