Ian G wrote: > Whereas if a root cert was used, then that could only > have been lifted in a very few places. The use of a > root cert would then send a very strong signal back > that would lead to how and when and where it was > ripped off.
the proposals that allow backup/copying of a private key (as a countermeasure to a physical single point of failure) ... when we were running ha/cmp project: http://www.garlic.com/~lynn/subtopic.html#hacmp we coined the terms disaster survivability and geographic survivability to differentiate from simple disaster/recovery in any case, just having a process allowing copying of a private key and multiple copies increase the vulnerability to diversion of copies for fraudulent purposes some recent studies claim that at least 77percent of fraud/exploits involve insiders. from an insider fraud standpoint, diversion of root private key becomes analogous to embezzlement. bad things can happen with compromise of PKI root key and resulting fraudulent transactions. however, the systemic risk of having a single PKI root key revoked and having to put the infrastructure thru restart/recovery from scratch is viewed as possibly being even a worse prospect. _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
