Peter Gutmann wrote: > "Dave Howe" <[EMAIL PROTECTED]> writes: >> Key management and auditing is pretty much external to the actual >> software regardless of which solution you use I would have thought. > > Not necessarily. I looked at this in an ACSAC'2000 paper (available > from http://www.acsac.org/2000/abstracts/18.html). This uses a > TP-capable database as its underlying engine, providing the necessary > auditing capabilities for all CA operations. This was desgined to > meet the security/auditing requirements in a number of PKI standards > (see the paper for full details, I've still got about 30cm of paper > stacked up somewhere from this). The paper is based on > implementation experience with cryptlib, you can't do anything > without generating an audit trail provided you have proper security > on the TP system (that is, a user can't inject arbitrary transactions > into the system or directly access the database files). I tested the > setup by running it inside a debugger and resetting/halting the > program at every point in a transaction, and it recovered from each > one. It can be done, it's just a lot of work to get right. *nods* I meant in this context - certainly, a well designed CA package would enforce security and audit trailing (I can easily visualise one that uses a composite (split) access key n of m, and could probably code up such a tool in a day or so) but Rich's original design had no audit or key management other than that imposed externally on the (essentially flatfile) stucture of Openssl command line tools.
> I should mention after having done all that work that most CAs rely on > physical and personnel security more than any automatic > logging/auditing. Take a PC and an HSM, lock it in a back room > somewhere, and declare it a secure CA. *nods* and that is probably as secure as any other method, and a *lot* more secure than a "safe" exe running on insecure hardware. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
