On Wed, Oct 16, 2013 at 5:26 PM, Oliver Loch <[email protected]> wrote:
> Hi, > > these devices are nothing else than a modified server that runs some > special OS or services on them. The keys are stored inside and can be > transferred for backup- or clustering reasons. So there are at least two > ways to get your fingers on those keys. Even if they are still encrypted. > The password for decryption needs to be known to be able to restore the > backup on a vanilla system (and I don't think all systems of one vendor use > the same password on all of them and for every backup). > > I also think that bigger CAs have multiple devices in at least two > different locations to prevent any kind of physical damage to the CA like > fire, power outage, missiles from NSA drones (ok, I admit the last one is a > bit sci-fi, isn't it?). > Rather than speculate, try reading the Certificate Practices Statements of the CAs. They all describe how the private keys are managed. Each HSM vendor has their own security controls but a FIPS140 level 4 device won't release them except to another FIPS-140 device. There is no way to extract the key from the system unencrypted. -- Website: http://hallambaker.com/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
