On 8/29/2014 8:23 AM, Matthew Gillen wrote: > My understanding (and it's possible I made this up, I can't seem to find > any supporting documentation with a cursory search of the intertubes) is > that the main approach to dealing with CA compromises is to use > chaining: you have the root CA(s) locked up and offline in high > security.
That's how we expect X.509 root CAs to operate. Problem is, X.509 has no mechanism to verify that the root CA that is allegedly locked up, offline, in a secure vault has not been compromised. We are required to trust that, for example, the SSL root certificates are good solely on the say-so of companies that care more about their public images and stock prices than in their customers' security. -- Rich P. _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
