I haven't been able to find an English version of this, but the following news
item from Germany:
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864
reports that the PKI for their electronic health card has just run into
trouble: they were storing the
http://news.bbc.co.uk/2/hi/technology/8147534.stm
Chuck
[Moderator's note: It is helpful, when posting a link, to give enough
information that people can know whether they want to go and read the
article. In this case, the title and first few sentences are:
Snooping through the power socket
Hi all,
We are pleased to announce that we have set a new record for the elliptic
curve discrete logarithm problem (ECDLP) by solving it over a 112-bit
finite field. The previous record was for a 109-bit prime field and
dates back from October 2002.
See for more details our announcement at
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864
reports that the PKI for their electronic health card has just run into
trouble: they were storing the root CA key in an HSM, which failed. They now
have a PKI with no CA key for signing new certs or
- Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
I haven't been able to find an English version of this, but the
following news item from Germany: ...
It is exactly for this reason that when we generated the root key for
the U.S. Higher Education PKI we did it outside of an HSM and then
At 5:58 PM +1200 7/13/09, Peter Gutmann wrote:
I haven't been able to find an English version of this, but the following news
item from Germany:
http://www.heise.de/security/E-Gesundheitskarte-Datenverlust-mit-Folgen--/news/meldung/141864
Hi,
reports that the PKI for their electronic health card has
just run into
trouble: they were storing the root CA key in an HSM, which
failed. They now have a PKI with no CA key for signing new
certs or revoking existing ones.
Suppose this happens in a production environment of some CA
At 11:09 PM +0200 7/14/09, Weger, B.M.M. de wrote:
Any other problems? Maybe something with key rollover or
interoperability?
Bingo. Key rollover has been thinly tested in relying parties.
--Paul Hoffman, Director
--VPN Consortium
On Tue, Jul 14, 2009 at 11:09:41PM +0200, Weger, B.M.M. de wrote:
Suppose this happens in a production environment of some CA
(root or not), how big a problem is this? I can see two issues:
- they have to build a new CA and distribute its certificate
to all users, which is annoying and maybe
Weger, B.M.M. de wrote:
- if they rely on the CA for signing CRLs (or whatever
revocation mechanism they're using) then they have to find
some other way to revoke existing certificates.
...
Seems to me that for signing CRLs it's better to have a separate
Revocation Authority (whose
We are pleased to announce that we have set a new record for the elliptic
curve discrete logarithm problem (ECDLP) by solving it over a 112-bit
finite field. The previous record was for a 109-bit prime field and
dates back from October 2002.
First of all congratulations to the team at EPFL!
11 matches
Mail list logo