* Eugen Leitl: > Is anyone aware of a CA that actually maintains its signing > secrets on secured, airgapped machines, with transfers batched and > done purely by sneakernet?
Does airgapping provide significant security benefits these days, compared to its costs? File systems are generally less robust than network stacks. USB auto-detection is somewhat difficult to control on COTS systems. So unless you build your own transfer mechanism, a single TCP port exposes less code, and code which has received more scrutiny. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
