Clayton Haapala wrote:
> Why not encrypt the Certificate key, prior to splitting it
Encrypt the public key? Does not compute.
Encryption is also not the same as splitting -- splitting is one
way to ensure that more than N principals must act in concert to
sign something -- and that signature might be an authorization
to perform some action with security consequences.
Of course "PKI" is not adequate as a trust management system -- it's
concerned with authentication, but leaves authorization as an exercise
for the reader. ;-) The right way to do this is have an authorization
mechanism that requires K-of-N parties to sign a request for action.
See:
http://www.cs.yale.edu/homes/jf/usenix-ecom98.pdf
http://www.tenebras.com/rfc/rfc/27/rfc2704.txt
http://www.crypto.com/trustmgt/kn.html
apache-ssl has a module that permits the use of KeyNote policies
in access control.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
