One approach to securing infrequent signing or working keys from a 
    corporate master certificate is to store the certificate in a bank 
    safe deposit box. The certificate generation software (say on a self 
    booting CD or perhaps an entire laptop) could be stored in the safe 
    deposit box as well. The certificate signing would take place at the 
    bank, either in one of the small rooms they provide or in a borrowed 
    conference room.

Dare I mention the CertCo/Identrus threshold crypto
in this context?  CertCo certainly nailed all the
parts of this, e.g., fragment generation in abstentia.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to