On Friday 13 May 2005 13:03, Jean-Marc Desperrier wrote: > Moreover, it's possible I got it wrong somewhere, but what I see seems > to imply the private key of the CA is directly used from the web server. > This is a bad security practice. You *need* to have the private key on a > separate machine, so that if your webserver gets hacked, which is an > event there is no way to fully protect against, he still needs then to > hack the other machine to get your key.
I'd agree with this. If you are running a webserver, then the machine is vulnerable. You want to look at something like collecting all the data on the webserver machine, and then passing it across an internal network to another machine where all the checking is done. Treat the webserver machine as a sacrifice, and the real machine should be off-net. > You MUST use an intermediate CA. And IMO you must use an off-line root > CA, that is a CA that is physically unplugged, and gets used very > rarely. That way if the worst happens and your key is compromised, it's > only the on-line CA. You can get your off-line CA out of it's vault to > sign a CRL that revokes it, emit new certificates for all you legitimate > clients, and go on. Makes sense. Plan on losing the online CA intermediate root. It might not happen this year, but as you get bigger, you become more of a target. Prepare a contingency plan, even if it is just a topic of conversation over beers and scallops. > It's also a good idea to regularly change the intermediate CA. You keep > the crl size under control, and in case of compromise only some of the > certs are not concerned (even if older intermediate CA will stay on-line > to emit crl, but maybe you can lower the frequency of those crl and use > an airwall : http://en.wiktionary.org/wiki/Airwall ). Good idea. iang -- http://iang.org/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
