Hi, these devices are nothing else than a modified server that runs some special OS or services on them. The keys are stored inside and can be transferred for backup- or clustering reasons. So there are at least two ways to get your fingers on those keys. Even if they are still encrypted. The password for decryption needs to be known to be able to restore the backup on a vanilla system (and I don't think all systems of one vendor use the same password on all of them and for every backup).
I also think that bigger CAs have multiple devices in at least two different locations to prevent any kind of physical damage to the CA like fire, power outage, missiles from NSA drones (ok, I admit the last one is a bit sci-fi, isn't it?). But let's assume you are not able to get the key out there in any way not even for backups. NSA gets a connection to the CA, gets their own device and puts that online in the cluster. Problem solved. And shutting up people? I don't think this subjects needs any kind of further explanation, does it? KR, Oliver Am 16.10.2013 um 15:42 schrieb Gervase Markham <[email protected]>: > On 15/10/13 16:00, Oliver Loch wrote: >> Based on the sentences people are facing - if they start talking to >> the public - it's really possible that the hand full of people that >> know that their company handed out the root cert's private key are >> keeping their mouth shut. > > It's not like the root cert private key is a random file on disk that > can be copied onto a USB stick. They are kept in Hardware Security > Modules (HSMs) whose role is to allow certs to be signed but not to let > the private key leak out. > > https://en.wikipedia.org/wiki/Hardware_Security_Module > > Not to say that there's never a way around this, but it's not as simple > as you make it sound. > > Gerv > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
