It's worse: it's even accepted practice among certain security specialists. One of them involved in the development of a CA service once told me that they intended the CA to generate the key pair. After regaining consciousness I asked him why he thought violating one of the main principles of public key cryptography was a good idea. His answer basically ran as follows: if the CA is going to be liable, they want to be sure the key is strong and not compromised. He said that the PC platform of an ordinary user simply wasn't secure/trusted enough to generate keys on. The system might not generate `good enough' randomness, or might have been compromised by a trojan.
Jaap-Henk On Sun, 3 Feb 2002 15:09:57 +0100 [EMAIL PROTECTED] writes: > It is accepted practice among security people that you generate your own > private key. It is also, unfortunately, accepted practice among non-security > people that your CA generates your private key for you and then mails it to > you as a PKCS #12 file (for bonus points the password is often included in > the same or another email). Requests to have the client generate the key > themselves and submit the public portion for certification are met with > bafflement, outright refusal, or at best grudging acceptance if they're big > enough to have some clout. This isn't a one-off exception, this is more or > less the norm for private industry working with established (rather than > internal, roll-your-own) CAs. This isn't the outcome of pressure from > shadowy government agencies, this is just how things are done. Be afraid. > -- Jaap-Henk Hoepman | Come sail your ships around me Dept. of Computer Science | And burn your bridges down University of Twente | Nick Cave - "Ship Song" Email: [EMAIL PROTECTED] === WWW: www.cs.utwente.nl/~hoepman Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590 PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217 ABEF --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
